Search...

Debian Security Advisory DSA 2025-1 (icedove)

2010-04-06T00:00:00

ID OPENVAS:67209
Type openvas
Reporter Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com
Modified 2017-07-07T00:00:00

Description

The remote host is missing an update to icedove announced via advisory DSA 2025-1.

                                        
                                            # OpenVAS Vulnerability Test
# $Id: deb_2025_1.nasl 6614 2017-07-07 12:09:12Z cfischer $
# Description: Auto-generated from advisory DSA 2025-1 (icedove)
#
# Authors:
# Thomas Reinke &lt;reinke@securityspace.com&gt;
#
# Copyright:
# Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com
# Text descriptions are largely excerpted from the referenced
# advisory, and are Copyright (c) the respective author(s)
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2,
# or at your option, GNU General Public License version 3,
# as published by the Free Software Foundation
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
#

include("revisions-lib.inc");
tag_insight = "Several remote vulnerabilities have been discovered in the Icedove
mail client, an unbranded version of the Thunderbird mail client. The
Common Vulnerabilities and Exposures project identifies the following
problems:

CVE-2009-2408

Dan Kaminsky and Moxie Marlinspike discovered that icedove does not
properly handle a '\0' character in a domain name in the subject's
Common Name (CN) field of an X.509 certificate (MFSA 2009-42).

CVE-2009-2404

Moxie Marlinspike reported a heap overflow vulnerability in the code
that handles regular expressions in certificate names (MFSA 2009-43).

CVE-2009-2463

monarch2020 discovered an integer overflow n a base64 decoding function
(MFSA 2010-07).

CVE-2009-3072

Josh Soref discovered a crash in the BinHex decoder (MFSA 2010-07).

CVE-2009-3075

Carsten Book reported a crash in the JavaScript engine (MFSA 2010-07).

CVE-2010-0163

Ludovic Hirlimann reported a crash indexing some messages with
attachments, which could lead to the execution of arbitrary code
(MFSA 2010-07).


For the stable distribution (lenny), these problems have been fixed in
version 2.0.0.24-0lenny1.

Due to a problem with the archive system it is not possible to release
all architectures. The missing architectures will be installed into the
archive once they become available.

For the testing distribution squeeze and the unstable distribution (sid),
these problems will be fixed soon.


We recommend that you upgrade your icedove packages.";
tag_summary = "The remote host is missing an update to icedove
announced via advisory DSA 2025-1.";

tag_solution = "https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202025-1";


if(description)
{
 script_id(67209);
 script_version("$Revision: 6614 $");
 script_tag(name:"last_modification", value:"$Date: 2017-07-07 14:09:12 +0200 (Fri, 07 Jul 2017) $");
 script_tag(name:"creation_date", value:"2010-04-06 21:31:38 +0200 (Tue, 06 Apr 2010)");
 script_cve_id("CVE-2009-2408", "CVE-2009-2404", "CVE-2009-2463", "CVE-2009-3072", "CVE-2009-3075", "CVE-2010-0163");
 script_tag(name:"cvss_base", value:"10.0");
 script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:C/A:C");
 script_name("Debian Security Advisory DSA 2025-1 (icedove)");



 script_category(ACT_GATHER_INFO);

 script_copyright("Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com");
 script_family("Debian Local Security Checks");
 script_dependencies("gather-package-list.nasl");
 script_mandatory_keys("ssh/login/debian_linux", "ssh/login/packages");
 script_tag(name : "solution" , value : tag_solution);
 script_tag(name : "insight" , value : tag_insight);
 script_tag(name : "summary" , value : tag_summary);
 script_tag(name:"qod_type", value:"package");
 script_tag(name:"solution_type", value:"VendorFix");
 exit(0);
}

#
# The script code starts here
#

include("pkg-lib-deb.inc");

res = "";
report = "";
if ((res = isdpkgvuln(pkg:"icedove-dev", ver:"2.0.0.24-0lenny1", rls:"DEB5.0")) != NULL) {
    report += res;
}
if ((res = isdpkgvuln(pkg:"icedove-gnome-support", ver:"2.0.0.24-0lenny1", rls:"DEB5.0")) != NULL) {
    report += res;
}
if ((res = isdpkgvuln(pkg:"icedove-dbg", ver:"2.0.0.24-0lenny1", rls:"DEB5.0")) != NULL) {
    report += res;
}
if ((res = isdpkgvuln(pkg:"icedove", ver:"2.0.0.24-0lenny1", rls:"DEB5.0")) != NULL) {
    report += res;
}

if (report != "") {
    security_message(data:report);
} else if (__pkg_match) {
    exit(99); # Not vulnerable.
}

JSON Vulners Source

Initial Source

{"bulletinFamily": "scanner", "viewCount": 0, "naslFamily": "Debian Local Security Checks", "reporter": "Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com", "references": [], "description": "The remote host is missing an update to icedove\nannounced via advisory DSA 2025-1.", "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cvelist", "hash": "911762b647acf60e0ac514be4326a753"}, {"key": "cvss", "hash": "2bdabeb49c44761f9565717ab0e38165"}, {"key": "description", "hash": "577bdc46f9c0d1a1ba605ad4a6418e48"}, {"key": "href", "hash": "a98533fc36fda90b22e98d2b176a301b"}, {"key": "modified", "hash": "d89cc672a6266551218ef8145d1f22e2"}, {"key": "naslFamily", "hash": "74562d71b087df9eabd0c21f99b132cc"}, {"key": "pluginID", "hash": "2798729756de2bfb4233aa2b26fc93b1"}, {"key": "published", "hash": "bca73a9789d0ea23d460e1c50048e34c"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "7881f1f14ba7327b744ea154202aac85"}, {"key": "sourceData", "hash": "d9e2b406298720e2f527b96167bf72ac"}, {"key": "title", "hash": "240efdf1f5f6616445275ba65cd27396"}, {"key": "type", "hash": "47c1f692ea47a21f716dad07043ade01"}], "href": "http://plugins.openvas.org/nasl.php?oid=67209", "modified": "2017-07-07T00:00:00", "objectVersion": "1.3", "enchantments": {"score": {"value": 9.0, "vector": "NONE", "modified": "2017-07-24T12:49:09"}, "dependencies": {"references": [{"type": "debian", "idList": ["DEBIAN:DSA-2025-1:6CC79", "DEBIAN:DSA-1874-1:56C30"]}, {"type": "nessus", "idList": ["DEBIAN_DSA-2025.NASL", "SUSE_11_1_LIBFREEBL3-090812.NASL", "SUSE9_12521.NASL", "SUSE_MOZILLA-NSPR-6541.NASL", "SUSE_11_0_LIBFREEBL3-090812.NASL", "SUSE_LIBFREEBL3-6494.NASL", "SEAMONKEY_1118.NASL", "SUSE_11_LIBFREEBL3-090812.NASL", "MOZILLA_THUNDERBIRD_20024.NASL", "SUSE_11_0_MOZILLATHUNDERBIRD-100324.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:136141256231067209", "OPENVAS:136141256231066076", "OPENVAS:65705", "OPENVAS:136141256231066072", "OPENVAS:66076", "OPENVAS:136141256231065705", "OPENVAS:66072", "OPENVAS:1361412562310840402", "OPENVAS:840402", "OPENVAS:136141256231064604"]}, {"type": "cve", "idList": ["CVE-2009-2463", "CVE-2009-2404", "CVE-2009-2408", "CVE-2009-3072", "CVE-2009-3075", "CVE-2010-0163"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:23546"]}, {"type": "ubuntu", "idList": ["USN-915-1", "USN-810-1", "USN-810-3", "USN-810-2"]}, {"type": "oraclelinux", "idList": ["ELSA-2009-1184", "ELSA-2009-1186"]}, {"type": "redhat", "idList": ["RHSA-2009:1184", "RHSA-2009:1186", "RHSA-2009:1190", "RHSA-2009:1207", "RHSA-2009:1432"]}, {"type": "freebsd", "idList": ["56CFE192-329F-11DF-ABB2-000F20797EDE"]}, {"type": "centos", "idList": ["CESA-2009:1432"]}], "modified": "2017-07-24T12:49:09"}, "vulnersScore": 9.0}, "id": "OPENVAS:67209", "title": "Debian Security Advisory DSA 2025-1 (icedove)", "hash": "24a478f8089e8c3c54b7a11365a0998af34b47ab140efe5691174a255e07187b", "edition": 2, "published": "2010-04-06T00:00:00", "type": "openvas", "history": [{"lastseen": "2017-07-02T21:09:52", "bulletin": {"hash": "9322957a16afaae9212424cb94b0a8a935de9735131476806016ca7c74d70e93", "viewCount": 0, "reporter": "Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com", "references": [], "description": "The remote host is missing an update to icedove\nannounced via advisory DSA 2025-1.", "hashmap": [{"key": "published", "hash": "bca73a9789d0ea23d460e1c50048e34c"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "title", "hash": "240efdf1f5f6616445275ba65cd27396"}, {"key": "cvss", "hash": "2bdabeb49c44761f9565717ab0e38165"}, {"key": "cvelist", "hash": "911762b647acf60e0ac514be4326a753"}, {"key": "modified", "hash": "cd8244214735e0d4739cabdfbeb71efe"}, {"key": "description", "hash": "577bdc46f9c0d1a1ba605ad4a6418e48"}, {"key": "reporter", "hash": "7881f1f14ba7327b744ea154202aac85"}, {"key": "type", "hash": "47c1f692ea47a21f716dad07043ade01"}, {"key": "sourceData", "hash": "b6af92cb776ab1f44b129ecaa75cb70e"}, {"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "href", "hash": "a98533fc36fda90b22e98d2b176a301b"}, {"key": "pluginID", "hash": "2798729756de2bfb4233aa2b26fc93b1"}, {"key": "naslFamily", "hash": "74562d71b087df9eabd0c21f99b132cc"}], "naslFamily": "Debian Local Security Checks", "modified": "2017-02-09T00:00:00", "objectVersion": "1.3", "href": "http://plugins.openvas.org/nasl.php?oid=67209", "published": "2010-04-06T00:00:00", "enchantments": {}, "id": "OPENVAS:67209", "title": "Debian Security Advisory DSA 2025-1 (icedove)", "bulletinFamily": "scanner", "edition": 1, "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2025_1.nasl 5245 2017-02-09 08:57:08Z teissa $\n# Description: Auto-generated from advisory DSA 2025-1 (icedove)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several remote vulnerabilities have been discovered in the Icedove\nmail client, an unbranded version of the Thunderbird mail client. The\nCommon Vulnerabilities and Exposures project identifies the following\nproblems:\n\nCVE-2009-2408\n\nDan Kaminsky and Moxie Marlinspike discovered that icedove does not\nproperly handle a '\\0' character in a domain name in the subject's\nCommon Name (CN) field of an X.509 certificate (MFSA 2009-42).\n\nCVE-2009-2404\n\nMoxie Marlinspike reported a heap overflow vulnerability in the code\nthat handles regular expressions in certificate names (MFSA 2009-43).\n\nCVE-2009-2463\n\nmonarch2020 discovered an integer overflow n a base64 decoding function\n(MFSA 2010-07).\n\nCVE-2009-3072\n\nJosh Soref discovered a crash in the BinHex decoder (MFSA 2010-07).\n\nCVE-2009-3075\n\nCarsten Book reported a crash in the JavaScript engine (MFSA 2010-07).\n\nCVE-2010-0163\n\nLudovic Hirlimann reported a crash indexing some messages with\nattachments, which could lead to the execution of arbitrary code\n(MFSA 2010-07).\n\n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 2.0.0.24-0lenny1.\n\nDue to a problem with the archive system it is not possible to release\nall architectures. The missing architectures will be installed into the\narchive once they become available.\n\nFor the testing distribution squeeze and the unstable distribution (sid),\nthese problems will be fixed soon.\n\n\nWe recommend that you upgrade your icedove packages.\";\ntag_summary = \"The remote host is missing an update to icedove\nannounced via advisory DSA 2025-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202025-1\";\n\n\nif(description)\n{\n script_id(67209);\n script_version(\"$Revision: 5245 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-09 09:57:08 +0100 (Thu, 09 Feb 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-04-06 21:31:38 +0200 (Tue, 06 Apr 2010)\");\n script_cve_id(\"CVE-2009-2408\", \"CVE-2009-2404\", \"CVE-2009-2463\", \"CVE-2009-3072\", \"CVE-2009-3075\", \"CVE-2010-0163\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Debian Security Advisory DSA 2025-1 (icedove)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"HostDetails/OS/cpe:/o:debian:debian_linux\", \"login/SSH/success\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"icedove-dev\", ver:\"2.0.0.24-0lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-gnome-support\", ver:\"2.0.0.24-0lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-dbg\", ver:\"2.0.0.24-0lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove\", ver:\"2.0.0.24-0lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "type": "openvas", "history": [], "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "cvelist": ["CVE-2009-2408", "CVE-2009-3072", "CVE-2009-2463", "CVE-2009-3075", "CVE-2010-0163", "CVE-2009-2404"], "lastseen": "2017-07-02T21:09:52", "pluginID": "67209"}, "differentElements": ["modified", "sourceData"], "edition": 1}], "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "cvelist": ["CVE-2009-2408", "CVE-2009-3072", "CVE-2009-2463", "CVE-2009-3075", "CVE-2010-0163", "CVE-2009-2404"], "lastseen": "2017-07-24T12:49:09", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2025_1.nasl 6614 2017-07-07 12:09:12Z cfischer $\n# Description: Auto-generated from advisory DSA 2025-1 (icedove)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several remote vulnerabilities have been discovered in the Icedove\nmail client, an unbranded version of the Thunderbird mail client. The\nCommon Vulnerabilities and Exposures project identifies the following\nproblems:\n\nCVE-2009-2408\n\nDan Kaminsky and Moxie Marlinspike discovered that icedove does not\nproperly handle a '\\0' character in a domain name in the subject's\nCommon Name (CN) field of an X.509 certificate (MFSA 2009-42).\n\nCVE-2009-2404\n\nMoxie Marlinspike reported a heap overflow vulnerability in the code\nthat handles regular expressions in certificate names (MFSA 2009-43).\n\nCVE-2009-2463\n\nmonarch2020 discovered an integer overflow n a base64 decoding function\n(MFSA 2010-07).\n\nCVE-2009-3072\n\nJosh Soref discovered a crash in the BinHex decoder (MFSA 2010-07).\n\nCVE-2009-3075\n\nCarsten Book reported a crash in the JavaScript engine (MFSA 2010-07).\n\nCVE-2010-0163\n\nLudovic Hirlimann reported a crash indexing some messages with\nattachments, which could lead to the execution of arbitrary code\n(MFSA 2010-07).\n\n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 2.0.0.24-0lenny1.\n\nDue to a problem with the archive system it is not possible to release\nall architectures. The missing architectures will be installed into the\narchive once they become available.\n\nFor the testing distribution squeeze and the unstable distribution (sid),\nthese problems will be fixed soon.\n\n\nWe recommend that you upgrade your icedove packages.\";\ntag_summary = \"The remote host is missing an update to icedove\nannounced via advisory DSA 2025-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202025-1\";\n\n\nif(description)\n{\n script_id(67209);\n script_version(\"$Revision: 6614 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:09:12 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-04-06 21:31:38 +0200 (Tue, 06 Apr 2010)\");\n script_cve_id(\"CVE-2009-2408\", \"CVE-2009-2404\", \"CVE-2009-2463\", \"CVE-2009-3072\", \"CVE-2009-3075\", \"CVE-2010-0163\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Debian Security Advisory DSA 2025-1 (icedove)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"icedove-dev\", ver:\"2.0.0.24-0lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-gnome-support\", ver:\"2.0.0.24-0lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-dbg\", ver:\"2.0.0.24-0lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove\", ver:\"2.0.0.24-0lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "pluginID": "67209"}

