{"bulletinFamily": "scanner", "viewCount": 1, "naslFamily": "Ubuntu Local Security Checks", "reporter": "Copyright (C) 2009 Greenbone Networks GmbH", "references": ["443-1", "http://www.ubuntu.com/usn/usn-443-1/"], "description": "Ubuntu Update for Linux kernel vulnerabilities USN-443-1", "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cvelist", "hash": "d86c71f663105caf8504b9f7168fbdd6"}, {"key": "cvss", "hash": "737e2591b537c46d1ca7ce6f0cea5cb9"}, {"key": "description", "hash": "d5601fb8e5d2f371f7ff8f8de28fe3d9"}, {"key": "href", "hash": "d7d3da1f524e71481a999a223aab99e9"}, {"key": "modified", "hash": "4177cfab30bf9f48767b3f5f7a715513"}, {"key": "naslFamily", "hash": "c9b7d00377a789a14c9bb9dab6c7168c"}, {"key": "pluginID", "hash": "87700879349291558f1fe0b80bceab38"}, {"key": "published", "hash": "77f2259c22dd85776748ef0030d5eb3c"}, {"key": "references", "hash": "da1321166d7847563349766de89f1a80"}, {"key": "reporter", "hash": "b7e844243a0b30893b9118e3563e6521"}, {"key": "sourceData", "hash": "cc14de248d80556df3dbd62b4259376f"}, {"key": "title", "hash": "5bed881ba73770267b1fce6273299d23"}, {"key": "type", "hash": "47c1f692ea47a21f716dad07043ade01"}], "href": "http://plugins.openvas.org/nasl.php?oid=840107", "modified": "2017-12-01T00:00:00", "objectVersion": "1.3", "enchantments": {"score": {"value": 6.8, "vector": "NONE", "modified": "2017-12-04T11:28:47"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2007-1562"]}, {"type": "nessus", "idList": ["UBUNTU_USN-443-1.NASL", "MOZILLA_FIREFOX_15011.NASL", "FEDORA_2007-0009.NASL", "REDHAT-RHSA-2007-0400.NASL", "FEDORA_2007-0008.NASL", "CENTOS_RHSA-2007-0402.NASL", "ORACLELINUX_ELSA-2007-0402.NASL", "SUSE_MOZILLAFIREFOX-3541.NASL", "SUSE_SEAMONKEY-3631.NASL", "CENTOS_RHSA-2007-0400.NASL"]}, {"type": "ubuntu", "idList": ["USN-443-1"]}, {"type": "exploitdb", "idList": ["EDB-ID:29768"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:7348", "SECURITYVULNS:VULN:7761"]}, {"type": "openvas", "idList": ["OPENVAS:861375", "OPENVAS:65037", "OPENVAS:136141256231065037", "OPENVAS:1361412562310122700", "OPENVAS:861205", "OPENVAS:861268", "OPENVAS:861555", "OPENVAS:861203", "OPENVAS:861448", "OPENVAS:861004"]}, {"type": "suse", "idList": ["SUSE-SA:2007:036"]}, {"type": "centos", "idList": ["CESA-2007:0402", "CESA-2007:0402-01", "CESA-2007:0400"]}, {"type": "redhat", "idList": ["RHSA-2007:0402", "RHSA-2007:0400"]}, {"type": "oraclelinux", "idList": ["ELSA-2007-0402", "ELSA-2007-0400"]}], "modified": "2017-12-04T11:28:47"}, "vulnersScore": 6.8}, "id": "OPENVAS:840107", "title": "Ubuntu Update for firefox vulnerability USN-443-1", "hash": "9726641e80eeeea833823032dfeccc2f7e490c07dc13053187abae16379f2beb", "edition": 3, "published": "2009-03-23T00:00:00", "type": "openvas", "history": [{"lastseen": "2017-07-25T10:56:38", "bulletin": {"hash": "1bb0cbb8b0087bd69926ccfad65d7c18ffaaaa455fa323332e092c5bc22ba003", "viewCount": 0, "reporter": "Copyright (C) 2009 Greenbone Networks GmbH", "references": ["443-1", "https://lists.ubuntu.com/archives/ubuntu-security-announce/2007-March/000511.html"], "description": "Ubuntu Update for Linux kernel vulnerabilities USN-443-1", "hashmap": [{"key": "cvelist", "hash": "d86c71f663105caf8504b9f7168fbdd6"}, {"key": "pluginID", "hash": "87700879349291558f1fe0b80bceab38"}, {"key": "references", "hash": "4406b3c00f046453524955ee3e0e1f4f"}, {"key": "reporter", "hash": "b7e844243a0b30893b9118e3563e6521"}, {"key": "href", "hash": "d7d3da1f524e71481a999a223aab99e9"}, {"key": "type", "hash": "47c1f692ea47a21f716dad07043ade01"}, {"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "title", "hash": "5bed881ba73770267b1fce6273299d23"}, {"key": "naslFamily", "hash": "c9b7d00377a789a14c9bb9dab6c7168c"}, {"key": "cvss", "hash": "737e2591b537c46d1ca7ce6f0cea5cb9"}, {"key": "sourceData", "hash": "4dea9ecb51b3d1b57203fdf0f5d10b19"}, {"key": "published", "hash": "77f2259c22dd85776748ef0030d5eb3c"}, {"key": "description", "hash": "d5601fb8e5d2f371f7ff8f8de28fe3d9"}, {"key": "modified", "hash": "0d134bf170d66438eb1e01173ee0187f"}], "naslFamily": "Ubuntu Local Security Checks", "modified": "2017-07-10T00:00:00", "objectVersion": "1.3", "href": "http://plugins.openvas.org/nasl.php?oid=840107", "published": "2009-03-23T00:00:00", "enchantments": {}, "id": "OPENVAS:840107", "title": "Ubuntu Update for firefox vulnerability USN-443-1", "bulletinFamily": "scanner", "edition": 2, "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for firefox vulnerability USN-443-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A flaw was discovered in how Firefox handled PASV FTP responses. If a\n user were tricked into visiting a malicious FTP server, a remote\n attacker could perform a port-scan of machines within the user's\n network, leading to private information disclosure.