{"debian": [{"lastseen": "2019-05-30T02:21:53", "bulletinFamily": "unix", "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-2025-1 security@debian.org\nhttp://www.debian.org/security/ Steffen Joeris\nMarch 31, 2010 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : icedove \nVulnerability : several vulnerabilities \nProblem type : remote \nDebian-specific: no \nCVE IDs : CVE-2009-2408 CVE-2009-2404 CVE-2009-2463 \n CVE-2009-3072 CVE-2009-3075 CVE-2010-0163\n\nSeveral remote vulnerabilities have been discovered in the Icedove\nmail client, an unbranded version of the Thunderbird mail client. The\nCommon Vulnerabilities and Exposures project identifies the following\nproblems:\n\nCVE-2009-2408\n\nDan Kaminsky and Moxie Marlinspike discovered that icedove does not\nproperly handle a '\\0' character in a domain name in the subject's\nCommon Name (CN) field of an X.509 certificate (MFSA 2009-42).\n\nCVE-2009-2404\n\nMoxie Marlinspike reported a heap overflow vulnerability in the code\nthat handles regular expressions in certificate names (MFSA 2009-43).\n\nCVE-2009-2463\n\nmonarch2020 discovered an integer overflow n a base64 decoding function\n(MFSA 2010-07).\n\nCVE-2009-3072\n\nJosh Soref discovered a crash in the BinHex decoder (MFSA 2010-07).\n\nCVE-2009-3075\n\nCarsten Book reported a crash in the JavaScript engine (MFSA 2010-07).\n\nCVE-2010-0163\n\nLudovic Hirlimann reported a crash indexing some messages with\nattachments, which could lead to the execution of arbitrary code\n(MFSA 2010-07).\n\n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 2.0.0.24-0lenny1.\n\nDue to a problem with the archive system it is not possible to release\nall architectures. The missing architectures will be installed into the\narchive once they become available.\n\nFor the testing distribution squeeze and the unstable distribution (sid),\nthese problems will be fixed soon.\n\n\nWe recommend that you upgrade your icedove packages.\n\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 4.0 alias etch\n- -------------------------------\n\nDebian GNU/Linux 5.0 alias lenny\n- --------------------------------\n\nDebian (stable)\n- ---------------\n\nStable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/i/icedove/icedove_2.0.0.24.orig.tar.gz\n Size/MD5 checksum: 35856543 3bf6e40cddf593ddc1a66b9e721f12b9\n http://security.debian.org/pool/updates/main/i/icedove/icedove_2.0.0.24-0lenny1.dsc\n Size/MD5 checksum: 1668 111c1a93c1ce498715e231272123f841\n http://security.debian.org/pool/updates/main/i/icedove/icedove_2.0.0.24-0lenny1.diff.gz\n Size/MD5 checksum: 103260 4661b0c8c170d58f844337699cb8ca1a\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_2.0.0.24-0lenny1_alpha.deb\n Size/MD5 checksum: 3723382 12c7fe63b0a5c59680ca36200a6f7d20\n http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_2.0.0.24-0lenny1_alpha.deb\n Size/MD5 checksum: 61132 c0f96569d4ea0f01cff3950572b3dda9\n http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_2.0.0.24-0lenny1_alpha.deb\n Size/MD5 checksum: 57375560 95a614e1cb620fad510eb51ae5cb37c5\n http://security.debian.org/pool/updates/main/i/icedove/icedove_2.0.0.24-0lenny1_alpha.deb\n Size/MD5 checksum: 13468190 03a629abf18130605927f5817b097bac\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_2.0.0.24-0lenny1_amd64.deb\n Size/MD5 checksum: 57584134 7d909c9f1b67d4758e290dc2c1dc01f2\n http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_2.0.0.24-0lenny1_amd64.deb\n Size/MD5 checksum: 3937168 de9dda16f94e696de897bec6c8d45f90\n http://security.debian.org/pool/updates/main/i/icedove/icedove_2.0.0.24-0lenny1_amd64.deb\n Size/MD5 checksum: 12384488 8d1632f7511c711a1d2ea940f7e451a2\n http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_2.0.0.24-0lenny1_amd64.deb\n Size/MD5 checksum: 59114 fae947071c0de6ebce316decbce61f9a\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_2.0.0.24-0lenny1_arm.deb\n Size/MD5 checksum: 3929902 5ab6f673b34770278270fb7862986b0b\n http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_2.0.0.24-0lenny1_arm.deb\n Size/MD5 checksum: 53746 c9c53e8a42d85fe5f4fa8e2a85e55629\n http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_2.0.0.24-0lenny1_arm.deb\n Size/MD5 checksum: 56491578 8eb38c6f99c501556506ac6790833941\n http://security.debian.org/pool/updates/main/i/icedove/icedove_2.0.0.24-0lenny1_arm.deb\n Size/MD5 checksum: 10943350 d7c0badfe9210ce5341eb17ab7e71ca2\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_2.0.0.24-0lenny1_hppa.deb\n Size/MD5 checksum: 3944678 2a9dc50b61420b4fdf8f3a4d378bb484\n http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_2.0.0.24-0lenny1_hppa.deb\n Size/MD5 checksum: 60554 7dcd739363cff3cc4bda659b82856536\n http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_2.0.0.24-0lenny1_hppa.deb\n Size/MD5 checksum: 58523174 6780e8f9de0f2ed0c3bd533d03853d85\n http://security.debian.org/pool/updates/main/i/icedove/icedove_2.0.0.24-0lenny1_hppa.deb\n Size/MD5 checksum: 13952170 88674f31191b07cd76ea5d366c545f1d\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/i/icedove/icedove_2.0.0.24-0lenny1_i386.deb\n Size/MD5 checksum: 10951904 52ce1587c6eb95b7f8b63ccedf224d88\n http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_2.0.0.24-0lenny1_i386.deb\n Size/MD5 checksum: 54838 101de9e837bea9391461074481bf770f\n http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_2.0.0.24-0lenny1_i386.deb\n Size/MD5 checksum: 3924810 6ecf3693cce2ae97fd0bbdafc1ff06f6\n http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_2.0.0.24-0lenny1_i386.deb\n Size/MD5 checksum: 56543048 73d1684cf69bed0441393abb46610433\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_2.0.0.24-0lenny1_ia64.deb\n Size/MD5 checksum: 3756914 615afd30bf893d2d32bbacedf1f7ff8e\n http://security.debian.org/pool/updates/main/i/icedove/icedove_2.0.0.24-0lenny1_ia64.deb\n Size/MD5 checksum: 16545566 0444c7198e94ab59e103e60bf86a2aa2\n http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_2.0.0.24-0lenny1_ia64.deb\n Size/MD5 checksum: 66302 f8800140b3797d4a4267a5dac0043995\n http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_2.0.0.24-0lenny1_ia64.deb\n Size/MD5 checksum: 57199564 5df5808f91ecdf6ac49f0e922b1a0234\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/i/icedove/icedove_2.0.0.24-0lenny1_powerpc.deb\n Size/MD5 checksum: 12112586 4b40106b68670c726624348c0cb8bd1f\n http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_2.0.0.24-0lenny1_powerpc.deb\n Size/MD5 checksum: 59511730 226cdd43af9dffb4132002044120769c\n http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_2.0.0.24-0lenny1_powerpc.deb\n Size/MD5 checksum: 56670 72e58731ac68f2c599704a3e7ca45d4c\n http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_2.0.0.24-0lenny1_powerpc.deb\n Size/MD5 checksum: 3942470 e8454d41a095226a2d252f10da795d96\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n", "modified": "2010-03-31T08:42:01", "published": "2010-03-31T08:42:01", "id": "DEBIAN:DSA-2025-1:6CC79", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2010/msg00065.html", "title": "[SECURITY] [DSA 2025-1] New icedove packages fix several vulnerabilities", "type": "debian", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-30T02:21:36", "bulletinFamily": "unix", "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-1874-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nAugust 26, 2009 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : nss\nVulnerability : several\nProblem type : local(remote)\nDebian-specific: no\nCVE Id(s) : CVE-2009-2404 CVE-2009-2408 CVE-2009-2409\n\nSeveral vulnerabilities have been discovered in the Network Security\nService libraries. The Common Vulnerabilities and Exposures project\nidentifies the following problems:\n\nCVE-2009-2404\n\n Moxie Marlinspike discovered that a buffer overflow in the regular\n expression parser could lead to the execution of arbitrary code.\n\nCVE-2009-2408\n\n Dan Kaminsky discovered that NULL characters in certificate\n names could lead to man-in-the-middle attacks by tricking the user\n into accepting a rogue certificate.\n\nCVE-2009-2409\n\n Certificates with MD2 hash signatures are no longer accepted\n since they're no longer considered cryptograhically secure.\n\n\nThe old stable distribution (etch) doesn't contain nss.\n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 3.12.3.1-0lenny1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 3.12.3.1-1.\n\nWe recommend that you upgrade your nss packages.\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 5.0 alias lenny\n- --------------------------------\n\nStable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/n/nss/nss_3.12.3.1-0lenny1.dsc\n Size/MD5 checksum: 1401 1dbc1107598064214fa689733495c56c\n http://security.debian.org/pool/updates/main/n/nss/nss_3.12.3.1.orig.tar.gz\n Size/MD5 checksum: 5320607 750839c9c018a0984fd94f7a9cc3dd7f\n http://security.debian.org/pool/updates/main/n/nss/nss_3.12.3.1-0lenny1.diff.gz\n Size/MD5 checksum: 52489 96f62370296f7d18a9748429ac99525f\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/n/nss/libnss3-1d-dbg_3.12.3.1-0lenny1_alpha.deb\n Size/MD5 checksum: 3048842 6b764e28ae56542572a4275e50c4d303\n http://security.debian.org/pool/updates/main/n/nss/libnss3-dev_3.12.3.1-0lenny1_alpha.deb\n Size/MD5 checksum: 267250 b00f4c63a8d27a54fb562029411daf0e\n http://security.debian.org/pool/updates/main/n/nss/libnss3-1d_3.12.3.1-0lenny1_alpha.deb\n Size/MD5 checksum: 1204106 c8ba098d6cc0af39ab93cd728ca7bb19\n http://security.debian.org/pool/updates/main/n/nss/libnss3-tools_3.12.3.1-0lenny1_alpha.deb\n Size/MD5 checksum: 342544 2191bbcd5708f719392c8489bde7a0c6\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/n/nss/libnss3-dev_3.12.3.1-0lenny1_amd64.deb\n Size/MD5 checksum: 256944 7a31770b748ff56ba45ac55044960b6d\n http://security.debian.org/pool/updates/main/n/nss/libnss3-1d_3.12.3.1-0lenny1_amd64.deb\n Size/MD5 checksum: 1069628 eea22c2ccef5375689fe581de8152a61\n http://security.debian.org/pool/updates/main/n/nss/libnss3-tools_3.12.3.1-0lenny1_amd64.deb\n Size/MD5 checksum: 321374 1b86ac1f27fee3287f1418973595a4e9\n http://security.debian.org/pool/updates/main/n/nss/libnss3-1d-dbg_3.12.3.1-0lenny1_amd64.deb\n Size/MD5 checksum: 3099080 f4112f9f06d87e6139097a27e1419664\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/n/nss/libnss3-1d-dbg_3.12.3.1-0lenny1_arm.deb\n Size/MD5 checksum: 2900162 21604ffa61b7f5049f0f919030fec0f0\n http://security.debian.org/pool/updates/main/n/nss/libnss3-1d_3.12.3.1-0lenny1_arm.deb\n Size/MD5 checksum: 1011344 78bc0d853274ca2fc9f36752ed9f9c51\n http://security.debian.org/pool/updates/main/n/nss/libnss3-tools_3.12.3.1-0lenny1_arm.deb\n Size/MD5 checksum: 308766 e7547e80f6726b91611f9b92d83aa6b3\n http://security.debian.org/pool/updates/main/n/nss/libnss3-dev_3.12.3.1-0lenny1_arm.deb\n Size/MD5 checksum: 254374 ead00e7f25c47cc4b8b1ed99801c4ab9\n\narmel architecture (ARM EABI)\n\n http://security.debian.org/pool/updates/main/n/nss/libnss3-dev_3.12.3.1-0lenny1_armel.deb\n Size/MD5 checksum: 257820 a17086cca6fdaf26e5a6b3fb84ae476d\n http://security.debian.org/pool/updates/main/n/nss/libnss3-tools_3.12.3.1-0lenny1_armel.deb\n Size/MD5 checksum: 308198 f24e01f4b2396193a314a965555374e8\n http://security.debian.org/pool/updates/main/n/nss/libnss3-1d_3.12.3.1-0lenny1_armel.deb\n Size/MD5 checksum: 1017054 d1086599e6a1904548804d538f90c810\n http://security.debian.org/pool/updates/main/n/nss/libnss3-1d-dbg_3.12.3.1-0lenny1_armel.deb\n Size/MD5 checksum: 2923084 b5e1d56b749941124c8b91f063d44c19\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/n/nss/libnss3-dev_3.12.3.1-0lenny1_hppa.deb\n Size/MD5 checksum: 263122 b611c51dae677b42befac5f2e638d941\n http://security.debian.org/pool/updates/main/n/nss/libnss3-tools_3.12.3.1-0lenny1_hppa.deb\n Size/MD5 checksum: 347148 c725c156c6cd17d09421e066548c673d\n http://security.debian.org/pool/updates/main/n/nss/libnss3-1d_3.12.3.1-0lenny1_hppa.deb\n Size/MD5 checksum: 1169014 d5858e4c11ca0b88f59c24af1a251eea\n http://security.debian.org/pool/updates/main/n/nss/libnss3-1d-dbg_3.12.3.1-0lenny1_hppa.deb\n Size/MD5 checksum: 2948790 92a46a3cd9b2db3c7f0d07d817a03ba4\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/n/nss/libnss3-1d_3.12.3.1-0lenny1_i386.deb\n Size/MD5 checksum: 957706 21a666157a0a208d8405df062b3276d2\n http://security.debian.org/pool/updates/main/n/nss/libnss3-tools_3.12.3.1-0lenny1_i386.deb\n Size/MD5 checksum: 304016 9771905fcb4acd6855158c8645722762\n http://security.debian.org/pool/updates/main/n/nss/libnss3-1d-dbg_3.12.3.1-0lenny1_i386.deb\n Size/MD5 checksum: 2913468 89b7116120a075a7795615d062bd7450\n http://security.debian.org/pool/updates/main/n/nss/libnss3-dev_3.12.3.1-0lenny1_i386.deb\n Size/MD5 checksum: 254478 7747ea82c2d9e93c6a610d60094fb316\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/n/nss/libnss3-dev_3.12.3.1-0lenny1_ia64.deb\n Size/MD5 checksum: 267008 94a0fe98c183a728df7e64826f8b2c46\n http://security.debian.org/pool/updates/main/n/nss/libnss3-tools_3.12.3.1-0lenny1_ia64.deb\n Size/MD5 checksum: 410780 a834a4f57ddc003570c6eaaafbc87032\n http://security.debian.org/pool/updates/main/n/nss/libnss3-1d-dbg_3.12.3.1-0lenny1_ia64.deb\n Size/MD5 checksum: 2797788 1a1f375f7713f69acdf01e77f779b28b\n http://security.debian.org/pool/updates/main/n/nss/libnss3-1d_3.12.3.1-0lenny1_ia64.deb\n Size/MD5 checksum: 1489492 a468da7ac4219e564793d06978a6be07\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/n/nss/libnss3-dev_3.12.3.1-0lenny1_mips.deb\n Size/MD5 checksum: 257808 fc1a4db95e71876cf0ffbe0b49327148\n http://security.debian.org/pool/updates/main/n/nss/libnss3-1d-dbg_3.12.3.1-0lenny1_mips.deb\n Size/MD5 checksum: 3049346 fc35475e7157e1859c154556ecb648b3\n http://security.debian.org/pool/updates/main/n/nss/libnss3-tools_3.12.3.1-0lenny1_mips.deb\n Size/MD5 checksum: 318740 fbafbce5a6d9498d8cd1fe1d8f1eaebc\n http://security.debian.org/pool/updates/main/n/nss/libnss3-1d_3.12.3.1-0lenny1_mips.deb\n Size/MD5 checksum: 1038702 0723e7d8621b7d65517cc3945a9790be\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/n/nss/libnss3-1d_3.12.3.1-0lenny1_mipsel.deb\n Size/MD5 checksum: 1028286 81e4bcd025b2ee3996de08b9fdb0b23a\n http://security.debian.org/pool/updates/main/n/nss/libnss3-tools_3.12.3.1-0lenny1_mipsel.deb\n Size/MD5 checksum: 317082 8b16e198a97ffb60df698767fef8cc35\n http://security.debian.org/pool/updates/main/n/nss/libnss3-1d-dbg_3.12.3.1-0lenny1_mipsel.deb\n Size/MD5 checksum: 2999704 d1f9bf1211ec7aa9458dcdd673a4a709\n http://security.debian.org/pool/updates/main/n/nss/libnss3-dev_3.12.3.1-0lenny1_mipsel.deb\n Size/MD5 checksum: 257740 82ed6773d6e942a70f1274e4a241bdd9\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/n/nss/libnss3-dev_3.12.3.1-0lenny1_powerpc.deb\n Size/MD5 checksum: 255174 6abcf8f6d427c29f704ca156dc201113\n http://security.debian.org/pool/updates/main/n/nss/libnss3-1d_3.12.3.1-0lenny1_powerpc.deb\n Size/MD5 checksum: 1029684 997fec6bb01c10e9e3c6aa15f0f78386\n http://security.debian.org/pool/updates/main/n/nss/libnss3-tools_3.12.3.1-0lenny1_powerpc.deb\n Size/MD5 checksum: 334590 1c8056037d5bccdad7977b49d3910065\n http://security.debian.org/pool/updates/main/n/nss/libnss3-1d-dbg_3.12.3.1-0lenny1_powerpc.deb\n Size/MD5 checksum: 2946754 1739d7e55a79d8e85dc5e668180846ae\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/n/nss/libnss3-1d_3.12.3.1-0lenny1_s390.deb\n Size/MD5 checksum: 1178522 0e72b044e78bca218a8d55c20c16e8d5\n http://security.debian.org/pool/updates/main/n/nss/libnss3-1d-dbg_3.12.3.1-0lenny1_s390.deb\n Size/MD5 checksum: 3020690 7115f25dbf7c31c55e768d48a29c8b46\n http://security.debian.org/pool/updates/main/n/nss/libnss3-dev_3.12.3.1-0lenny1_s390.deb\n Size/MD5 checksum: 258572 f8bf00777c295c76b0071a1354b011fa\n http://security.debian.org/pool/updates/main/n/nss/libnss3-tools_3.12.3.1-0lenny1_s390.deb\n Size/MD5 checksum: 346234 accf6855c0b8ea6d087bf062b2ac1d7b\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/n/nss/libnss3-tools_3.12.3.1-0lenny1_sparc.deb\n Size/MD5 checksum: 317482 f2f321d58890c1edb386ebc224ac052e\n http://security.debian.org/pool/updates/main/n/nss/libnss3-1d_3.12.3.1-0lenny1_sparc.deb\n Size/MD5 checksum: 996192 cf17776aa8674a8c7e71527b6534b0e2\n http://security.debian.org/pool/updates/main/n/nss/libnss3-dev_3.12.3.1-0lenny1_sparc.deb\n Size/MD5 checksum: 257464 2452b9eef9a3c0b786d4dc4afc2d16ae\n http://security.debian.org/pool/updates/main/n/nss/libnss3-1d-dbg_3.12.3.1-0lenny1_sparc.deb\n Size/MD5 checksum: 2712012 910e98017dabb5adcc109f05f94b1a56\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n", "modified": "2009-08-26T19:01:51", "published": "2009-08-26T19:01:51", "id": "DEBIAN:DSA-1874-1:56C30", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2009/msg00192.html", "title": "[SECURITY] [DSA 1874-1] New nss packages fix several vulnerabilities", "type": "debian", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2019-02-21T01:13:13", "bulletinFamily": "scanner", "description": "Several remote vulnerabilities have been discovered in the Icedove mail client, an unbranded version of the Thunderbird mail client. The Common Vulnerabilities and Exposures project identifies the following problems :\n\n - CVE-2009-2408 Dan Kaminsky and Moxie Marlinspike discovered that icedove does not properly handle a '\\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate (MFSA 2009-42).\n\n - CVE-2009-2404 Moxie Marlinspike reported a heap overflow vulnerability in the code that handles regular expressions in certificate names (MFSA 2009-43).\n\n - CVE-2009-2463 monarch2020 discovered an integer overflow in a base64 decoding function (MFSA 2010-07).\n\n - CVE-2009-3072 Josh Soref discovered a crash in the BinHex decoder (MFSA 2010-07).\n\n - CVE-2009-3075 Carsten Book reported a crash in the JavaScript engine (MFSA 2010-07).\n\n - CVE-2010-0163 Ludovic Hirlimann reported a crash indexing some messages with attachments, which could lead to the execution of arbitrary code (MFSA 2010-07).", "modified": "2018-11-10T00:00:00", "id": "DEBIAN_DSA-2025.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=45397", "published": "2010-04-01T00:00:00", "title": "Debian DSA-2025-1 : icedove - several vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2025. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(45397);\n script_version(\"1.17\");\n script_cvs_date(\"Date: 2018/11/10 11:49:34\");\n\n script_cve_id(\"CVE-2009-2404\", \"CVE-2009-2408\", \"CVE-2009-2463\", \"CVE-2009-3072\", \"CVE-2009-3075\", \"CVE-2010-0163\");\n script_bugtraq_id(35769, 35888, 35891, 36343, 38831);\n script_xref(name:\"DSA\", value:\"2025\");\n\n script_name(english:\"Debian DSA-2025-1 : icedove - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several remote vulnerabilities have been discovered in the Icedove\nmail client, an unbranded version of the Thunderbird mail client. The\nCommon Vulnerabilities and Exposures project identifies the following\nproblems :\n\n - CVE-2009-2408\n Dan Kaminsky and Moxie Marlinspike discovered that\n icedove does not properly handle a '\\0' character in a\n domain name in the subject's Common Name (CN) field of\n an X.509 certificate (MFSA 2009-42).\n\n - CVE-2009-2404\n Moxie Marlinspike reported a heap overflow vulnerability\n in the code that handles regular expressions in\n certificate names (MFSA 2009-43).\n\n - CVE-2009-2463\n monarch2020 discovered an integer overflow in a base64\n decoding function (MFSA 2010-07).\n\n - CVE-2009-3072\n Josh Soref discovered a crash in the BinHex decoder\n (MFSA 2010-07).\n\n - CVE-2009-3075\n Carsten Book reported a crash in the JavaScript engine\n (MFSA 2010-07).\n\n - CVE-2010-0163\n Ludovic Hirlimann reported a crash indexing some\n messages with attachments, which could lead to the\n execution of arbitrary code (MFSA 2010-07).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-2408\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-2404\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-2463\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-3072\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-3075\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2010-0163\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2010/dsa-2025\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the icedove packages.\n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 2.0.0.24-0lenny1.\n\nDue to a problem with the archive system it is not possible to release\nall architectures. The missing architectures will be installed into\nthe archive once they become available.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(119, 189, 310);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:5.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/03/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/04/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"5.0\", prefix:\"icedove\", reference:\"2.0.0.24-0lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"icedove-dbg\", reference:\"2.0.0.24-0lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"icedove-dev\", reference:\"2.0.0.24-0lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"icedove-gnome-support\", reference:\"2.0.0.24-0lenny1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:12:33", "bulletinFamily": "scanner", "description": "The Mozilla NSS and dependend libraries were updated to fix various issues.\n\nCVE-2009-2404 / MFSA 2009-43 : Heap-based buffer overflow in a regular-expression parser in Mozilla Network Security Services (NSS) before 3.12.3, as used in Firefox, Thunderbird, SeaMonkey, Evolution, Pidgin, and AOL Instant Messenger (AIM), allows remote SSL servers to cause a denial of service (application crash) or possibly execute arbitrary code via a long domain name in the subject's Common Name (CN) field of an X.509 certificate, related to the cert_TestHostName function.\n\nMFSA 2009-42 / CVE-2009-2408: IOActive security researcher Dan Kaminsky reported a mismatch in the treatment of domain names in SSL certificates between SSL clients and the Certificate Authorities (CA) which issue server certificates. In particular, if a malicious person requested a certificate for a host name with an invalid null character in it most CAs would issue the certificate if the requester owned the domain specified after the null, while most SSL clients (browsers) ignored that part of the name and used the unvalidated part in front of the null. This made it possible for attackers to obtain certificates that would function for any site they wished to target.\nThese certificates could be used to intercept and potentially alter encrypted communication between the client and a server such as sensitive bank account transactions. This vulnerability was independently reported to us by researcher Moxie Marlinspike who also noted that since Firefox relies on SSL to protect the integrity of security updates this attack could be used to serve malicious updates.", "modified": "2016-12-22T00:00:00", "id": "SUSE_LIBFREEBL3-6494.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=42013", "published": "2009-10-06T00:00:00", "title": "openSUSE 10 Security Update : libfreebl3 (libfreebl3-6494)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update libfreebl3-6494.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(42013);\n script_version (\"$Revision: 1.8 $\");\n script_cvs_date(\"$Date: 2016/12/22 20:42:27 $\");\n\n script_cve_id(\"CVE-2009-2404\", \"CVE-2009-2408\");\n\n script_name(english:\"openSUSE 10 Security Update : libfreebl3 (libfreebl3-6494)\");\n script_summary(english:\"Check for the libfreebl3-6494 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Mozilla NSS and dependend libraries were updated to fix various\nissues.\n\nCVE-2009-2404 / MFSA 2009-43 : Heap-based buffer overflow in a\nregular-expression parser in Mozilla Network Security Services (NSS)\nbefore 3.12.3, as used in Firefox, Thunderbird, SeaMonkey, Evolution,\nPidgin, and AOL Instant Messenger (AIM), allows remote SSL servers to\ncause a denial of service (application crash) or possibly execute\narbitrary code via a long domain name in the subject's Common Name\n(CN) field of an X.509 certificate, related to the cert_TestHostName\nfunction.\n\nMFSA 2009-42 / CVE-2009-2408: IOActive security researcher Dan\nKaminsky reported a mismatch in the treatment of domain names in SSL\ncertificates between SSL clients and the Certificate Authorities (CA)\nwhich issue server certificates. In particular, if a malicious person\nrequested a certificate for a host name with an invalid null character\nin it most CAs would issue the certificate if the requester owned the\ndomain specified after the null, while most SSL clients (browsers)\nignored that part of the name and used the unvalidated part in front\nof the null. This made it possible for attackers to obtain\ncertificates that would function for any site they wished to target.\nThese certificates could be used to intercept and potentially alter\nencrypted communication between the client and a server such as\nsensitive bank account transactions. This vulnerability was\nindependently reported to us by researcher Moxie Marlinspike who also\nnoted that since Firefox relies on SSL to protect the integrity of\nsecurity updates this attack could be used to serve malicious updates.\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libfreebl3 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(119, 310);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreebl3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreebl3-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nspr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nspr-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nspr-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/09/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/10/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2016 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.3\", reference:\"libfreebl3-3.12.3.1-1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"mozilla-nspr-4.7.1-46.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"mozilla-nspr-devel-4.7.1-46.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"mozilla-nss-3.12.3.1-1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"mozilla-nss-devel-3.12.3.1-1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"mozilla-nss-tools-3.12.3.1-1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", cpu:\"x86_64\", reference:\"libfreebl3-32bit-3.12.3.1-1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", cpu:\"x86_64\", reference:\"mozilla-nspr-32bit-4.7.1-46.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", cpu:\"x86_64\", reference:\"mozilla-nss-32bit-3.12.3.1-1.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mozilla-nss\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:12:28", "bulletinFamily": "scanner", "description": "The Mozilla NSS security framework was updated to version 3.12.3.1.\n\n - Heap-based buffer overflow in a regular-expression parser in Mozilla Network Security Services (NSS) before 3.12.3, as used in Firefox, Thunderbird, SeaMonkey, Evolution, Pidgin, and AOL Instant Messenger (AIM), allows remote SSL servers to cause a denial of service (application crash) or possibly execute arbitrary code via a long domain name in the subject's Common Name (CN) field of an X.509 certificate, related to the cert_TestHostName function. (CVE-2009-2404 / MFSA 2009-43)\n\n - IOActive security researcher Dan Kaminsky reported a mismatch in the treatment of domain names in SSL certificates between SSL clients and the Certificate Authorities (CA) which issue server certificates. In particular, if a malicious person requested a certificate for a host name with an invalid null character in it most CAs would issue the certificate if the requester owned the domain specified after the null, while most SSL clients (browsers) ignored that part of the name and used the unvalidated part in front of the null. This made it possible for attackers to obtain certificates that would function for any site they wished to target. These certificates could be used to intercept and potentially alter encrypted communication between the client and a server such as sensitive bank account transactions. This vulnerability was independently reported to us by researcher Moxie Marlinspike who also noted that since Firefox relies on SSL to protect the integrity of security updates this attack could be used to serve malicious updates. (MFSA 2009-42 / CVE-2009-2408)", "modified": "2016-12-21T00:00:00", "id": "SUSE_11_LIBFREEBL3-090812.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=41419", "published": "2009-09-24T00:00:00", "title": "SuSE 11 Security Update : Mozilla Firefox (SAT Patch Number 1199)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(41419);\n script_version(\"$Revision: 1.11 $\");\n script_cvs_date(\"$Date: 2016/12/21 20:21:20 $\");\n\n script_cve_id(\"CVE-2009-2404\", \"CVE-2009-2408\");\n\n script_name(english:\"SuSE 11 Security Update : Mozilla Firefox (SAT Patch Number 1199)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Mozilla NSS security framework was updated to version 3.12.3.1.\n\n - Heap-based buffer overflow in a regular-expression\n parser in Mozilla Network Security Services (NSS) before\n 3.12.3, as used in Firefox, Thunderbird, SeaMonkey,\n Evolution, Pidgin, and AOL Instant Messenger (AIM),\n allows remote SSL servers to cause a denial of service\n (application crash) or possibly execute arbitrary code\n via a long domain name in the subject's Common Name (CN)\n field of an X.509 certificate, related to the\n cert_TestHostName function. (CVE-2009-2404 / MFSA\n 2009-43)\n\n - IOActive security researcher Dan Kaminsky reported a\n mismatch in the treatment of domain names in SSL\n certificates between SSL clients and the Certificate\n Authorities (CA) which issue server certificates. In\n particular, if a malicious person requested a\n certificate for a host name with an invalid null\n character in it most CAs would issue the certificate if\n the requester owned the domain specified after the null,\n while most SSL clients (browsers) ignored that part of\n the name and used the unvalidated part in front of the\n null. This made it possible for attackers to obtain\n certificates that would function for any site they\n wished to target. These certificates could be used to\n intercept and potentially alter encrypted communication\n between the client and a server such as sensitive bank\n account transactions. This vulnerability was\n independently reported to us by researcher Moxie\n Marlinspike who also noted that since Firefox relies on\n SSL to protect the integrity of security updates this\n attack could be used to serve malicious updates. (MFSA\n 2009-42 / CVE-2009-2408)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2009/mfsa2009-42.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2009/mfsa2009-43.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=522602\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-2404.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-2408.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 1199.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(119, 310);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libfreebl3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libfreebl3-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-nss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-nss-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-nss-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/08/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/09/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2016 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (pl) audit(AUDIT_OS_NOT, \"SuSE 11.0\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"libfreebl3-3.12.3.1-1.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"mozilla-nss-3.12.3.1-1.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"mozilla-nss-tools-3.12.3.1-1.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"libfreebl3-3.12.3.1-1.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"libfreebl3-32bit-3.12.3.1-1.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"mozilla-nss-3.12.3.1-1.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"mozilla-nss-32bit-3.12.3.1-1.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"mozilla-nss-tools-3.12.3.1-1.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"libfreebl3-3.12.3.1-1.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"mozilla-nss-3.12.3.1-1.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"mozilla-nss-tools-3.12.3.1-1.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"s390x\", reference:\"libfreebl3-32bit-3.12.3.1-1.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"s390x\", reference:\"mozilla-nss-32bit-3.12.3.1-1.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"x86_64\", reference:\"libfreebl3-32bit-3.12.3.1-1.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"x86_64\", reference:\"mozilla-nss-32bit-3.12.3.1-1.1.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:12:20", "bulletinFamily": "scanner", "description": "The installed version of SeaMonkey is earlier than 1.1.18. Such versions are potentially affected by the following security issues :\n\n - The browser can be fooled into trusting a malicious SSL server certificate with a null character in the host name.\n (MFSA 2009-42)\n\n - A heap overflow in the code that handles regular expressions in certificate names can lead to arbitrary code execution. (MFSA 2009-43)", "modified": "2018-07-27T00:00:00", "id": "SEAMONKEY_1118.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=40874", "published": "2009-09-04T00:00:00", "title": "SeaMonkey < 1.1.18 Multiple Vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\n\nif (description)\n{\n script_id(40874);\n script_version(\"1.15\");\n\n script_cve_id(\"CVE-2009-2404\", \"CVE-2009-2408\");\n script_bugtraq_id(35888, 35891);\n script_xref(name:\"Secunia\", value:\"36125\");\n\n script_name(english:\"SeaMonkey < 1.1.18 Multiple Vulnerabilities\");\n script_summary(english:\"Checks version of SeaMonkey\");\n\n script_set_attribute( attribute:\"synopsis\", value:\n\"A web browser on the remote host is affected by multiple\nvulnerabilities.\" );\n script_set_attribute( attribute:\"description\", value:\n\"The installed version of SeaMonkey is earlier than 1.1.18. Such\nversions are potentially affected by the following security issues :\n\n - The browser can be fooled into trusting a malicious SSL\n server certificate with a null character in the host name.\n (MFSA 2009-42)\n\n - A heap overflow in the code that handles regular\n expressions in certificate names can lead to\n arbitrary code execution. (MFSA 2009-43)\" );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2009-42/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2009-43/\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Upgrade to SeaMonkey 1.1.18 or later.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(119, 310);\n script_set_attribute(\n attribute:\"vuln_publication_date\",\n value:\"2009/07/30\"\n );\n script_set_attribute(\n attribute:\"patch_publication_date\",\n value:\"2009/09/03\"\n );\n script_set_attribute(\n attribute:\"plugin_publication_date\",\n value:\"2009/09/04\"\n );\n script_cvs_date(\"Date: 2018/07/27 18:38:15\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:seamonkey\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"mozilla_org_installed.nasl\");\n script_require_keys(\"SeaMonkey/Version\");\n\n exit(0);\n}\n\ninclude(\"mozilla_version.inc\");\nport = get_kb_item(\"SMB/transport\");\nif (!port) port = 445;\n\ninstalls = get_kb_list(\"SMB/SeaMonkey/*\");\nif (isnull(installs)) audit(AUDIT_NOT_INST, \"SeaMonkey\");\n\nmozilla_check_version(installs:installs, product:'seamonkey', fix:'1.1.18', severity:SECURITY_HOLE);", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:12:17", "bulletinFamily": "scanner", "description": "The Mozilla NSS security framework was updated to version 3.12.3.1.\n\nCVE-2009-2404 / MFSA 2009-43 : Heap-based buffer overflow in a regular-expression parser in Mozilla Network Security Services (NSS) before 3.12.3, as used in Firefox, Thunderbird, SeaMonkey, Evolution, Pidgin, and AOL Instant Messenger (AIM), allows remote SSL servers to cause a denial of service (application crash) or possibly execute arbitrary code via a long domain name in the subject's Common Name (CN) field of an X.509 certificate, related to the cert_TestHostName function.\n\nMFSA 2009-42 / CVE-2009-2408: IOActive security researcher Dan Kaminsky reported a mismatch in the treatment of domain names in SSL certificates between SSL clients and the Certificate Authorities (CA) which issue server certificates. In particular, if a malicious person requested a certificate for a host name with an invalid null character in it most CAs would issue the certificate if the requester owned the domain specified after the null, while most SSL clients (browsers) ignored that part of the name and used the unvalidated part in front of the null. This made it possible for attackers to obtain certificates that would function for any site they wished to target.