\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-443-1\";\ntag_affected = \"firefox vulnerability on Ubuntu 5.10 ,\n Ubuntu 6.06 LTS ,\n Ubuntu 6.10\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://lists.ubuntu.com/archives/ubuntu-security-announce/2007-March/000511.html\");\n script_id(840107);\n script_version(\"$Revision: 6640 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 12:57:13 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-23 10:55:18 +0100 (Mon, 23 Mar 2009)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"USN\", value: \"443-1\");\n script_cve_id(\"CVE-2007-1562\");\n script_name( \"Ubuntu Update for firefox vulnerability USN-443-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU6.06 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"firefox-dbg\", ver:\"1.5.dfsg+1.5.0.11-0ubuntu0.6.06.1\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox-dev\", ver:\"1.5.dfsg+1.5.0.11-0ubuntu0.6.06.1\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox-dom-inspector\", ver:\"1.5.dfsg+1.5.0.11-0ubuntu0.6.06.1\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox-gnome-support\", ver:\"1.5.dfsg+1.5.0.11-0ubuntu0.6.06.1\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox\", ver:\"1.5.dfsg+1.5.0.11-0ubuntu0.6.06.1\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libnspr-dev\", ver:\"1.firefox1.5.dfsg+1.5.0.11-0ubuntu0.6.06.1\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libnspr4\", ver:\"1.firefox1.5.dfsg+1.5.0.11-0ubuntu0.6.06.1\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libnss-dev\", ver:\"1.firefox1.5.dfsg+1.5.0.11-0ubuntu0.6.06.1\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libnss3\", ver:\"1.firefox1.5.dfsg+1.5.0.11-0ubuntu0.6.06.1\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"mozilla-firefox-dev\", ver:\"1.5.dfsg+1.5.0.11-0ubuntu0.6.06.1\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"mozilla-firefox\", ver:\"1.5.dfsg+1.5.0.11-0ubuntu0.6.06.1\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU6.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"firefox-dbg\", ver:\"2.0.0.3+0dfsg-0ubuntu0.6.10\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox-dev\", ver:\"2.0.0.3+0dfsg-0ubuntu0.6.10\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox-gnome-support\", ver:\"2.0.0.3+0dfsg-0ubuntu0.6.10\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox\", ver:\"2.0.0.3+0dfsg-0ubuntu0.6.10\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libnspr-dev\", ver:\"1.firefox2.0.0.3+0dfsg-0ubuntu0.6.10\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libnspr4\", ver:\"1.firefox2.0.0.3+0dfsg-0ubuntu0.6.10\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libnss-dev\", ver:\"1.firefox2.0.0.3+0dfsg-0ubuntu0.6.10\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libnss3\", ver:\"1.firefox2.0.0.3+0dfsg-0ubuntu0.6.10\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox-dom-inspector\", ver:\"2.0.0.3+0dfsg-0ubuntu0.6.10\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"mozilla-firefox-dev\", ver:\"2.0.0.3+0dfsg-0ubuntu0.6.10\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"mozilla-firefox-dom-inspector\", ver:\"2.0.0.3+0dfsg-0ubuntu0.6.10\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"mozilla-firefox-gnome-support\", ver:\"2.0.0.3+0dfsg-0ubuntu0.6.10\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"mozilla-firefox\", ver:\"2.0.0.3+0dfsg-0ubuntu0.6.10\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU5.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"firefox-dev\", ver:\"1.5.dfsg+1.5.0.11-0ubuntu0.5.10.1\", rls:\"UBUNTU5.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox-dom-inspector\", ver:\"1.5.dfsg+1.5.0.11-0ubuntu0.5.10.1\", rls:\"UBUNTU5.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox-gnome-support\", ver:\"1.5.dfsg+1.5.0.11-0ubuntu0.5.10.1\", rls:\"UBUNTU5.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox\", ver:\"1.5.dfsg+1.5.0.11-0ubuntu0.5.10.1\", rls:\"UBUNTU5.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"mozilla-firefox-dev\", ver:\"1.5.dfsg+1.5.0.11-0ubuntu0.5.10.1\", rls:\"UBUNTU5.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"mozilla-firefox\", ver:\"1.5.dfsg+1.5.0.11-0ubuntu0.5.10.1\", rls:\"UBUNTU5.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "type": "openvas", "history": [], "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "cvelist": ["CVE-2007-1562"], "lastseen": "2017-07-25T10:56:38", "pluginID": "840107"}, "differentElements": ["references", "modified", "sourceData"], "edition": 2}, {"lastseen": "2017-07-02T21:14:03", "bulletin": {"hash": "4ddb32cf53167e36314ad1ba5a204b0795894b2fe28964e1bb75b6f036381d46", "viewCount": 0, "reporter": "Copyright (C) 2009 Greenbone Networks GmbH", "references": ["443-1", "https://lists.ubuntu.com/archives/ubuntu-security-announce/2007-March/000511.html"], "description": "Ubuntu Update for Linux kernel vulnerabilities USN-443-1", "hashmap": [{"key": "cvelist", "hash": "d86c71f663105caf8504b9f7168fbdd6"}, {"key": "pluginID", "hash": "87700879349291558f1fe0b80bceab38"}, {"key": "references", "hash": "4406b3c00f046453524955ee3e0e1f4f"}, {"key": "reporter", "hash": "b7e844243a0b30893b9118e3563e6521"}, {"key": "href", "hash": "d7d3da1f524e71481a999a223aab99e9"}, {"key": "modified", "hash": "73ba5c1fca79aa1e0d79d6e773721045"}, {"key": "type", "hash": "47c1f692ea47a21f716dad07043ade01"}, {"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "title", "hash": "5bed881ba73770267b1fce6273299d23"}, {"key": "naslFamily", "hash": "c9b7d00377a789a14c9bb9dab6c7168c"}, {"key": "cvss", "hash": "737e2591b537c46d1ca7ce6f0cea5cb9"}, {"key": "published", "hash": "77f2259c22dd85776748ef0030d5eb3c"}, {"key": "sourceData", "hash": "5e73ca90d75b5294ed2aab506a0a7aab"}, {"key": "description", "hash": "d5601fb8e5d2f371f7ff8f8de28fe3d9"}], "naslFamily": "Ubuntu Local Security Checks", "modified": "2016-12-30T00:00:00", "objectVersion": "1.3", "href": "http://plugins.openvas.org/nasl.php?oid=840107", "published": "2009-03-23T00:00:00", "enchantments": {}, "id": "OPENVAS:840107", "title": "Ubuntu Update for firefox vulnerability USN-443-1", "bulletinFamily": "scanner", "edition": 1, "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for firefox vulnerability USN-443-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A flaw was discovered in how Firefox handled PASV FTP responses. If a\n user were tricked into visiting a malicious FTP server, a remote\n attacker could perform a port-scan of machines within the user's\n network, leading to private information disclosure.\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-443-1\";\ntag_affected = \"firefox vulnerability on Ubuntu 5.10 ,\n Ubuntu 6.06 LTS ,\n Ubuntu 6.10\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://lists.ubuntu.com/archives/ubuntu-security-announce/2007-March/000511.html\");\n script_id(840107);\n script_version(\"$Revision: 4892 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-12-30 16:39:07 +0100 (Fri, 30 Dec 2016) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-23 10:55:18 +0100 (Mon, 23 Mar 2009)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"USN\", value: \"443-1\");\n script_cve_id(\"CVE-2007-1562\");\n script_name( \"Ubuntu Update for firefox vulnerability USN-443-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"login/SSH/success\", \"HostDetails/OS/cpe:/o:canonical:ubuntu_linux\", \"ssh/login/release\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU6.06 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"firefox-dbg\", ver:\"1.5.dfsg+1.5.0.11-0ubuntu0.6.06.1\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox-dev\", ver:\"1.5.dfsg+1.5.0.11-0ubuntu0.6.06.1\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox-dom-inspector\", ver:\"1.5.dfsg+1.5.0.11-0ubuntu0.6.06.1\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox-gnome-support\", ver:\"1.5.dfsg+1.5.0.11-0ubuntu0.6.06.1\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox\", ver:\"1.5.dfsg+1.5.0.11-0ubuntu0.6.06.1\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libnspr-dev\", ver:\"1.firefox1.5.dfsg+1.5.0.11-0ubuntu0.6.06.1\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libnspr4\", ver:\"1.firefox1.5.dfsg+1.5.0.11-0ubuntu0.6.06.1\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libnss-dev\", ver:\"1.firefox1.5.dfsg+1.5.0.11-0ubuntu0.6.06.1\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libnss3\", ver:\"1.firefox1.5.dfsg+1.5.0.11-0ubuntu0.6.06.1\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"mozilla-firefox-dev\", ver:\"1.5.dfsg+1.5.0.11-0ubuntu0.6.06.1\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"mozilla-firefox\", ver:\"1.5.dfsg+1.5.0.11-0ubuntu0.6.06.1\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU6.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"firefox-dbg\", ver:\"2.0.0.3+0dfsg-0ubuntu0.6.10\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox-dev\", ver:\"2.0.0.3+0dfsg-0ubuntu0.6.10\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox-gnome-support\", ver:\"2.0.0.3+0dfsg-0ubuntu0.6.10\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox\", ver:\"2.0.0.3+0dfsg-0ubuntu0.6.10\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libnspr-dev\", ver:\"1.firefox2.0.0.3+0dfsg-0ubuntu0.6.10\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libnspr4\", ver:\"1.firefox2.0.0.3+0dfsg-0ubuntu0.6.10\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libnss-dev\", ver:\"1.firefox2.0.0.3+0dfsg-0ubuntu0.6.10\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libnss3\", ver:\"1.firefox2.0.0.3+0dfsg-0ubuntu0.6.10\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox-dom-inspector\", ver:\"2.0.0.3+0dfsg-0ubuntu0.6.10\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"mozilla-firefox-dev\", ver:\"2.0.0.3+0dfsg-0ubuntu0.6.10\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"mozilla-firefox-dom-inspector\", ver:\"2.0.0.3+0dfsg-0ubuntu0.6.10\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"mozilla-firefox-gnome-support\", ver:\"2.0.0.3+0dfsg-0ubuntu0.6.10\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"mozilla-firefox\", ver:\"2.0.0.3+0dfsg-0ubuntu0.6.10\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU5.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"firefox-dev\", ver:\"1.5.dfsg+1.5.0.11-0ubuntu0.5.10.1\", rls:\"UBUNTU5.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox-dom-inspector\", ver:\"1.5.dfsg+1.5.0.11-0ubuntu0.5.10.1\", rls:\"UBUNTU5.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox-gnome-support\", ver:\"1.5.dfsg+1.5.0.11-0ubuntu0.5.10.1\", rls:\"UBUNTU5.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox\", ver:\"1.5.dfsg+1.5.0.11-0ubuntu0.5.10.1\", rls:\"UBUNTU5.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"mozilla-firefox-dev\", ver:\"1.5.dfsg+1.5.0.11-0ubuntu0.5.10.1\", rls:\"UBUNTU5.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"mozilla-firefox\", ver:\"1.5.dfsg+1.5.0.11-0ubuntu0.5.10.1\", rls:\"UBUNTU5.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "type": "openvas", "history": [], "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "cvelist": ["CVE-2007-1562"], "lastseen": "2017-07-02T21:14:03", "pluginID": "840107"}, "differentElements": ["modified", "sourceData"], "edition": 1}], "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "cvelist": ["CVE-2007-1562"], "lastseen": "2017-12-04T11:28:47", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_443_1.nasl 7969 2017-12-01 09:23:16Z santu $\n#\n# Ubuntu Update for firefox vulnerability USN-443-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A flaw was discovered in how Firefox handled PASV FTP responses. If a\n user were tricked into visiting a malicious FTP server, a remote\n attacker could perform a port-scan of machines within the user's\n network, leading to private information disclosure.