\nThese certificates could be used to intercept and potentially alter encrypted communication between the client and a server such as sensitive bank account transactions. This vulnerability was independently reported to us by researcher Moxie Marlinspike who also noted that since Firefox relies on SSL to protect the integrity of security updates this attack could be used to serve malicious updates.", "modified": "2016-12-21T00:00:00", "id": "SUSE_11_1_LIBFREEBL3-090812.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=40652", "published": "2009-08-20T00:00:00", "title": "openSUSE Security Update : libfreebl3 (libfreebl3-1201)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update libfreebl3-1201.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(40652);\n script_version(\"$Revision: 1.9 $\");\n script_cvs_date(\"$Date: 2016/12/21 20:09:51 $\");\n\n script_cve_id(\"CVE-2009-2404\", \"CVE-2009-2408\");\n\n script_name(english:\"openSUSE Security Update : libfreebl3 (libfreebl3-1201)\");\n script_summary(english:\"Check for the libfreebl3-1201 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Mozilla NSS security framework was updated to version 3.12.3.1.\n\nCVE-2009-2404 / MFSA 2009-43 : Heap-based buffer overflow in a\nregular-expression parser in Mozilla Network Security Services (NSS)\nbefore 3.12.3, as used in Firefox, Thunderbird, SeaMonkey, Evolution,\nPidgin, and AOL Instant Messenger (AIM), allows remote SSL servers to\ncause a denial of service (application crash) or possibly execute\narbitrary code via a long domain name in the subject's Common Name\n(CN) field of an X.509 certificate, related to the cert_TestHostName\nfunction.\n\nMFSA 2009-42 / CVE-2009-2408: IOActive security researcher Dan\nKaminsky reported a mismatch in the treatment of domain names in SSL\ncertificates between SSL clients and the Certificate Authorities (CA)\nwhich issue server certificates. In particular, if a malicious person\nrequested a certificate for a host name with an invalid null character\nin it most CAs would issue the certificate if the requester owned the\ndomain specified after the null, while most SSL clients (browsers)\nignored that part of the name and used the unvalidated part in front\nof the null. This made it possible for attackers to obtain\ncertificates that would function for any site they wished to target.\nThese certificates could be used to intercept and potentially alter\nencrypted communication between the client and a server such as\nsensitive bank account transactions. This vulnerability was\nindependently reported to us by researcher Moxie Marlinspike who also\nnoted that since Firefox relies on SSL to protect the integrity of\nsecurity updates this attack could be used to serve malicious updates.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=522602\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libfreebl3 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(119, 310);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreebl3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreebl3-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/08/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/08/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2016 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.1\", reference:\"libfreebl3-3.12.3.1-1.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"mozilla-nss-3.12.3.1-1.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"mozilla-nss-devel-3.12.3.1-1.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"mozilla-nss-tools-3.12.3.1-1.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", cpu:\"x86_64\", reference:\"libfreebl3-32bit-3.12.3.1-1.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", cpu:\"x86_64\", reference:\"mozilla-nss-32bit-3.12.3.1-1.1.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mozilla-nss\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:12:36", "bulletinFamily": "scanner", "description": "seamonkey was updated to version 1.1.18, fixing various security issues :\n\n - Moxie Marlinspike reported a heap overflow vulnerability in the code that handles regular expressions in certificate names. This vulnerability could be used to compromise the browser and run arbitrary code by presenting a specially crafted certificate to the client. This code provided compatibility with the non-standard regular expression syntax historically supported by Netscape clients and servers. With version 3.5 Firefox switched to the more limited industry-standard wildcard syntax instead and is not vulnerable to this flaw. (MFSA 2009-43 / CVE-2009-2404)\n\n - IOActive security researcher Dan Kaminsky reported a mismatch in the treatment of domain names in SSL certificates between SSL clients and the Certificate Authorities (CA) which issue server certificates. In particular, if a malicious person requested a certificate for a host name with an invalid null character in it most CAs would issue the certificate if the requester owned the domain specified after the null, while most SSL clients (browsers) ignored that part of the name and used the unvalidated part in front of the null. This made it possible for attackers to obtain certificates that would function for any site they wished to target. These certificates could be used to intercept and potentially alter encrypted communication between the client and a server such as sensitive bank account transactions. This vulnerability was independently reported to us by researcher Moxie Marlinspike who also noted that since Firefox relies on SSL to protect the integrity of security updates this attack could be used to serve malicious updates. Mozilla would like to thank Dan and the Microsoft Vulnerability Research team for coordinating a multiple-vendor response to this problem. (MFSA 2009-42 / CVE-2009-2408)", "modified": "2016-12-21T00:00:00", "id": "SUSE9_12521.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=42200", "published": "2009-10-22T00:00:00", "title": "SuSE9 Security Update : epiphany (YOU Patch Number 12521)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(42200);\n script_version(\"$Revision: 1.9 $\");\n script_cvs_date(\"$Date: 2016/12/21 20:33:29 $\");\n\n script_cve_id(\"CVE-2009-2404\", \"CVE-2009-2408\");\n\n script_name(english:\"SuSE9 Security Update : epiphany (YOU Patch Number 12521)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 9 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"seamonkey was updated to version 1.1.18, fixing various security\nissues :\n\n - Moxie Marlinspike reported a heap overflow vulnerability\n in the code that handles regular expressions in\n certificate names. This vulnerability could be used to\n compromise the browser and run arbitrary code by\n presenting a specially crafted certificate to the\n client. This code provided compatibility with the\n non-standard regular expression syntax historically\n supported by Netscape clients and servers. With version\n 3.5 Firefox switched to the more limited\n industry-standard wildcard syntax instead and is not\n vulnerable to this flaw. (MFSA 2009-43 / CVE-2009-2404)\n\n - IOActive security researcher Dan Kaminsky reported a\n mismatch in the treatment of domain names in SSL\n certificates between SSL clients and the Certificate\n Authorities (CA) which issue server certificates. In\n particular, if a malicious person requested a\n certificate for a host name with an invalid null\n character in it most CAs would issue the certificate if\n the requester owned the domain specified after the null,\n while most SSL clients (browsers) ignored that part of\n the name and used the unvalidated part in front of the\n null. This made it possible for attackers to obtain\n certificates that would function for any site they\n wished to target. These certificates could be used to\n intercept and potentially alter encrypted communication\n between the client and a server such as sensitive bank\n account transactions. This vulnerability was\n independently reported to us by researcher Moxie\n Marlinspike who also noted that since Firefox relies on\n SSL to protect the integrity of security updates this\n attack could be used to serve malicious updates. Mozilla\n would like to thank Dan and the Microsoft Vulnerability\n Research team for coordinating a multiple-vendor\n response to this problem. (MFSA 2009-42 / CVE-2009-2408)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-2404.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-2408.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply YOU patch number 12521.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(119, 310);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/10/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/10/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2016 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 9 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SUSE9\", reference:\"mozilla-1.8_seamonkey_1.1.18-0.1\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"mozilla-devel-1.8_seamonkey_1.1.18-0.1\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"mozilla-dom-inspector-1.8_seamonkey_1.1.18-0.1\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"mozilla-irc-1.8_seamonkey_1.1.18-0.1\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"mozilla-mail-1.8_seamonkey_1.1.18-0.1\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"mozilla-venkman-1.8_seamonkey_1.1.18-0.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:12:36", "bulletinFamily": "scanner", "description": "The Mozilla NSS security framework was updated to version 3.12.3.1.\n\n - Heap-based buffer overflow in a regular-expression parser in Mozilla Network Security Services (NSS) before 3.12.3, as used in Firefox, Thunderbird, SeaMonkey, Evolution, Pidgin, and AOL Instant Messenger (AIM), allows remote SSL servers to cause a denial of service (application crash) or possibly execute arbitrary code via a long domain name in the subject's Common Name (CN) field of an X.509 certificate, related to the cert_TestHostName function. (CVE-2009-2404 / MFSA 2009-43)\n\n - IOActive security researcher Dan Kaminsky reported a mismatch in the treatment of domain names in SSL certificates between SSL clients and the Certificate Authorities (CA) which issue server certificates. In particular, if a malicious person requested a certificate for a host name with an invalid null character in it most CAs would issue the certificate if the requester owned the domain specified after the null, while most SSL clients (browsers) ignored that part of the name and used the unvalidated part in front of the null. This made it possible for attackers to obtain certificates that would function for any site they wished to target. These certificates could be used to intercept and potentially alter encrypted communication between the client and a server such as sensitive bank account transactions. This vulnerability was independently reported to us by researcher Moxie Marlinspike who also noted that since Firefox relies on SSL to protect the integrity of security updates this attack could be used to serve malicious updates. (MFSA 2009-42 / CVE-2009-2408)", "modified": "2016-12-22T00:00:00", "id": "SUSE_MOZILLA-NSPR-6541.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=42190", "published": "2009-10-20T00:00:00", "title": "SuSE 10 Security Update : Mozilla NSS (ZYPP Patch Number 6541)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(42190);\n script_version (\"$Revision: 1.12 $\");\n script_cvs_date(\"$Date: 2016/12/22 20:42:27 $\");\n\n script_cve_id(\"CVE-2009-2404\", \"CVE-2009-2408\");\n\n script_name(english:\"SuSE 10 Security Update : Mozilla NSS (ZYPP Patch Number 6541)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Mozilla NSS security framework was updated to version 3.12.3.1.\n\n - Heap-based buffer overflow in a regular-expression\n parser in Mozilla Network Security Services (NSS) before\n 3.12.3, as used in Firefox, Thunderbird, SeaMonkey,\n Evolution, Pidgin, and AOL Instant Messenger (AIM),\n allows remote SSL servers to cause a denial of service\n (application crash) or possibly execute arbitrary code\n via a long domain name in the subject's Common Name (CN)\n field of an X.509 certificate, related to the\n cert_TestHostName function. (CVE-2009-2404 / MFSA\n 2009-43)\n\n - IOActive security researcher Dan Kaminsky reported a\n mismatch in the treatment of domain names in SSL\n certificates between SSL clients and the Certificate\n Authorities (CA) which issue server certificates. In\n particular, if a malicious person requested a\n certificate for a host name with an invalid null\n character in it most CAs would issue the certificate if\n the requester owned the domain specified after the null,\n while most SSL clients (browsers) ignored that part of\n the name and used the unvalidated part in front of the\n null. This made it possible for attackers to obtain\n certificates that would function for any site they\n wished to target. These certificates could be used to\n intercept and potentially alter encrypted communication\n between the client and a server such as sensitive bank\n account transactions. This vulnerability was\n independently reported to us by researcher Moxie\n Marlinspike who also noted that since Firefox relies on\n SSL to protect the integrity of security updates this\n attack could be used to serve malicious updates. (MFSA\n 2009-42 / CVE-2009-2408)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2009/mfsa2009-42.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2009/mfsa2009-43.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-2404.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-2408.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 6541.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(119, 310);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/09/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/10/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2016 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:2, reference:\"mozilla-nspr-4.8-1.4.2\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, reference:\"mozilla-nspr-devel-4.8-1.4.2\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, reference:\"mozilla-nss-3.12.3.1-1.4.2\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, reference:\"mozilla-nss-devel-3.12.3.1-1.4.2\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, reference:\"mozilla-nss-tools-3.12.3.1-1.4.2\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, cpu:\"x86_64\", reference:\"mozilla-nspr-32bit-4.8-1.4.2\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, cpu:\"x86_64\", reference:\"mozilla-nss-32bit-3.12.3.1-1.4.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"mozilla-nspr-4.8-1.4.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"mozilla-nspr-devel-4.8-1.4.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"mozilla-nss-3.12.3.1-1.4.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"mozilla-nss-devel-3.12.3.1-1.4.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, cpu:\"x86_64\", reference:\"mozilla-nspr-32bit-4.8-1.4.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, cpu:\"x86_64\", reference:\"mozilla-nss-32bit-3.12.3.1-1.4.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:12:16", "bulletinFamily": "scanner", "description": "The Mozilla NSS security framework was updated to version 3.12.3.1.\n\nCVE-2009-2404 / MFSA 2009-43 : Heap-based buffer overflow in a regular-expression parser in Mozilla Network Security Services (NSS) before 3.12.3, as used in Firefox, Thunderbird, SeaMonkey, Evolution, Pidgin, and AOL Instant Messenger (AIM), allows remote SSL servers to cause a denial of service (application crash) or possibly execute arbitrary code via a long domain name in the subject's Common Name (CN) field of an X.509 certificate, related to the cert_TestHostName function.\n\nMFSA 2009-42 / CVE-2009-2408: IOActive security researcher Dan Kaminsky reported a mismatch in the treatment of domain names in SSL certificates between SSL clients and the Certificate Authorities (CA) which issue server certificates. In particular, if a malicious person requested a certificate for a host name with an invalid null character in it most CAs would issue the certificate if the requester owned the domain specified after the null, while most SSL clients (browsers) ignored that part of the name and used the unvalidated part in front of the null. This made it possible for attackers to obtain certificates that would function for any site they wished to target.\nThese certificates could be used to intercept and potentially alter encrypted communication between the client and a server such as sensitive bank account transactions. This vulnerability was independently reported to us by researcher Moxie Marlinspike who also noted that since Firefox relies on SSL to protect the integrity of security updates this attack could be used to serve malicious updates.", "modified": "2016-12-21T00:00:00", "id": "SUSE_11_0_LIBFREEBL3-090812.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=40645", "published": "2009-08-20T00:00:00", "title": "openSUSE Security Update : libfreebl3 (libfreebl3-1201)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update libfreebl3-1201.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(40645);\n script_version(\"$Revision: 1.9 $\");\n script_cvs_date(\"$Date: 2016/12/21 20:09:50 $\");\n\n script_cve_id(\"CVE-2009-2404\", \"CVE-2009-2408\");\n\n script_name(english:\"openSUSE Security Update : libfreebl3 (libfreebl3-1201)\");\n script_summary(english:\"Check for the libfreebl3-1201 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Mozilla NSS security framework was updated to version 3.12.3.1.\n\nCVE-2009-2404 / MFSA 2009-43 : Heap-based buffer overflow in a\nregular-expression parser in Mozilla Network Security Services (NSS)\nbefore 3.12.3, as used in Firefox, Thunderbird, SeaMonkey, Evolution,\nPidgin, and AOL Instant Messenger (AIM), allows remote SSL servers to\ncause a denial of service (application crash) or possibly execute\narbitrary code via a long domain name in the subject's Common Name\n(CN) field of an X.509 certificate, related to the cert_TestHostName\nfunction.