\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-443-1\";\ntag_affected = \"firefox vulnerability on Ubuntu 5.10 ,\n Ubuntu 6.06 LTS ,\n Ubuntu 6.10\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-443-1/\");\n script_id(840107);\n script_version(\"$Revision: 7969 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 10:23:16 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-23 10:55:18 +0100 (Mon, 23 Mar 2009)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"USN\", value: \"443-1\");\n script_cve_id(\"CVE-2007-1562\");\n script_name( \"Ubuntu Update for firefox vulnerability USN-443-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU6.06 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"firefox-dbg\", ver:\"1.5.dfsg+1.5.0.11-0ubuntu0.6.06.1\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox-dev\", ver:\"1.5.dfsg+1.5.0.11-0ubuntu0.6.06.1\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox-dom-inspector\", ver:\"1.5.dfsg+1.5.0.11-0ubuntu0.6.06.1\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox-gnome-support\", ver:\"1.5.dfsg+1.5.0.11-0ubuntu0.6.06.1\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox\", ver:\"1.5.dfsg+1.5.0.11-0ubuntu0.6.06.1\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libnspr-dev\", ver:\"1.firefox1.5.dfsg+1.5.0.11-0ubuntu0.6.06.1\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libnspr4\", ver:\"1.firefox1.5.dfsg+1.5.0.11-0ubuntu0.6.06.1\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libnss-dev\", ver:\"1.firefox1.5.dfsg+1.5.0.11-0ubuntu0.6.06.1\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libnss3\", ver:\"1.firefox1.5.dfsg+1.5.0.11-0ubuntu0.6.06.1\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"mozilla-firefox-dev\", ver:\"1.5.dfsg+1.5.0.11-0ubuntu0.6.06.1\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"mozilla-firefox\", ver:\"1.5.dfsg+1.5.0.11-0ubuntu0.6.06.1\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU6.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"firefox-dbg\", ver:\"2.0.0.3+0dfsg-0ubuntu0.6.10\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox-dev\", ver:\"2.0.0.3+0dfsg-0ubuntu0.6.10\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox-gnome-support\", ver:\"2.0.0.3+0dfsg-0ubuntu0.6.10\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox\", ver:\"2.0.0.3+0dfsg-0ubuntu0.6.10\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libnspr-dev\", ver:\"1.firefox2.0.0.3+0dfsg-0ubuntu0.6.10\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libnspr4\", ver:\"1.firefox2.0.0.3+0dfsg-0ubuntu0.6.10\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libnss-dev\", ver:\"1.firefox2.0.0.3+0dfsg-0ubuntu0.6.10\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libnss3\", ver:\"1.firefox2.0.0.3+0dfsg-0ubuntu0.6.10\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox-dom-inspector\", ver:\"2.0.0.3+0dfsg-0ubuntu0.6.10\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"mozilla-firefox-dev\", ver:\"2.0.0.3+0dfsg-0ubuntu0.6.10\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"mozilla-firefox-dom-inspector\", ver:\"2.0.0.3+0dfsg-0ubuntu0.6.10\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"mozilla-firefox-gnome-support\", ver:\"2.0.0.3+0dfsg-0ubuntu0.6.10\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"mozilla-firefox\", ver:\"2.0.0.3+0dfsg-0ubuntu0.6.10\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU5.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"firefox-dev\", ver:\"1.5.dfsg+1.5.0.11-0ubuntu0.5.10.1\", rls:\"UBUNTU5.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox-dom-inspector\", ver:\"1.5.dfsg+1.5.0.11-0ubuntu0.5.10.1\", rls:\"UBUNTU5.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox-gnome-support\", ver:\"1.5.dfsg+1.5.0.11-0ubuntu0.5.10.1\", rls:\"UBUNTU5.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox\", ver:\"1.5.dfsg+1.5.0.11-0ubuntu0.5.10.1\", rls:\"UBUNTU5.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"mozilla-firefox-dev\", ver:\"1.5.dfsg+1.5.0.11-0ubuntu0.5.10.1\", rls:\"UBUNTU5.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"mozilla-firefox\", ver:\"1.5.dfsg+1.5.0.11-0ubuntu0.5.10.1\", rls:\"UBUNTU5.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "pluginID": "840107"}

{"cve": [{"lastseen": "2019-10-10T12:37:51", "bulletinFamily": "NVD", "description": "The FTP protocol implementation in Mozilla Firefox before 1.5.0.11 and 2.x before 2.0.0.3 allows remote attackers to force the client to connect to other servers, perform a proxied port scan, or obtain sensitive information by specifying an alternate server address in an FTP PASV response.", "modified": "2019-10-09T22:52:00", "id": "CVE-2007-1562", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-1562", "published": "2007-03-21T19:19:00", "title": "CVE-2007-1562", "type": "cve", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2019-12-13T09:57:09", "bulletinFamily": "scanner", "description": "A flaw was discovered in how Firefox handled PASV FTP responses. If a\nuser were tricked into visiting a malicious FTP server, a remote\nattacker could perform a port-scan of machines within the user", "modified": "2019-12-02T00:00:00", "id": "UBUNTU_USN-443-1.NASL", "href": "https://www.tenable.com/plugins/nessus/28040", "published": "2007-11-10T00:00:00", "title": "Ubuntu 5.10 / 6.06 LTS / 6.10 : firefox vulnerability (USN-443-1)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-443-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(28040);\n script_version(\"1.14\");\n script_cvs_date(\"Date: 2019/08/02 13:33:01\");\n\n script_cve_id(\"CVE-2007-1562\");\n script_bugtraq_id(23082);\n script_xref(name:\"USN\", value:\"443-1\");\n\n script_name(english:\"Ubuntu 5.10 / 6.06 LTS / 6.10 : firefox vulnerability (USN-443-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A flaw was discovered in how Firefox handled PASV FTP responses. If a\nuser were tricked into visiting a malicious FTP server, a remote\nattacker could perform a port-scan of machines within the user's\nnetwork, leading to private information disclosure.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/443-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-dom-inspector\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-gnome-support\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libnspr-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libnspr4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libnss-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libnss3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mozilla-firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mozilla-firefox-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mozilla-firefox-dom-inspector\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mozilla-firefox-gnome-support\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:5.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:6.06:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:6.10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/03/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/11/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(5\\.10|6\\.06|6\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 5.10 / 6.06 / 6.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"5.10\", pkgname:\"firefox\", pkgver:\"1.5.dfsg+1.5.0.11-0ubuntu0.5.10.1\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"firefox-dev\", pkgver:\"1.5.dfsg+1.5.0.11-0ubuntu0.5.10.1\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"firefox-dom-inspector\", pkgver:\"1.5.dfsg+1.5.0.11-0ubuntu0.5.10.1\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"firefox-gnome-support\", pkgver:\"1.5.dfsg+1.5.0.11-0ubuntu0.5.10.1\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"mozilla-firefox\", pkgver:\"1.5.dfsg+1.5.0.11-0ubuntu0.5.10.1\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"mozilla-firefox-dev\", pkgver:\"1.5.dfsg+1.5.0.11-0ubuntu0.5.10.1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"firefox\", pkgver:\"1.5.dfsg+1.5.0.11-0ubuntu0.6.06.1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"firefox-dbg\", pkgver:\"1.5.dfsg+1.5.0.11-0ubuntu0.6.06.1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"firefox-dev\", pkgver:\"1.5.dfsg+1.5.0.11-0ubuntu0.6.06.1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"firefox-dom-inspector\", pkgver:\"1.5.dfsg+1.5.0.11-0ubuntu0.6.06.1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"firefox-gnome-support\", pkgver:\"1.5.dfsg+1.5.0.11-0ubuntu0.6.06.1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libnspr-dev\", pkgver:\"1.firefox1.5.dfsg+1.5.0.11-0ubuntu0.6.06.1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libnspr4\", pkgver:\"1.firefox1.5.dfsg+1.5.0.11-0ubuntu0.6.06.1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libnss-dev\", pkgver:\"1.firefox1.5.dfsg+1.5.0.11-0ubuntu0.6.06.1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libnss3\", pkgver:\"1.firefox1.5.dfsg+1.5.0.11-0ubuntu0.6.06.1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"mozilla-firefox\", pkgver:\"1.5.dfsg+1.5.0.11-0ubuntu0.6.06.1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"mozilla-firefox-dev\", pkgver:\"1.5.dfsg+1.5.0.11-0ubuntu0.6.06.1\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"firefox\", pkgver:\"2.0.0.3+0dfsg-0ubuntu0.6.10\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"firefox-dbg\", pkgver:\"2.0.0.3+0dfsg-0ubuntu0.6.10\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"firefox-dev\", pkgver:\"2.0.0.3+0dfsg-0ubuntu0.6.10\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"firefox-dom-inspector\", pkgver:\"2.0.0.3+0dfsg-0ubuntu0.6.10\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"firefox-gnome-support\", pkgver:\"2.0.0.3+0dfsg-0ubuntu0.6.10\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"libnspr-dev\", pkgver:\"1.firefox2.0.0.3+0dfsg-0ubuntu0.6.10\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"libnspr4\", pkgver:\"1.firefox2.0.0.3+0dfsg-0ubuntu0.6.10\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"libnss-dev\", pkgver:\"1.firefox2.0.0.3+0dfsg-0ubuntu0.6.10\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"libnss3\", pkgver:\"1.firefox2.0.0.3+0dfsg-0ubuntu0.6.10\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"mozilla-firefox\", pkgver:\"2.0.0.3+0dfsg-0ubuntu0.6.10\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"mozilla-firefox-dev\", pkgver:\"2.0.0.3+0dfsg-0ubuntu0.6.10\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"mozilla-firefox-dom-inspector\", pkgver:\"2.0.0.3+0dfsg-0ubuntu0.6.10\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"mozilla-firefox-gnome-support\", pkgver:\"2.0.0.3+0dfsg-0ubuntu0.6.10\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox / firefox-dbg / firefox-dev / firefox-dom-inspector / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-12-13T08:06:13", "bulletinFamily": "scanner", "description": "The FTP client support in the installed version of Firefox has a flaw\nthat could allow a remote attacker with control of an FTP server to\nperform a rudimentary port scan of, for example, the user", "modified": "2019-12-02T00:00:00", "id": "MOZILLA_FIREFOX_15011.NASL", "href": "https://www.tenable.com/plugins/nessus/24875", "published": "2007-03-23T00:00:00", "title": "Firefox < 1.5.0.11 / 2.0.0.3 Multiple Vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(24875);\n script_version(\"1.14\");\n\n script_cve_id(\"CVE-2007-1562\");\n script_bugtraq_id(23082);\n\n script_name(english:\"Firefox < 1.5.0.11 / 2.0.0.3 Multiple Vulnerabilities\");\n script_summary(english:\"Checks version of Firefox\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host contains a web browser that can be manipulated\nremotely for network abuse.