\n\nMFSA 2009-42 / CVE-2009-2408: IOActive security researcher Dan\nKaminsky reported a mismatch in the treatment of domain names in SSL\ncertificates between SSL clients and the Certificate Authorities (CA)\nwhich issue server certificates. In particular, if a malicious person\nrequested a certificate for a host name with an invalid null character\nin it most CAs would issue the certificate if the requester owned the\ndomain specified after the null, while most SSL clients (browsers)\nignored that part of the name and used the unvalidated part in front\nof the null. This made it possible for attackers to obtain\ncertificates that would function for any site they wished to target.\nThese certificates could be used to intercept and potentially alter\nencrypted communication between the client and a server such as\nsensitive bank account transactions. This vulnerability was\nindependently reported to us by researcher Moxie Marlinspike who also\nnoted that since Firefox relies on SSL to protect the integrity of\nsecurity updates this attack could be used to serve malicious updates.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=522602\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libfreebl3 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(119, 310);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreebl3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreebl3-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/08/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/08/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2016 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.0\", reference:\"libfreebl3-3.12.3.1-1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"mozilla-nss-3.12.3.1-1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"mozilla-nss-devel-3.12.3.1-1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"mozilla-nss-tools-3.12.3.1-1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", cpu:\"x86_64\", reference:\"libfreebl3-32bit-3.12.3.1-1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", cpu:\"x86_64\", reference:\"mozilla-nss-32bit-3.12.3.1-1.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mozilla-nss\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:13:10", "bulletinFamily": "scanner", "description": "The installed version of Thunderbird is earlier than 2.0.0.24. Such versions are potentially affected by multiple vulnerabilities :\n\n - The columns of a XUL tree element can be manipulated in a particular way that would leave a pointer owned by the column pointing to freed memory. (MFSA 2009-49)\n\n - A heap-based buffer overflow exists in Mozilla's string to floating point number conversion routines. (MFSA 2009-59)\n\n - It is possible to obfuscate the name of files to be downloaded by using a right-to-left override character (RTL). (MFSA 2009-62)\n\n - Multiple memory corruption vulnerabilities exist that may result in the execution of arbitrary code. (MFSA 2010-07)", "modified": "2018-07-16T00:00:00", "id": "MOZILLA_THUNDERBIRD_20024.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=45110", "published": "2010-03-19T00:00:00", "title": "Mozilla Thunderbird < 2.0.0.24 Multiple Vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\n\nif (description)\n{\n script_id(45110);\n script_version(\"1.15\");\n\n script_cve_id(\n \"CVE-2009-0689\",\n \"CVE-2009-2463\",\n \"CVE-2009-3072\",\n \"CVE-2009-3075\",\n \"CVE-2009-3077\",\n \"CVE-2009-3376\",\n \"CVE-2010-0161\",\n \"CVE-2010-0163\"\n );\n script_bugtraq_id(37366,38831);\n script_xref(name:\"Secunia\", value:\"37682\");\n\n script_name(english:\"Mozilla Thunderbird < 2.0.0.24 Multiple Vulnerabilities\");\n script_summary(english:\"Checks version of Thunderbird\");\n\n script_set_attribute(attribute:\"synopsis\",value:\n\"The remote Windows host contains a mail client that is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\",value:\n\"The installed version of Thunderbird is earlier than 2.0.0.24. Such\nversions are potentially affected by multiple vulnerabilities :\n\n - The columns of a XUL tree element can be manipulated in\n a particular way that would leave a pointer owned by\n the column pointing to freed memory. (MFSA 2009-49)\n\n - A heap-based buffer overflow exists in Mozilla's string\n to floating point number conversion routines. \n (MFSA 2009-59)\n\n - It is possible to obfuscate the name of files to be\n downloaded by using a right-to-left override character\n (RTL). (MFSA 2009-62)\n\n - Multiple memory corruption vulnerabilities exist that\n may result in the execution of arbitrary code. \n (MFSA 2010-07)\");\n\n script_set_attribute(attribute:\"see_also\",value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2010-07/\");\n script_set_attribute(attribute:\"see_also\",value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2009-62/\");\n script_set_attribute(attribute:\"see_also\",value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2009-59/\");\n script_set_attribute(attribute:\"see_also\",value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2009-49/\");\n script_set_attribute(attribute:\"see_also\",value:\"http://www.nessus.org/u?fff60c73\");\n script_set_attribute(attribute:\"solution\",value:\"Upgrade to Thunderbird 2.0.0.24 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(16, 94, 119, 189);\n script_set_attribute(attribute:\"vuln_publication_date\",value:\"2009/09/09\");\n script_set_attribute(attribute:\"patch_publication_date\",value:\"2010/03/16\");\n script_set_attribute(attribute:\"plugin_publication_date\",value:\"2010/03/19\");\n script_cvs_date(\"Date: 2018/07/16 14:09:15\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:thunderbird\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2010-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"mozilla_org_installed.nasl\");\n script_require_keys(\"Mozilla/Thunderbird/Version\");\n\n exit(0);\n}\n\ninclude(\"mozilla_version.inc\");\nport = get_kb_item_or_exit(\"SMB/transport\");\n\ninstalls = get_kb_list(\"SMB/Mozilla/Thunderbird/*\");\nif (isnull(installs)) audit(AUDIT_NOT_INST, \"Thunderbird\");\n\nmozilla_check_version(installs:installs, product:'thunderbird', esr:FALSE, fix:'2.0.0.24', severity:SECURITY_HOLE);", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:13:12", "bulletinFamily": "scanner", "description": "Mozilla Thunderbird was updated to 2.0.0.14 fixing several security issues and bugs.\n\nMFSA 2010-07: Mozilla developers took fixes from previously fixed memory safety bugs in newer Mozilla-based products and ported them to the Mozilla 1.8.1 branch so they can be utilized by Thunderbird 2 and SeaMonkey 1.1.\n\nPaul Fisher reported a crash when joined to an Active Directory server under Vista or Windows 7 and using SSPI authentication.\n(CVE-2010-0161) Ludovic Hirlimann reported a crash indexing some messages with attachments (CVE-2010-0163) Carsten Book reported a crash in the JavaScript engine (CVE-2009-3075) Josh Soref reported a crash in the BinHex decoder used on non-Mac platforms. (CVE-2009-3072) monarch2000 reported an integer overflow in a base64 decoding function (CVE-2009-2463)\n\nMFSA 2009-68 / CVE-2009-3983: Security researcher Takehiro Takahashi of the IBM X-Force reported that Mozilla's NTLM implementation was vulnerable to reflection attacks in which NTLM credentials from one application could be forwarded to another arbitary application via the browser. If an attacker could get a user to visit a web page he controlled he could force NTLM authenticated requests to be forwarded to another application on behalf of the user.\n\nMFSA 2009-62 / CVE-2009-3376: Mozilla security researchers Jesse Ruderman and Sid Stamm reported that when downloading a file containing a right-to-left override character (RTL) in the filename, the name displayed in the dialog title bar conflicts with the name of the file shown in the dialog body. An attacker could use this vulnerability to obfuscate the name and file extension of a file to be downloaded and opened, potentially causing a user to run an executable file when they expected to open a non-executable file.\n\nMFSA 2009-59 / CVE-2009-0689: Security researcher Alin Rad Pop of Secunia Research reported a heap-based buffer overflow in Mozilla's string to floating point number conversion routines. Using this vulnerability an attacker could craft some malicious JavaScript code containing a very long string to be converted to a floating point number which would result in improper memory allocation and the execution of an arbitrary memory location. This vulnerability could thus be leveraged by the attacker to run arbitrary code on a victim's computer.\n\nUpdate: The underlying flaw in the dtoa routines used by Mozilla appears to be essentially the same as that reported against the libc gdtoa routine by Maksymilian Arciemowicz.\n\nMFSA 2009-49 / CVE-2009-3077: An anonymous security researcher, via TippingPoint's Zero Day Initiative, reported that the columns of a XUL tree element could be manipulated in a particular way which would leave a pointer owned by the column pointing to freed memory. An attacker could potentially use this vulnerability to crash a victim's browser and run arbitrary code on the victim's computer.\n\nPlease see http://www.mozilla.org/security/known-vulnerabilities/thunderbird20.ht ml", "modified": "2016-12-21T00:00:00", "id": "SUSE_11_0_MOZILLATHUNDERBIRD-100324.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=45375", "published": "2010-03-30T00:00:00", "title": "openSUSE Security Update : MozillaThunderbird (MozillaThunderbird-2189)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update MozillaThunderbird-2189.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(45375);\n script_version(\"$Revision: 1.8 $\");\n script_cvs_date(\"$Date: 2016/12/21 20:09:50 $\");\n\n script_cve_id(\"CVE-2009-0689\", \"CVE-2009-2463\", \"CVE-2009-3072\", \"CVE-2009-3075\", \"CVE-2009-3077\", \"CVE-2009-3376\", \"CVE-2009-3983\", \"CVE-2010-0161\", \"CVE-2010-0163\");\n\n script_name(english:\"openSUSE Security Update : MozillaThunderbird (MozillaThunderbird-2189)\");\n script_summary(english:\"Check for the MozillaThunderbird-2189 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Mozilla Thunderbird was updated to 2.0.0.14 fixing several security\nissues and bugs.\n\nMFSA 2010-07: Mozilla developers took fixes from previously fixed\nmemory safety bugs in newer Mozilla-based products and ported them to\nthe Mozilla 1.8.1 branch so they can be utilized by Thunderbird 2 and\nSeaMonkey 1.1.\n\nPaul Fisher reported a crash when joined to an Active Directory server\nunder Vista or Windows 7 and using SSPI authentication.\n(CVE-2010-0161) Ludovic Hirlimann reported a crash indexing some\nmessages with attachments (CVE-2010-0163) Carsten Book reported a\ncrash in the JavaScript engine (CVE-2009-3075) Josh Soref reported a\ncrash in the BinHex decoder used on non-Mac platforms. (CVE-2009-3072)\nmonarch2000 reported an integer overflow in a base64 decoding function\n(CVE-2009-2463)\n\nMFSA 2009-68 / CVE-2009-3983: Security researcher Takehiro Takahashi\nof the IBM X-Force reported that Mozilla's NTLM implementation was\nvulnerable to reflection attacks in which NTLM credentials from one\napplication could be forwarded to another arbitary application via the\nbrowser. If an attacker could get a user to visit a web page he\ncontrolled he could force NTLM authenticated requests to be forwarded\nto another application on behalf of the user.\n\nMFSA 2009-62 / CVE-2009-3376: Mozilla security researchers Jesse\nRuderman and Sid Stamm reported that when downloading a file\ncontaining a right-to-left override character (RTL) in the filename,\nthe name displayed in the dialog title bar conflicts with the name of\nthe file shown in the dialog body. An attacker could use this\nvulnerability to obfuscate the name and file extension of a file to be\ndownloaded and opened, potentially causing a user to run an executable\nfile when they expected to open a non-executable file.\n\nMFSA 2009-59 / CVE-2009-0689: Security researcher Alin Rad Pop of\nSecunia Research reported a heap-based buffer overflow in Mozilla's\nstring to floating point number conversion routines. Using this\nvulnerability an attacker could craft some malicious JavaScript code\ncontaining a very long string to be converted to a floating point\nnumber which would result in improper memory allocation and the\nexecution of an arbitrary memory location. This vulnerability could\nthus be leveraged by the attacker to run arbitrary code on a victim's\ncomputer.\n\nUpdate: The underlying flaw in the dtoa routines used by Mozilla\nappears to be essentially the same as that reported against the libc\ngdtoa routine by Maksymilian Arciemowicz.\n\nMFSA 2009-49 / CVE-2009-3077: An anonymous security researcher, via\nTippingPoint's Zero Day Initiative, reported that the columns of a XUL\ntree element could be manipulated in a particular way which would\nleave a pointer owned by the column pointing to freed memory. An\nattacker could potentially use this vulnerability to crash a victim's\nbrowser and run arbitrary code on the victim's computer.\n\nPlease see\nhttp://www.mozilla.org/security/known-vulnerabilities/thunderbird20.ht\nml\"\n );\n # http://www.mozilla.org/security/known-vulnerabilities/thunderbird20.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?280be806\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=576969\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected MozillaThunderbird packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(16, 94, 119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-translations\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/03/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/03/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2016 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.0\", reference:\"MozillaThunderbird-2.0.0.24-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"MozillaThunderbird-devel-2.0.0.24-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"MozillaThunderbird-translations-2.0.0.24-0.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MozillaThunderbird\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "openvas": [{"lastseen": "2018-01-23T13:05:23", "bulletinFamily": "scanner", "description": "The remote host is missing an update to icedove\nannounced via advisory DSA 2025-1.", "modified": "2018-01-23T00:00:00", "published": "2010-04-06T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231067209", "id": "OPENVAS:136141256231067209", "title": "Debian Security Advisory DSA 2025-1 (icedove)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2025_1.nasl 8495 2018-01-23 07:57:49Z teissa $\n# Description: Auto-generated from advisory DSA 2025-1 (icedove)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several remote vulnerabilities have been discovered in the Icedove\nmail client, an unbranded version of the Thunderbird mail client. The\nCommon Vulnerabilities and Exposures project identifies the following\nproblems:\n\nCVE-2009-2408\n\nDan Kaminsky and Moxie Marlinspike discovered that icedove does not\nproperly handle a '\\0' character in a domain name in the subject's\nCommon Name (CN) field of an X.509 certificate (MFSA 2009-42).\n\nCVE-2009-2404\n\nMoxie Marlinspike reported a heap overflow vulnerability in the code\nthat handles regular expressions in certificate names (MFSA 2009-43).\n\nCVE-2009-2463\n\nmonarch2020 discovered an integer overflow n a base64 decoding function\n(MFSA 2010-07).\n\nCVE-2009-3072\n\nJosh Soref discovered a crash in the BinHex decoder (MFSA 2010-07).\n\nCVE-2009-3075\n\nCarsten Book reported a crash in the JavaScript engine (MFSA 2010-07).\n\nCVE-2010-0163\n\nLudovic Hirlimann reported a crash indexing some messages with\nattachments, which could lead to the execution of arbitrary code\n(MFSA 2010-07).\n\n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 2.0.0.24-0lenny1.\n\nDue to a problem with the archive system it is not possible to release\nall architectures. The missing architectures will be installed into the\narchive once they become available.\n\nFor the testing distribution squeeze and the unstable distribution (sid),\nthese problems will be fixed soon.\n\n\nWe recommend that you upgrade your icedove packages.