\" );\n script_set_attribute(attribute:\"description\", value:\n\"The FTP client support in the installed version of Firefox has a flaw\nthat could allow a remote attacker with control of an FTP server to\nperform a rudimentary port scan of, for example, the user's internal\nnetwork.\" );\n script_set_attribute(attribute:\"see_also\", value:\"http://bindshell.net/papers/ftppasv\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2007-11/\" );\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Firefox 1.5.0.11 / 2.0.0.3 or later.\" );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2007/03/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value: \"2007/03/20\");\n script_cvs_date(\"Date: 2018/07/16 14:09:14\");\nscript_set_attribute(attribute:\"plugin_type\", value:\"local\");\nscript_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:firefox\");\nscript_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n script_copyright(english:\"This script is Copyright (C) 2007-2018 Tenable Network Security, Inc.\");\n script_dependencies(\"mozilla_org_installed.nasl\");\n script_require_keys(\"Mozilla/Firefox/Version\");\n exit(0);\n}\n\n#\n\ninclude(\"misc_func.inc\");\n\nver = read_version_in_kb(\"Mozilla/Firefox/Version\");\nif (isnull(ver)) exit(0);\n\nif (\n ver[0] < 1 ||\n (\n ver[0] == 1 &&\n (\n ver[1] < 5 ||\n (ver[1] == 5 && ver[2] == 0 && ver[3] < 11)\n ) \n ) ||\n (ver[0] == 2 && ver[1] == 0 && ver[2] == 0 && ver[3] < 3)\n) security_warning(get_kb_item(\"SMB/transport\"));\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-12-13T06:40:53", "bulletinFamily": "scanner", "description": "Updated SeaMonkey packages that fix several security bugs are now\navailable for Red Hat Enterprise Linux 2.1, 3, and 4.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nSeaMonkey is an open source Web browser, advanced email and newsgroup\nclient, IRC chat client, and HTML editor.\n\nSeveral flaws were found in the way SeaMonkey processed certain\nmalformed JavaScript code. A web page containing malicious JavaScript\ncode could cause SeaMonkey to crash or potentially execute arbitrary\ncode as the user running SeaMonkey. (CVE-2007-2867, CVE-2007-2868)\n\nA flaw was found in the way SeaMonkey handled certain FTP PASV\ncommands. A malicious FTP server could use this flaw to perform a\nrudimentary port-scan of machines behind a user", "modified": "2019-12-02T00:00:00", "id": "CENTOS_RHSA-2007-0402.NASL", "href": "https://www.tenable.com/plugins/nessus/37778", "published": "2009-04-23T00:00:00", "title": "CentOS 3 / 4 : seamonkey (CESA-2007:0402)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2007:0402 and \n# CentOS Errata and Security Advisory 2007:0402 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(37778);\n script_version(\"1.17\");\n script_cvs_date(\"Date: 2019/10/25 13:36:03\");\n\n script_cve_id(\"CVE-2007-1362\", \"CVE-2007-1558\", \"CVE-2007-1562\", \"CVE-2007-2867\", \"CVE-2007-2868\", \"CVE-2007-2869\", \"CVE-2007-2870\", \"CVE-2007-2871\");\n script_bugtraq_id(23082, 23257, 24242);\n script_xref(name:\"RHSA\", value:\"2007:0402\");\n\n script_name(english:\"CentOS 3 / 4 : seamonkey (CESA-2007:0402)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated SeaMonkey packages that fix several security bugs are now\navailable for Red Hat Enterprise Linux 2.1, 3, and 4.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nSeaMonkey is an open source Web browser, advanced email and newsgroup\nclient, IRC chat client, and HTML editor.\n\nSeveral flaws were found in the way SeaMonkey processed certain\nmalformed JavaScript code. A web page containing malicious JavaScript\ncode could cause SeaMonkey to crash or potentially execute arbitrary\ncode as the user running SeaMonkey. (CVE-2007-2867, CVE-2007-2868)\n\nA flaw was found in the way SeaMonkey handled certain FTP PASV\ncommands. A malicious FTP server could use this flaw to perform a\nrudimentary port-scan of machines behind a user's firewall.\n(CVE-2007-1562)\n\nSeveral denial of service flaws were found in the way SeaMonkey\nhandled certain form and cookie data. A malicious website that is able\nto set arbitrary form and cookie data could prevent SeaMonkey from\nfunctioning properly. (CVE-2007-1362, CVE-2007-2869)\n\nA flaw was found in the way SeaMonkey processed certain APOP\nauthentication requests. By sending certain responses when SeaMonkey\nattempted to authenticate against an APOP server, a remote attacker\ncould potentially acquire certain portions of a user's authentication\ncredentials. (CVE-2007-1558)\n\nA flaw was found in the way SeaMonkey handled the addEventListener\nJavaScript method. A malicious website could use this method to access\nor modify sensitive data from another website. (CVE-2007-2870)\n\nA flaw was found in the way SeaMonkey displayed certain web content. A\nmalicious web page could generate content that would overlay user\ninterface elements such as the hostname and security indicators,\ntricking users into thinking they are visiting a different site.