\";\ntag_summary = \"The remote host is missing an update to icedove\nannounced via advisory DSA 2025-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202025-1\";\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.67209\");\n script_version(\"$Revision: 8495 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-23 08:57:49 +0100 (Tue, 23 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-04-06 21:31:38 +0200 (Tue, 06 Apr 2010)\");\n script_cve_id(\"CVE-2009-2408\", \"CVE-2009-2404\", \"CVE-2009-2463\", \"CVE-2009-3072\", \"CVE-2009-3075\", \"CVE-2010-0163\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Debian Security Advisory DSA 2025-1 (icedove)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"icedove-dev\", ver:\"2.0.0.24-0lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-gnome-support\", ver:\"2.0.0.24-0lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-dbg\", ver:\"2.0.0.24-0lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove\", ver:\"2.0.0.24-0lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:40:39", "bulletinFamily": "scanner", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n libfreebl3\n mozilla-nss\n mozilla-nss-tools\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 11 patch database located at\nhttp://download.novell.com/patch/finder/", "modified": "2018-04-06T00:00:00", "published": "2009-10-11T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231065705", "id": "OPENVAS:136141256231065705", "type": "openvas", "title": "SLES11: Security update for Mozilla Firefox", "sourceData": "#\n#VID 5d306b6d7dd56f9b174098ca596f270a\n# OpenVAS Vulnerability Test\n# $\n# Description: Security update for Mozilla Firefox\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n libfreebl3\n mozilla-nss\n mozilla-nss-tools\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 11 patch database located at\nhttp://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://bugzilla.novell.com/show_bug.cgi?id=522602\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.65705\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-11 22:58:51 +0200 (Sun, 11 Oct 2009)\");\n script_cve_id(\"CVE-2009-2404\", \"CVE-2009-2408\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"SLES11: Security update for Mozilla Firefox\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"libfreebl3\", rpm:\"libfreebl3~3.12.3.1~1.1.1\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-nss\", rpm:\"mozilla-nss~3.12.3.1~1.1.1\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-nss-tools\", rpm:\"mozilla-nss-tools~3.12.3.1~1.1.1\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-26T08:55:21", "bulletinFamily": "scanner", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n mozilla\n mozilla-devel\n mozilla-dom-inspector\n mozilla-irc\n mozilla-mail\n mozilla-venkman\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5060741 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "modified": "2017-07-11T00:00:00", "published": "2009-10-27T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=66072", "id": "OPENVAS:66072", "title": "SLES9: Security update for epiphany", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5060741.nasl 6666 2017-07-11 13:13:36Z cfischer $\n# Description: Security update for epiphany\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n mozilla\n mozilla-devel\n mozilla-dom-inspector\n mozilla-irc\n mozilla-mail\n mozilla-venkman\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5060741 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_id(66072);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-27 01:37:56 +0100 (Tue, 27 Oct 2009)\");\n script_cve_id(\"CVE-2009-2404\", \"CVE-2009-2408\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"SLES9: Security update for epiphany\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"mozilla\", rpm:\"mozilla~1.8_seamonkey_1.1.18~0.1\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-26T08:56:20", "bulletinFamily": "scanner", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n libfreebl3\n mozilla-nss\n mozilla-nss-tools\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 11 patch database located at\nhttp://download.novell.com/patch/finder/", "modified": "2017-07-11T00:00:00", "published": "2009-10-11T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=65705", "id": "OPENVAS:65705", "title": "SLES11: Security update for Mozilla Firefox", "type": "openvas", "sourceData": "#\n#VID 5d306b6d7dd56f9b174098ca596f270a\n# OpenVAS Vulnerability Test\n# $\n# Description: Security update for Mozilla Firefox\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n libfreebl3\n mozilla-nss\n mozilla-nss-tools\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 11 patch database located at\nhttp://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://bugzilla.novell.com/show_bug.cgi?id=522602\");\n script_id(65705);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-11 22:58:51 +0200 (Sun, 11 Oct 2009)\");\n script_cve_id(\"CVE-2009-2404\", \"CVE-2009-2408\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"SLES11: Security update for Mozilla Firefox\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"libfreebl3\", rpm:\"libfreebl3~3.12.3.1~1.1.1\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-nss\", rpm:\"mozilla-nss~3.12.3.1~1.1.1\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-nss-tools\", rpm:\"mozilla-nss-tools~3.12.3.1~1.1.1\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:37:42", "bulletinFamily": "scanner", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n mozilla\n mozilla-devel\n mozilla-dom-inspector\n mozilla-irc\n mozilla-mail\n mozilla-venkman\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5060741 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "modified": "2018-04-06T00:00:00", "published": "2009-10-27T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231066072", "id": "OPENVAS:136141256231066072", "title": "SLES9: Security update for epiphany", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5060741.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Security update for epiphany\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n mozilla\n mozilla-devel\n mozilla-dom-inspector\n mozilla-irc\n mozilla-mail\n mozilla-venkman\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5060741 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.66072\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-27 01:37:56 +0100 (Tue, 27 Oct 2009)\");\n script_cve_id(\"CVE-2009-2404\", \"CVE-2009-2408\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"SLES9: Security update for epiphany\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"mozilla\", rpm:\"mozilla~1.8_seamonkey_1.1.18~0.1\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:38:25", "bulletinFamily": "scanner", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n mozilla-nspr\n mozilla-nspr-devel\n mozilla-nss\n mozilla-nss-devel\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/", "modified": "2018-04-06T00:00:00", "published": "2009-10-27T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231066076", "id": "OPENVAS:136141256231066076", "title": "SLES10: Security update for Mozilla NSS", "type": "openvas", "sourceData": "#\n#VID slesp2-mozilla-nspr-6541\n# OpenVAS Vulnerability Test\n# $\n# Description: Security update for Mozilla NSS\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n mozilla-nspr\n mozilla-nspr-devel\n mozilla-nss\n mozilla-nss-devel\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.66076\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-27 01:37:56 +0100 (Tue, 27 Oct 2009)\");\n script_cve_id(\"CVE-2009-2404\", \"CVE-2009-2408\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"SLES10: Security update for Mozilla NSS\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"mozilla-nspr\", rpm:\"mozilla-nspr~4.8~1.4.2\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-nspr-devel\", rpm:\"mozilla-nspr-devel~4.8~1.4.2\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-nss\", rpm:\"mozilla-nss~3.12.3.1~1.4.2\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-nss-devel\", rpm:\"mozilla-nss-devel~3.12.3.1~1.4.2\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-26T08:55:36", "bulletinFamily": "scanner", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n mozilla-nspr\n mozilla-nspr-devel\n mozilla-nss\n mozilla-nss-devel\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/", "modified": "2017-07-11T00:00:00", "published": "2009-10-27T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=66076", "id": "OPENVAS:66076", "title": "SLES10: Security update for Mozilla NSS", "type": "openvas", "sourceData": "#\n#VID slesp2-mozilla-nspr-6541\n# OpenVAS Vulnerability Test\n# $\n# Description: Security update for Mozilla NSS\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n mozilla-nspr\n mozilla-nspr-devel\n mozilla-nss\n mozilla-nss-devel\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n\nif(description)\n{\n script_id(66076);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-27 01:37:56 +0100 (Tue, 27 Oct 2009)\");\n script_cve_id(\"CVE-2009-2404\", \"CVE-2009-2408\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"SLES10: Security update for Mozilla NSS\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"mozilla-nspr\", rpm:\"mozilla-nspr~4.8~1.4.2\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-nspr-devel\", rpm:\"mozilla-nspr-devel~4.8~1.4.2\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-nss\", rpm:\"mozilla-nss~3.12.3.1~1.4.2\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-nss-devel\", rpm:\"mozilla-nss-devel~3.12.3.1~1.4.2\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-22T13:05:56", "bulletinFamily": "scanner", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-915-1", "modified": "2018-01-22T00:00:00", "published": "2010-03-22T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840402", "id": "OPENVAS:1361412562310840402", "title": "Ubuntu Update for thunderbird vulnerabilities USN-915-1", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_915_1.nasl 8485 2018-01-22 07:57:57Z teissa $\n#\n# Ubuntu Update for thunderbird vulnerabilities USN-915-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several flaws were discovered in the JavaScript engine of Thunderbird. If a\n user had JavaScript enabled and were tricked into viewing malicious web\n content, a remote attacker could cause a denial of service or possibly\n execute arbitrary code with the privileges of the user invoking the\n program. (CVE-2009-0689, CVE-2009-2463, CVE-2009-3075)\n\n Josh Soref discovered that the BinHex decoder used in Thunderbird contained\n a flaw. If a user were tricked into viewing malicious content, a remote\n attacker could cause a denial of service or possibly execute arbitrary code\n with the privileges of the user invoking the program. (CVE-2009-3072)\n \n It was discovered that Thunderbird did not properly manage memory when\n using XUL tree elements. If a user were tricked into viewing malicious\n content, a remote attacker could cause a denial of service or possibly\n execute arbitrary code with the privileges of the user invoking the\n program. (CVE-2009-3077)\n \n Jesse Ruderman and Sid Stamm discovered that Thunderbird did not properly\n display filenames containing right-to-left (RTL) override characters. If a\n user were tricked into opening a malicious file with a crafted filename, an\n attacker could exploit this to trick the user into opening a different file\n than the user expected. (CVE-2009-3376)\n \n Takehiro Takahashi discovered flaws in the NTLM implementation in\n Thunderbird. If an NTLM authenticated user opened content containing links\n to a malicious website, a remote attacker could send requests to other\n applications, authenticated as the user. (CVE-2009-3983)\n \n Ludovic Hirlimann discovered a flaw in the way Thunderbird indexed certain\n messages with attachments. A remote attacker could send specially crafted\n content and cause a denial of service or possibly execute arbitrary code\n with the privileges of the user invoking the program. (CVE-2010-0163)\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-915-1\";\ntag_affected = \"thunderbird vulnerabilities on Ubuntu 8.04 LTS ,\n Ubuntu 8.10 ,\n Ubuntu 9.04 ,\n Ubuntu 9.10\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-915-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.840402\");\n script_version(\"$Revision: 8485 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-22 08:57:57 +0100 (Mon, 22 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-03-22 11:34:53 +0100 (Mon, 22 Mar 2010)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"USN\", value: \"915-1\");\n script_cve_id(\"CVE-2009-0689\", \"CVE-2009-2463\", \"CVE-2009-3072\", \"CVE-2009-3075\", \"CVE-2009-3077\", \"CVE-2009-3376\", \"CVE-2009-3983\", \"CVE-2010-0163\");\n script_name(\"Ubuntu Update for thunderbird vulnerabilities USN-915-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU9.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"thunderbird-dev\", ver:\"2.0.0.24+build1+nobinonly-0ubuntu0.9.04.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"thunderbird-gnome-support\", ver:\"2.0.0.24+build1+nobinonly-0ubuntu0.9.04.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"thunderbird\", ver:\"2.0.0.24+build1+nobinonly-0ubuntu0.9.04.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"mozilla-thunderbird-dev\", ver:\"2.0.0.24+build1+nobinonly-0ubuntu0.9.04.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"mozilla-thunderbird\", ver:\"2.0.0.24+build1+nobinonly-0ubuntu0.9.04.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU8.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"thunderbird-dev\", ver:\"2.0.0.24+build1+nobinonly-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"thunderbird-gnome-support\", ver:\"2.0.0.24+build1+nobinonly-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"thunderbird\", ver:\"2.0.0.24+build1+nobinonly-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"mozilla-thunderbird-dev\", ver:\"2.0.0.24+build1+nobinonly-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"mozilla-thunderbird\", ver:\"2.0.0.24+build1+nobinonly-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU8.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"thunderbird-dev\", ver:\"2.0.0.24+build1+nobinonly-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"thunderbird-gnome-support\", ver:\"2.0.0.24+build1+nobinonly-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"thunderbird\", ver:\"2.0.0.24+build1+nobinonly-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"mozilla-thunderbird-dev\", ver:\"2.0.0.24+build1+nobinonly-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"mozilla-thunderbird\", ver:\"2.0.0.24+build1+nobinonly-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU9.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"thunderbird-dev\", ver:\"2.0.0.24+build1+nobinonly-0ubuntu0.9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"thunderbird-gnome-support\", ver:\"2.0.0.24+build1+nobinonly-0ubuntu0.9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"thunderbird\", ver:\"2.0.0.24+build1+nobinonly-0ubuntu0.9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"mozilla-thunderbird-dev\", ver:\"2.0.0.24+build1+nobinonly-0ubuntu0.9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"mozilla-thunderbird\", ver:\"2.0.0.24+build1+nobinonly-0ubuntu0.9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-04T11:18:03", "bulletinFamily": "scanner", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-915-1", "modified": "2017-12-01T00:00:00", "published": "2010-03-22T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=840402", "id": "OPENVAS:840402", "title": "Ubuntu Update for thunderbird vulnerabilities USN-915-1", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_915_1.nasl 7965 2017-12-01 07:38:25Z santu $\n#\n# Ubuntu Update for thunderbird vulnerabilities USN-915-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several flaws were discovered in the JavaScript engine of Thunderbird. If a\n user had JavaScript enabled and were tricked into viewing malicious web\n content, a remote attacker could cause a denial of service or possibly\n execute arbitrary code with the privileges of the user invoking the\n program. (CVE-2009-0689, CVE-2009-2463, CVE-2009-3075)\n\n Josh Soref discovered that the BinHex decoder used in Thunderbird contained\n a flaw. If a user were tricked into viewing malicious content, a remote\n attacker could cause a denial of service or possibly execute arbitrary code\n with the privileges of the user invoking the program. (CVE-2009-3072)\n \n It was discovered that Thunderbird did not properly manage memory when\n using XUL tree elements. If a user were tricked into viewing malicious\n content, a remote attacker could cause a denial of service or possibly\n execute arbitrary code with the privileges of the user invoking the\n program. (CVE-2009-3077)\n \n Jesse Ruderman and Sid Stamm discovered that Thunderbird did not properly\n display filenames containing right-to-left (RTL) override characters. If a\n user were tricked into opening a malicious file with a crafted filename, an\n attacker could exploit this to trick the user into opening a different file\n than the user expected. (CVE-2009-3376)\n \n Takehiro Takahashi discovered flaws in the NTLM implementation in\n Thunderbird. If an NTLM authenticated user opened content containing links\n to a malicious website, a remote attacker could send requests to other\n applications, authenticated as the user. (CVE-2009-3983)\n \n Ludovic Hirlimann discovered a flaw in the way Thunderbird indexed certain\n messages with attachments. A remote attacker could send specially crafted\n content and cause a denial of service or possibly execute arbitrary code\n with the privileges of the user invoking the program. (CVE-2010-0163)\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-915-1\";\ntag_affected = \"thunderbird vulnerabilities on Ubuntu 8.04 LTS ,\n Ubuntu 8.10 ,\n Ubuntu 9.04 ,\n Ubuntu 9.10\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-915-1/\");\n script_id(840402);\n script_version(\"$Revision: 7965 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 08:38:25 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-03-22 11:34:53 +0100 (Mon, 22 Mar 2010)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"USN\", value: \"915-1\");\n script_cve_id(\"CVE-2009-0689\", \"CVE-2009-2463\", \"CVE-2009-3072\", \"CVE-2009-3075\", \"CVE-2009-3077\", \"CVE-2009-3376\", \"CVE-2009-3983\", \"CVE-2010-0163\");\n script_name(\"Ubuntu Update for thunderbird vulnerabilities USN-915-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU9.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"thunderbird-dev\", ver:\"2.0.0.24+build1+nobinonly-0ubuntu0.9.04.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"thunderbird-gnome-support\", ver:\"2.0.0.24+build1+nobinonly-0ubuntu0.9.04.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"thunderbird\", ver:\"2.0.0.24+build1+nobinonly-0ubuntu0.9.04.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"mozilla-thunderbird-dev\", ver:\"2.0.0.24+build1+nobinonly-0ubuntu0.9.04.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"mozilla-thunderbird\", ver:\"2.0.0.24+build1+nobinonly-0ubuntu0.9.04.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU8.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"thunderbird-dev\", ver:\"2.0.0.24+build1+nobinonly-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"thunderbird-gnome-support\", ver:\"2.0.0.24+build1+nobinonly-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"thunderbird\", ver:\"2.0.0.24+build1+nobinonly-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"mozilla-thunderbird-dev\", ver:\"2.0.0.24+build1+nobinonly-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"mozilla-thunderbird\", ver:\"2.0.0.24+build1+nobinonly-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU8.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"thunderbird-dev\", ver:\"2.0.0.24+build1+nobinonly-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"thunderbird-gnome-support\", ver:\"2.0.0.24+build1+nobinonly-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"thunderbird\", ver:\"2.0.0.24+build1+nobinonly-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"mozilla-thunderbird-dev\", ver:\"2.0.0.24+build1+nobinonly-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"mozilla-thunderbird\", ver:\"2.0.0.24+build1+nobinonly-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU9.