\n(CVE-2007-2871)\n\nUsers of SeaMonkey are advised to upgrade to these erratum packages,\nwhich contain SeaMonkey version 1.0.9 that corrects these issues.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2007-June/013852.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?40a515a1\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2007-June/013853.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?40f1d3cf\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2007-May/013845.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?43730f6a\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2007-May/013846.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5deec783\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2007-May/013847.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?30292b8d\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2007-May/013848.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?cfe36d90\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected seamonkey packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 94, 119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:devhelp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:devhelp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:seamonkey\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:seamonkey-chat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:seamonkey-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:seamonkey-dom-inspector\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:seamonkey-js-debugger\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:seamonkey-mail\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:seamonkey-nspr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:seamonkey-nspr-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:seamonkey-nss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:seamonkey-nss-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/03/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/06/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/04/23\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(3|4)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 3.x / 4.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-3\", cpu:\"i386\", reference:\"seamonkey-1.0.9-0.1.el3.centos3\")) flag++;\nif (rpm_check(release:\"CentOS-3\", cpu:\"x86_64\", reference:\"seamonkey-1.0.9-0.1.el3.centos3\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"seamonkey-chat-1.0.9-0.1.el3.centos3\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"seamonkey-devel-1.0.9-0.1.el3.centos3\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"seamonkey-dom-inspector-1.0.9-0.1.el3.centos3\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"seamonkey-js-debugger-1.0.9-0.1.el3.centos3\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"seamonkey-mail-1.0.9-0.1.el3.centos3\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"seamonkey-nspr-1.0.9-0.1.el3.centos3\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"seamonkey-nspr-devel-1.0.9-0.1.el3.centos3\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"seamonkey-nss-1.0.9-0.1.el3.centos3\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"seamonkey-nss-devel-1.0.9-0.1.el3.centos3\")) flag++;\n\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"devhelp-0.10-0.8.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"devhelp-0.10-0.8.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"devhelp-devel-0.10-0.8.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"devhelp-devel-0.10-0.8.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"seamonkey-1.0.9-2.el4.centos\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"seamonkey-chat-1.0.9-2.el4.centos\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"seamonkey-devel-1.0.9-2.el4.centos\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"seamonkey-dom-inspector-1.0.9-2.el4.centos\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"seamonkey-js-debugger-1.0.9-2.el4.centos\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"seamonkey-mail-1.0.9-2.el4.centos\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"seamonkey-nspr-1.0.9-2.el4.centos\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"seamonkey-nspr-devel-1.0.9-2.el4.centos\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"seamonkey-nss-1.0.9-2.el4.centos\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"seamonkey-nss-devel-1.0.9-2.el4.centos\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"devhelp / devhelp-devel / seamonkey / seamonkey-chat / etc\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-12-13T08:40:50", "bulletinFamily": "scanner", "description": "From Red Hat Security Advisory 2007:0402 :\n\nUpdated SeaMonkey packages that fix several security bugs are now\navailable for Red Hat Enterprise Linux 2.1, 3, and 4.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nSeaMonkey is an open source Web browser, advanced email and newsgroup\nclient, IRC chat client, and HTML editor.