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"thunderbird-dev\", ver:\"2.0.0.24+build1+nobinonly-0ubuntu0.9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"thunderbird-gnome-support\", ver:\"2.0.0.24+build1+nobinonly-0ubuntu0.9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"thunderbird\", ver:\"2.0.0.24+build1+nobinonly-0ubuntu0.9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"mozilla-thunderbird-dev\", ver:\"2.0.0.24+build1+nobinonly-0ubuntu0.9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"mozilla-thunderbird\", ver:\"2.0.0.24+build1+nobinonly-0ubuntu0.9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-27T10:56:34", "bulletinFamily": "scanner", "description": "The remote host is missing updates announced in\nadvisory RHSA-2009:1190.\n\nNetscape Portable Runtime (NSPR) provides platform independence for non-GUI\noperating system facilities. These facilities include threads, thread\nsynchronization, normal file and network I/O, interval timing, calendar\ntime, basic memory management (malloc and free), and shared library linking.\n\nNetwork Security Services (NSS) is a set of libraries designed to support\nthe cross-platform development of security-enabled client and server\napplications. Applications built with NSS can support SSLv2, SSLv3, TLS,\nand other security standards.\n\nThese updated packages upgrade NSS from the previous version, 3.12.2, to a\nprerelease of version 3.12.4. The version of NSPR has also been upgraded\nfrom 4.7.3 to 4.7.4.\n\nFor details on the issues address in this update, please visit the\nreferenced security advisories.\n\nAll users of nspr and nss are advised to upgrade to these updated packages,\nwhich resolve these issues.", "modified": "2017-07-12T00:00:00", "published": "2009-08-17T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=64513", "id": "OPENVAS:64513", "title": "RedHat Security Advisory RHSA-2009:1190", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: RHSA_2009_1190.nasl 6683 2017-07-12 09:41:57Z cfischer $\n# Description: Auto-generated from advisory RHSA-2009:1190 ()\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates announced in\nadvisory RHSA-2009:1190.\n\nNetscape Portable Runtime (NSPR) provides platform independence for non-GUI\noperating system facilities. These facilities include threads, thread\nsynchronization, normal file and network I/O, interval timing, calendar\ntime, basic memory management (malloc and free), and shared library linking.\n\nNetwork Security Services (NSS) is a set of libraries designed to support\nthe cross-platform development of security-enabled client and server\napplications. Applications built with NSS can support SSLv2, SSLv3, TLS,\nand other security standards.\n\nThese updated packages upgrade NSS from the previous version, 3.12.2, to a\nprerelease of version 3.12.4. The version of NSPR has also been upgraded\nfrom 4.7.3 to 4.7.4.\n\nFor details on the issues address in this update, please visit the\nreferenced security advisories.\n\nAll users of nspr and nss are advised to upgrade to these updated packages,\nwhich resolve these issues.\";\n\ntag_solution = \"Please note that this update is available via\nRed Hat Network. To use Red Hat Network, launch the Red\nHat Update Agent with the following command: up2date\";\n\n\n\nif(description)\n{\n script_id(64513);\n script_version(\"$Revision: 6683 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:41:57 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-08-17 16:54:45 +0200 (Mon, 17 Aug 2009)\");\n script_cve_id(\"CVE-2009-2404\", \"CVE-2009-2408\", \"CVE-2009-2409\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"RedHat Security Advisory RHSA-2009:1190\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://rhn.redhat.com/errata/RHSA-2009-1190.html\");\n script_xref(name : \"URL\" , value : \"http://www.redhat.com/security/updates/classification/#critical\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"nspr\", rpm:\"nspr~4.7.4~1.el4_7.1\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nspr-debuginfo\", rpm:\"nspr-debuginfo~4.7.4~1.el4_7.1\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nspr-devel\", rpm:\"nspr-devel~4.7.4~1.el4_7.1\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nss\", rpm:\"nss~3.12.3.99.3~1.el4_7.6\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nss-debuginfo\", rpm:\"nss-debuginfo~3.12.3.99.3~1.el4_7.6\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nss-devel\", rpm:\"nss-devel~3.12.3.99.3~1.el4_7.6\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "cve": [{"lastseen": "2019-05-29T18:09:59", "bulletinFamily": "NVD", "description": "Multiple integer overflows in the (1) PL_Base64Decode and (2) PL_Base64Encode functions in nsprpub/lib/libc/src/base64.c in Mozilla Firefox before 3.0.12, Thunderbird before 2.0.0.24, and SeaMonkey before 1.1.19 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors that trigger buffer overflows.", "modified": "2018-10-30T16:25:00", "id": "CVE-2009-2463", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2463", "published": "2009-07-22T18:30:00", "title": "CVE-2009-2463", "type": "cve", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:09:59", "bulletinFamily": "NVD", "description": "Heap-based buffer overflow in a regular-expression parser in Mozilla Network Security Services (NSS) before 3.12.3, as used in Firefox, Thunderbird, SeaMonkey, Evolution, Pidgin, and AOL Instant Messenger (AIM), allows remote SSL servers to cause a denial of service (application crash) or possibly execute arbitrary code via a long domain name in the subject's Common Name (CN) field of an X.509 certificate, related to the cert_TestHostName function.", "modified": "2018-10-03T22:00:00", "id": "CVE-2009-2404", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2404", "published": "2009-08-03T14:30:00", "title": "CVE-2009-2404", "type": "cve", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:10:00", "bulletinFamily": "NVD", "description": "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.14 and 3.5.x before 3.5.3, Thunderbird before 2.0.0.24, and SeaMonkey before 1.1.19 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the BinHex decoder in netwerk/streamconv/converters/nsBinHexDecoder.cpp, and unknown vectors.", "modified": "2017-09-19T01:29:00", "id": "CVE-2009-3072", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3072", "published": "2009-09-10T21:30:00", "title": "CVE-2009-3072", "type": "cve", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:09:59", "bulletinFamily": "NVD", "description": "Mozilla Network Security Services (NSS) before 3.12.3, Firefox before 3.0.13, Thunderbird before 2.0.0.23, and SeaMonkey before 1.1.18 do not properly handle a '\\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. NOTE: this was originally reported for Firefox before 3.5.", "modified": "2018-10-03T22:00:00", "id": "CVE-2009-2408", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2408", "published": "2009-07-30T19:30:00", "title": "CVE-2009-2408", "type": "cve", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:10:00", "bulletinFamily": "NVD", "description": "Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox before 3.0.14 and 3.5.x before 3.5.2, Thunderbird before 2.0.0.24, and SeaMonkey before 1.1.19 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to use of mutable strings in the js_StringReplaceHelper function in js/src/jsstr.cpp, and unknown vectors.", "modified": "2017-09-19T01:29:00", "id": "CVE-2009-3075", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3075", "published": "2009-09-10T21:30:00", "title": "CVE-2009-3075", "type": "cve", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:10:25", "bulletinFamily": "NVD", "description": "Mozilla Thunderbird before 2.0.0.24 and SeaMonkey before 1.1.19 process e-mail attachments with a parser that performs casts and line termination incorrectly, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted message, related to message indexing.", "modified": "2017-09-19T01:30:00", "id": "CVE-2010-0163", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0163", "published": "2010-03-23T00:53:00", "title": "CVE-2010-0163", "type": "cve", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:34", "bulletinFamily": "software", "description": "Mozilla Foundation Security Advisory 2010-07\r\n\r\nTitle: Fixes for potentially exploitable crashes ported to the legacy branch\r\nImpact: Critical\r\nAnnounced: March 16, 2010\r\nReporter: Mozilla developers and community\r\nProducts: Thunderbird, SeaMonkey\r\n\r\nFixed in: Thunderbird 2.0.0.24\r\nSeaMonkey 1.1.19\r\nDescription\r\n\r\nMozilla developers took fixes from previously fixed memory safety bugs in newer Mozilla-based products and ported them to the Mozilla 1.8.1 branch so they can be utilized by Thunderbird 2 and SeaMonkey 1.1.\r\nReferences\r\n\r\nPaul Fisher reported a crash when joined to an Active Directory server under Vista or Windows 7 and using SSPI authentication.\r\n\r\n * SSPI auth crash\r\n * CVE-2010-0161\r\n\r\nLudovic Hirlimann reported a crash indexing some messages with attachments\r\n\r\n * Mime attachment crash\r\n * CVE-2010-0163\r\n\r\nCarsten Book reported a crash in the JavaScript engine\r\n\r\n * https://bugzilla.mozilla.org/show_bug.cgi?id=505305\r\n * CVE-2009-3075\r\n\r\nJosh Soref reported a crash in the BinHex decoder used on non-Mac platforms.\r\n\r\n * https://bugzilla.mozilla.org/show_bug.cgi?id=508074\r\n * CVE-2009-3072\r\n\r\nmonarch2000 reported an integer overflow in a base64 decoding function\r\n\r\n * https://bugzilla.mozilla.org/show_bug.cgi?id=492779\r\n * CVE-2009-2463\r\n", "modified": "2010-04-06T00:00:00", "published": "2010-04-06T00:00:00", "id": "SECURITYVULNS:DOC:23546", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:23546", "title": "Mozilla Foundation Security Advisory 2010-07", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "ubuntu": [{"lastseen": "2019-05-29T17:22:24", "bulletinFamily": "unix", "description": "Several flaws were discovered in the JavaScript engine of Thunderbird. If a user had JavaScript enabled and were tricked into viewing malicious web content, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-0689, CVE-2009-2463, CVE-2009-3075)\n\nJosh Soref discovered that the BinHex decoder used in Thunderbird contained a flaw. If a user were tricked into viewing malicious content, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-3072)\n\nIt was discovered that Thunderbird did not properly manage memory when using XUL tree elements. If a user were tricked into viewing malicious content, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-3077)\n\nJesse Ruderman and Sid Stamm discovered that Thunderbird did not properly display filenames containing right-to-left (RTL) override characters. If a user were tricked into opening a malicious file with a crafted filename, an attacker could exploit this to trick the user into opening a different file than the user expected. (CVE-2009-3376)\n\nTakehiro Takahashi discovered flaws in the NTLM implementation in Thunderbird. If an NTLM authenticated user opened content containing links to a malicious website, a remote attacker could send requests to other applications, authenticated as the user. (CVE-2009-3983)\n\nLudovic Hirlimann discovered a flaw in the way Thunderbird indexed certain messages with attachments. A remote attacker could send specially crafted content and cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-0163)", "modified": "2010-03-18T00:00:00", "published": "2010-03-18T00:00:00", "id": "USN-915-1", "href": "https://usn.ubuntu.com/915-1/", "title": "Thunderbird vulnerabilities", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T17:21:37", "bulletinFamily": "unix", "description": "Moxie Marlinspike discovered that NSS did not properly handle regular expressions in certificate names. A remote attacker could create a specially crafted certificate to cause a denial of service (via application crash) or execute arbitrary code as the user invoking the program. (CVE-2009-2404)\n\nMoxie Marlinspike and Dan Kaminsky independently discovered that NSS did not properly handle certificates with NULL characters in the certificate name. An attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications. (CVE-2009-2408)\n\nDan Kaminsky discovered NSS would still accept certificates with MD2 hash signatures. As a result, an attacker could potentially create a malicious trusted certificate to impersonate another site. (CVE-2009-2409)", "modified": "2009-08-04T00:00:00", "published": "2009-08-04T00:00:00", "id": "USN-810-1", "href": "https://usn.ubuntu.com/810-1/", "title": "NSS vulnerabilities", "type": "ubuntu", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T17:23:29", "bulletinFamily": "unix", "description": "USN-810-1 fixed vulnerabilities in NSS. Jozsef Kadlecsik noticed that the new libraries on amd64 did not correctly set stack memory flags, and caused applications using NSS (e.g. Firefox) to have an executable stack. This reduced the effectiveness of some defensive security protections. This update fixes the problem.\n\nWe apologize for the inconvenience.\n\nOriginal advisory details:\n\nMoxie Marlinspike discovered that NSS did not properly handle regular expressions in certificate names. A remote attacker could create a specially crafted certificate to cause a denial of service (via application crash) or execute arbitrary code as the user invoking the program. (CVE-2009-2404)\n\nMoxie Marlinspike and Dan Kaminsky independently discovered that NSS did not properly handle certificates with NULL characters in the certificate name. An attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications. (CVE-2009-2408)\n\nDan Kaminsky discovered NSS would still accept certificates with MD2 hash signatures. As a result, an attacker could potentially create a malicious trusted certificate to impersonate another site. (CVE-2009-2409)", "modified": "2009-09-02T00:00:00", "published": "2009-09-02T00:00:00", "id": "USN-810-3", "href": "https://usn.ubuntu.com/810-3/", "title": "NSS regression", "type": "ubuntu", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T17:21:00", "bulletinFamily": "unix", "description": "USN-810-1 fixed vulnerabilities in NSS. This update provides the NSPR needed to use the new NSS.\n\nOriginal advisory details:\n\nMoxie Marlinspike discovered that NSS did not properly handle regular expressions in certificate names. A remote attacker could create a specially crafted certificate to cause a denial of service (via application crash) or execute arbitrary code as the user invoking the program. (CVE-2009-2404)\n\nMoxie Marlinspike and Dan Kaminsky independently discovered that NSS did not properly handle certificates with NULL characters in the certificate name. An attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications. (CVE-2009-2408)\n\nDan Kaminsky discovered NSS would still accept certificates with MD2 hash signatures. As a result, an attacker could potentially create a malicious trusted certificate to impersonate another site. (CVE-2009-2409)", "modified": "2009-08-04T00:00:00", "published": "2009-08-04T00:00:00", "id": "USN-810-2", "href": "https://usn.ubuntu.com/810-2/", "title": "NSPR update", "type": "ubuntu", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:38:22", "bulletinFamily": "unix", "description": "nspr:\n[4.7.4-1.el5_3.1]\n- create z-stream version\n[4.7.4-1]\n- Update to NSPR 4.7.4\nnss:\n[3.12.3.99.3-1.0.1.el5_3.2]\n- Update clean.gif in the nss-3.12.3.99.3-stripped.tar.bz2 tarball\n[3.12.3.99.3-1.el5_3.2]\n- adjust ssl cipher count constant (bug 505650)\n[3.12.3.99.3-1.el5_3.1]\n- create z-stream version\n[3.12.3.99.3-1]\n- updated to NSS_3_12_4_FIPS1_WITH_CKBI_1_75\n[3.12.3-5]\n- updated patch to seckey\n[3.12.3-4]\n- add a patch to seckey\n[3.12.3-3]\n- remove references to SEED\n[3.12.3-2]\n- update to NSS 3.12.3", "modified": "2009-07-21T00:00:00", "published": "2009-07-21T00:00:00", "id": "ELSA-2009-1186", "href": "http://linux.oracle.com/errata/ELSA-2009-1186.html", "title": "nspr and nss security, bug fix, and enhancement update", "type": "oraclelinux", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:25", "bulletinFamily": "unix", "description": " \nnspr:\r\n \n[4.7.4-1.el5_3.1]\r\n- create z-stream version\r\n \n[4.7.4-1]\r\n- Update to NSPR 4.7.4\r\n \nnss:\r\n \n[3.12.3.99.3-1.el5_3.2]\r\n- adjust ssl cipher count constant (bug 505650)\r\n \n[3.12.3.99.3-1.el5_3.1]\r\n- create z-stream version\r\n \n[3.12.3.99.3-1]\r\n- updated to NSS_3_12_4_FIPS1_WITH_CKBI_1_75\r\n \n[3.12.3-5]\r\n- updated patch to seckey\r\n \n[3.12.3-4]\r\n- add a patch to seckey\r\n \n[3.12.3-3]\r\n- remove references to SEED\r\n \n[3.12.3-2]\r\n- update to NSS 3.12.3", "modified": "2009-07-30T00:00:00", "published": "2009-07-30T00:00:00", "id": "ELSA-2009-1184", "href": "http://linux.oracle.com/errata/ELSA-2009-1184.html", "title": "nspr and nss security and bug fix update", "type": "oraclelinux", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "redhat": [{"lastseen": "2019-08-13T18:46:25", "bulletinFamily": "unix", "description": "Netscape Portable Runtime (NSPR) provides platform independence for non-GUI\noperating system facilities. These facilities include threads, thread\nsynchronization, normal file and network I/O, interval timing, calendar\ntime, basic memory management (malloc and free), and shared library linking.\n\nNetwork Security Services (NSS) is a set of libraries designed to support\nthe cross-platform development of security-enabled client and server\napplications. Applications built with NSS can support SSLv2, SSLv3, TLS,\nand other security standards.\n\nThese updated packages upgrade NSS from the previous version, 3.12.2, to a\nprerelease of version 3.12.4. The version of NSPR has also been upgraded\nfrom 4.7.3 to 4.7.4.\n\nMoxie Marlinspike reported a heap overflow flaw in a regular expression\nparser in the NSS library used by browsers such as Mozilla Firefox to match\ncommon names in certificates. A malicious website could present a\ncarefully-crafted certificate in such a way as to trigger the heap\noverflow, leading to a crash or, possibly, arbitrary code execution with\nthe permissions of the user running the browser. (CVE-2009-2404)\n\nNote: in order to exploit this issue without further user interaction in\nFirefox, the carefully-crafted certificate would need to be signed by a\nCertificate Authority trusted by Firefox, otherwise Firefox presents the\nvictim with a warning that the certificate is untrusted. Only if the user\nthen accepts the certificate will the overflow take place.\n\nDan Kaminsky discovered flaws in the way browsers such as Firefox handle\nNULL characters in a certificate. If an attacker is able to get a\ncarefully-crafted certificate signed by a Certificate Authority trusted by\nFirefox, the attacker could use the certificate during a man-in-the-middle\nattack and potentially confuse Firefox into accepting it by mistake.\n(CVE-2009-2408)\n\nDan Kaminsky found that browsers still accept certificates with MD2 hash\nsignatures, even though MD2 is no longer considered a cryptographically\nstrong algorithm. This could make it easier for an attacker to create a\nmalicious certificate that would be treated as trusted by a browser. NSS\nnow disables the use of MD2 and MD4 algorithms inside signatures by\ndefault. (CVE-2009-2409)\n\nThese version upgrades also provide fixes for the following bugs:\n\n* SSL client authentication failed against an Apache server when it was \nusing the mod_nss module and configured for NSSOCSP. On the client side,\nthe user agent received an error message that referenced \"Error Code:\n-12271\" and stated that establishing an encrypted connection had failed\nbecause the certificate had been rejected by the host.\n\nOn the server side, the nss_error_log under /var/log/httpd/ contained the\nfollowing message:\n\n[error] Re-negotiation handshake failed: Not accepted by client!?\n\nAlso, /var/log/httpd/error_log contained this error:\n\nSSL Library Error: -8071 The OCSP server experienced an internal error\n\nWith these updated packages, the dependency problem which caused this\nfailure has been resolved so that SSL client authentication with an\nApache web server using mod_nss which is configured for NSSOCSP succeeds\nas expected. Note that if the presented client certificate is expired,\nthen access is denied, the user agent is presented with an error message\nabout the invalid certificate, and the OCSP queries are seen in the OCSP\nresponder. Also, similar OCSP status verification happens for SSL server\ncertificates used in Apache upon instance start or restart. (BZ#508026)\n\n* NSS uses a software integrity test to detect code corruption. RPM\ntransactions and system link optimization daemons (such as prelink) can\nchange the contents of libraries, causing the software integrity test to\nfail. In combination with the updated prelink package (RHBA-2009:1041),\nthese updated packages can now prevent software integrity test failures.\n(BZ#495938)\n\nAll users of nspr and nss are advised to upgrade to these updated packages,\nwhich resolve these issues.", "modified": "2017-09-08T12:09:31", "published": "2009-07-31T04:00:00", "id": "RHSA-2009:1190", "href": "https://access.redhat.com/errata/RHSA-2009:1190", "type": "redhat", "title": "(RHSA-2009:1190) Critical: nspr and nss security and bug fix update", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:45:15", "bulletinFamily": "unix", "description": "Netscape Portable Runtime (NSPR) provides platform independence for non-GUI\noperating system facilities. These facilities include threads, thread\nsynchronization, normal file and network I/O, interval timing, calendar\ntime, basic memory management (malloc and free), and shared library linking.\n\nNetwork Security Services (NSS) is a set of libraries designed to support\nthe cross-platform development of security-enabled client and server\napplications. Applications built with NSS can support SSLv2, SSLv3, TLS,\nand other security standards.\n\nThese updated packages upgrade NSS from the previous version, 3.12.2, to a\nprerelease of version 3.12.4. The version of NSPR has also been upgraded\nfrom 4.7.3 to 4.7.4. \n\nMoxie Marlinspike reported a heap overflow flaw in a regular expression\nparser in the NSS library used by browsers such as Mozilla Firefox to match\ncommon names in certificates. A malicious website could present a\ncarefully-crafted certificate in such a way as to trigger the heap\noverflow, leading to a crash or, possibly, arbitrary code execution with\nthe permissions of the user running the browser. (CVE-2009-2404)\n\nNote: in order to exploit this issue without further user interaction in\nFirefox, the carefully-crafted certificate would need to be signed by a\nCertificate Authority trusted by Firefox, otherwise Firefox presents the\nvictim with a warning that the certificate is untrusted. Only if the user\nthen accepts the certificate will the overflow take place.\n\nDan Kaminsky discovered flaws in the way browsers such as Firefox handle\nNULL characters in a certificate. If an attacker is able to get a\ncarefully-crafted certificate signed by a Certificate Authority trusted by\nFirefox, the attacker could use the certificate during a man-in-the-middle\nattack and potentially confuse Firefox into accepting it by mistake.\n(CVE-2009-2408)\n\nDan Kaminsky found that browsers still accept certificates with MD2 hash\nsignatures, even though MD2 is no longer considered a cryptographically\nstrong algorithm. This could make it easier for an attacker to create a\nmalicious certificate that would be treated as trusted by a browser. NSS\nnow disables the use of MD2 and MD4 algorithms inside signatures by\ndefault. (CVE-2009-2409)\n\nAll users of nspr and nss are advised to upgrade to these updated packages,\nwhich resolve these issues and add an enhancement.", "modified": "2017-09-08T11:51:45", "published": "2009-07-30T04:00:00", "id": "RHSA-2009:1186", "href": "https://access.redhat.com/errata/RHSA-2009:1186", "type": "redhat", "title": "(RHSA-2009:1186) Critical: nspr and nss security, bug fix, and enhancement update", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:46:46", "bulletinFamily": "unix", "description": "Netscape Portable Runtime (NSPR) provides platform independence for non-GUI\noperating system facilities. These facilities include threads, thread\nsynchronization, normal file and network I/O, interval timing, calendar\ntime, basic memory management (malloc and free), and shared library linking.\n\nNetwork Security Services (NSS) is a set of libraries designed to support\nthe cross-platform development of security-enabled client and server\napplications. Applications built with NSS can support SSLv2, SSLv3, TLS,\nand other security standards.\n\nThese updated packages upgrade NSS from the previous version, 3.12.2, to a\nprerelease of version 3.12.4. The version of NSPR has also been upgraded\nfrom 4.7.3 to 4.7.4. \n\nMoxie Marlinspike reported a heap overflow flaw in a regular expression\nparser in the NSS library used by browsers such as Mozilla Firefox to match\ncommon names in certificates. A malicious website could present a\ncarefully-crafted certificate in such a way as to trigger the heap\noverflow, leading to a crash or, possibly, arbitrary code execution with\nthe permissions of the user running the browser. (CVE-2009-2404)\n\nNote: in order to exploit this issue without further user interaction in\nFirefox, the carefully-crafted certificate would need to be signed by a\nCertificate Authority trusted by Firefox, otherwise Firefox presents the\nvictim with a warning that the certificate is untrusted. Only if the user\nthen accepts the certificate will the overflow take place.\n\nDan Kaminsky discovered flaws in the way browsers such as Firefox handle\nNULL characters in a certificate. If an attacker is able to get a\ncarefully-crafted certificate signed by a Certificate Authority trusted by\nFirefox, the attacker could use the certificate during a man-in-the-middle\nattack and potentially confuse Firefox into accepting it by mistake.\n(CVE-2009-2408)\n\nDan Kaminsky found that browsers still accept certificates with MD2 hash\nsignatures, even though MD2 is no longer considered a cryptographically\nstrong algorithm. This could make it easier for an attacker to create a\nmalicious certificate that would be treated as trusted by a browser. NSS\nnow disables the use of MD2 and MD4 algorithms inside signatures by\ndefault. (CVE-2009-2409)\n\nThese version upgrades also provide a fix for the following bug:\n\n* SSL client authentication failed against an Apache server when it was \nusing the mod_nss module and configured for NSSOCSP. On the client side,\nthe user agent received an error message that referenced \"Error Code:\n-12271\" and stated that establishing an encrypted connection had failed\nbecause the certificate had been rejected by the host.\n\nOn the server side, the nss_error_log under /var/log/httpd/ contained the\nfollowing message:\n\n[error] Re-negotiation handshake failed: Not accepted by client!?\n\nAlso, /var/log/httpd/error_log contained this error:\n\nSSL Library Error: -8071 The OCSP server experienced an internal error\n\nWith these updated packages, the dependency problem which caused this\nfailure has been resolved so that SSL client authentication with an\nApache web server using mod_nss which is configured for NSSOCSP succeeds\nas expected. Note that if the presented client certificate is expired,\nthen access is denied, the user agent is presented with an error message\nabout the invalid certificate, and the OCSP queries are seen in the OCSP\nresponder. Also, similar OCSP status verification happens for SSL server\ncertificates used in Apache upon instance start or restart. (BZ#508027)\n\nAll users of nspr and nss are advised to upgrade to these updated packages,\nwhich resolve these issues.", "modified": "2017-09-08T12:20:20", "published": "2009-07-30T04:00:00", "id": "RHSA-2009:1184", "href": "https://access.redhat.com/errata/RHSA-2009:1184", "type": "redhat", "title": "(RHSA-2009:1184) Critical: nspr and nss security and bug fix update", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:44:46", "bulletinFamily": "unix", "description": "Netscape Portable Runtime (NSPR) provides platform independence for non-GUI\noperating system facilities. These facilities include threads, thread\nsynchronization, normal file and network I/O, interval timing, calendar\ntime, basic memory management (malloc and free), and shared library linking.\n\nNetwork Security Services (NSS) is a set of libraries designed to support\nthe cross-platform development of security-enabled client and server\napplications. Applications built with NSS can support SSLv2, SSLv3, TLS,\nand other security standards.\n\nThese updated packages upgrade NSS from the previous version, 3.12.2, to a\nprerelease of version 3.12.4. The version of NSPR has also been upgraded\nfrom 4.7.3 to 4.7.4.\n\nMoxie Marlinspike reported a heap overflow flaw in a regular expression\nparser in the NSS library used by browsers such as Mozilla Firefox to match\ncommon names in certificates. A malicious website could present a\ncarefully-crafted certificate in such a way as to trigger the heap\noverflow, leading to a crash or, possibly, arbitrary code execution with\nthe permissions of the user running the browser. (CVE-2009-2404)\n\nNote: in order to exploit this issue without further user interaction in\nFirefox, the carefully-crafted certificate would need to be signed by a\nCertificate Authority trusted by Firefox, otherwise Firefox presents the\nvictim with a warning that the certificate is untrusted. Only if the user\nthen accepts the certificate will the overflow take place.\n\nDan Kaminsky discovered flaws in the way browsers such as Firefox handle\nNULL characters in a certificate. If an attacker is able to get a\ncarefully-crafted certificate signed by a Certificate Authority trusted by\nFirefox, the attacker could use the certificate during a man-in-the-middle\nattack and potentially confuse Firefox into accepting it by mistake.\n(CVE-2009-2408)\n\nDan Kaminsky found that browsers still accept certificates with MD2 hash\nsignatures, even though MD2 is no longer considered a cryptographically\nstrong algorithm. This could make it easier for an attacker to create a\nmalicious certificate that would be treated as trusted by a browser. NSS\nnow disables the use of MD2 and MD4 algorithms inside signatures by\ndefault. (CVE-2009-2409)\n\nAll users of nspr and nss are advised to upgrade to these updated packages,\nwhich resolve these issues.", "modified": "2017-07-28T19:01:15", "published": "2009-08-12T04:00:00", "id": "RHSA-2009:1207", "href": "https://access.redhat.com/errata/RHSA-2009:1207", "type": "redhat", "title": "(RHSA-2009:1207) Critical: nspr and nss security update", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:44:52", "bulletinFamily": "unix", "description": "SeaMonkey is an open source Web browser, email and newsgroup client, IRC\nchat client, and HTML editor.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause SeaMonkey to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nSeaMonkey. (CVE-2009-3072, CVE-2009-3075)\n\nA use-after-free flaw was found in SeaMonkey. An attacker could use this\nflaw to crash SeaMonkey or, potentially, execute arbitrary code with the\nprivileges of the user running SeaMonkey. (CVE-2009-3077)\n\nDan Kaminsky discovered flaws in the way browsers such as SeaMonkey handle\nNULL characters in a certificate. If an attacker is able to get a\ncarefully-crafted certificate signed by a Certificate Authority trusted by\nSeaMonkey, the attacker could use the certificate during a\nman-in-the-middle attack and potentially confuse SeaMonkey into accepting\nit by mistake. (CVE-2009-2408)\n\nDescriptions in the dialogs when adding and removing PKCS #11 modules were\nnot informative. An attacker able to trick a user into installing a\nmalicious PKCS #11 module could use this flaw to install their own\nCertificate Authority certificates on a user's machine, making it possible\nto trick the user into believing they are viewing a trusted site or,\npotentially, execute arbitrary code with the privileges of the user running\nSeaMonkey. (CVE-2009-3076)\n\nA flaw was found in the way SeaMonkey displays the address bar when\nwindow.open() is called in a certain way. An attacker could use this flaw\nto conceal a malicious URL, possibly tricking a user into believing they\nare viewing a trusted site. (CVE-2009-2654)\n\nDan Kaminsky found that browsers still accept certificates with MD2 hash\nsignatures, even though MD2 is no longer considered a cryptographically\nstrong algorithm. This could make it easier for an attacker to create a\nmalicious certificate that would be treated as trusted by a browser. NSS\n(provided by SeaMonkey) now disables the use of MD2 and MD4 algorithms\ninside signatures by default. (CVE-2009-2409)\n\nAll SeaMonkey users should upgrade to these updated packages, which correct\nthese issues. After installing the update, SeaMonkey must be restarted for\nthe changes to take effect.", "modified": "2018-05-26T04:26:17", "published": "2009-09-09T04:00:00", "id": "RHSA-2009:1432", "href": "https://access.redhat.com/errata/RHSA-2009:1432", "type": "redhat", "title": "(RHSA-2009:1432) Critical: seamonkey security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "freebsd": [{"lastseen": "2019-05-29T18:34:08", "bulletinFamily": "unix", "description": "\nMozilla Project reports:\n\nMFSA 2010-07 Fixes for potentially exploitable crashes ported to the legacy branch\nMFSA 2010-06 Scriptable plugin execution in SeaMonkey mail\nMFSA 2009-68 NTLM reflection vulnerability\nMFSA 2009-62 Download filename spoofing with RTL override\nMFSA 2009-59 Heap buffer overflow in string to number conversion\nMFSA 2009-49 TreeColumns dangling pointer vulnerability\n\n", "modified": "2010-03-16T00:00:00", "published": "2010-03-16T00:00:00", "id": "56CFE192-329F-11DF-ABB2-000F20797EDE", "href": "https://vuxml.freebsd.org/freebsd/56cfe192-329f-11df-abb2-000f20797ede.html", "title": "mozilla -- multiple vulnerabilities", "type": "freebsd", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "centos": [{"lastseen": "2019-05-29T18:35:45", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2009:1432\n\n\nSeaMonkey is an open source Web browser, email and newsgroup client, IRC\nchat client, and HTML editor.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause SeaMonkey to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nSeaMonkey. (CVE-2009-3072, CVE-2009-3075)\n\nA use-after-free flaw was found in SeaMonkey. An attacker could use this\nflaw to crash SeaMonkey or, potentially, execute arbitrary code with the\nprivileges of the user running SeaMonkey. (CVE-2009-3077)\n\nDan Kaminsky discovered flaws in the way browsers such as SeaMonkey handle\nNULL characters in a certificate. If an attacker is able to get a\ncarefully-crafted certificate signed by a Certificate Authority trusted by\nSeaMonkey, the attacker could use the certificate during a\nman-in-the-middle attack and potentially confuse SeaMonkey into accepting\nit by mistake. (CVE-2009-2408)\n\nDescriptions in the dialogs when adding and removing PKCS #11 modules were\nnot informative. An attacker able to trick a user into installing a\nmalicious PKCS #11 module could use this flaw to install their own\nCertificate Authority certificates on a user's machine, making it possible\nto trick the user into believing they are viewing a trusted site or,\npotentially, execute arbitrary code with the privileges of the user running\nSeaMonkey. (CVE-2009-3076)\n\nA flaw was found in the way SeaMonkey displays the address bar when\nwindow.open() is called in a certain way. An attacker could use this flaw\nto conceal a malicious URL, possibly tricking a user into believing they\nare viewing a trusted site. (CVE-2009-2654)\n\nDan Kaminsky found that browsers still accept certificates with MD2 hash\nsignatures, even though MD2 is no longer considered a cryptographically\nstrong algorithm. This could make it easier for an attacker to create a\nmalicious certificate that would be treated as trusted by a browser. NSS\n(provided by SeaMonkey) now disables the use of MD2 and MD4 algorithms\ninside signatures by default. (CVE-2009-2409)\n\nAll SeaMonkey users should upgrade to these updated packages, which correct\nthese issues. After installing the update, SeaMonkey must be restarted for\nthe changes to take effect.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2009-September/016131.html\nhttp://lists.centos.org/pipermail/centos-announce/2009-September/016132.html\n\n**Affected packages:**\nseamonkey\nseamonkey-chat\nseamonkey-devel\nseamonkey-dom-inspector\nseamonkey-js-debugger\nseamonkey-mail\nseamonkey-nspr\nseamonkey-nspr-devel\nseamonkey-nss\nseamonkey-nss-devel\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2009-1432.html", "modified": "2009-09-10T12:04:17", "published": "2009-09-10T12:03:30", "href": "http://lists.centos.org/pipermail/centos-announce/2009-September/016131.html", "id": "CESA-2009:1432", "title": "seamonkey security update", "type": "centos", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}