\n\nSeveral flaws were found in the way SeaMonkey processed certain\nmalformed JavaScript code. A web page containing malicious JavaScript\ncode could cause SeaMonkey to crash or potentially execute arbitrary\ncode as the user running SeaMonkey. (CVE-2007-2867, CVE-2007-2868)\n\nA flaw was found in the way SeaMonkey handled certain FTP PASV\ncommands. A malicious FTP server could use this flaw to perform a\nrudimentary port-scan of machines behind a user", "modified": "2019-12-02T00:00:00", "id": "ORACLELINUX_ELSA-2007-0402.NASL", "href": "https://www.tenable.com/plugins/nessus/67511", "published": "2013-07-12T00:00:00", "title": "Oracle Linux 3 / 4 : seamonkey (ELSA-2007-0402)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2007:0402 and \n# Oracle Linux Security Advisory ELSA-2007-0402 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(67511);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2019/10/25 13:36:06\");\n\n script_cve_id(\"CVE-2007-1362\", \"CVE-2007-1558\", \"CVE-2007-1562\", \"CVE-2007-2867\", \"CVE-2007-2868\", \"CVE-2007-2869\", \"CVE-2007-2870\", \"CVE-2007-2871\");\n script_bugtraq_id(23082, 23257, 24242);\n script_xref(name:\"RHSA\", value:\"2007:0402\");\n\n script_name(english:\"Oracle Linux 3 / 4 : seamonkey (ELSA-2007-0402)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2007:0402 :\n\nUpdated SeaMonkey packages that fix several security bugs are now\navailable for Red Hat Enterprise Linux 2.1, 3, and 4.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nSeaMonkey is an open source Web browser, advanced email and newsgroup\nclient, IRC chat client, and HTML editor.\n\nSeveral flaws were found in the way SeaMonkey processed certain\nmalformed JavaScript code. A web page containing malicious JavaScript\ncode could cause SeaMonkey to crash or potentially execute arbitrary\ncode as the user running SeaMonkey. (CVE-2007-2867, CVE-2007-2868)\n\nA flaw was found in the way SeaMonkey handled certain FTP PASV\ncommands. A malicious FTP server could use this flaw to perform a\nrudimentary port-scan of machines behind a user's firewall.\n(CVE-2007-1562)\n\nSeveral denial of service flaws were found in the way SeaMonkey\nhandled certain form and cookie data. A malicious website that is able\nto set arbitrary form and cookie data could prevent SeaMonkey from\nfunctioning properly. (CVE-2007-1362, CVE-2007-2869)\n\nA flaw was found in the way SeaMonkey processed certain APOP\nauthentication requests. By sending certain responses when SeaMonkey\nattempted to authenticate against an APOP server, a remote attacker\ncould potentially acquire certain portions of a user's authentication\ncredentials. (CVE-2007-1558)\n\nA flaw was found in the way SeaMonkey handled the addEventListener\nJavaScript method. A malicious website could use this method to access\nor modify sensitive data from another website. (CVE-2007-2870)\n\nA flaw was found in the way SeaMonkey displayed certain web content. A\nmalicious web page could generate content that would overlay user\ninterface elements such as the hostname and security indicators,\ntricking users into thinking they are visiting a different site.\n(CVE-2007-2871)\n\nUsers of SeaMonkey are advised to upgrade to these erratum packages,\nwhich contain SeaMonkey version 1.0.9 that corrects these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2007-May/000165.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2007-May/000166.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected seamonkey packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 94, 119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:devhelp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:devhelp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:seamonkey\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:seamonkey-chat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:seamonkey-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:seamonkey-dom-inspector\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:seamonkey-js-debugger\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:seamonkey-mail\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:seamonkey-nspr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:seamonkey-nspr-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:seamonkey-nss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:seamonkey-nss-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/03/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/05/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(3|4)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 3 / 4\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"seamonkey-1.0.9-0.1.el3.0.1\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"seamonkey-1.0.9-0.1.el3.0.1\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"seamonkey-chat-1.0.9-0.1.el3.0.1\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"seamonkey-chat-1.0.9-0.1.el3.0.1\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"seamonkey-devel-1.0.9-0.1.el3.0.1\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"seamonkey-devel-1.0.9-0.1.el3.0.1\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"seamonkey-dom-inspector-1.0.9-0.1.el3.0.1\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"seamonkey-dom-inspector-1.0.9-0.1.el3.0.1\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"seamonkey-js-debugger-1.0.9-0.1.el3.0.1\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"seamonkey-js-debugger-1.0.9-0.1.el3.0.1\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"seamonkey-mail-1.0.9-0.1.el3.0.1\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"seamonkey-mail-1.0.9-0.1.el3.0.1\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"seamonkey-nspr-1.0.9-0.1.el3.0.1\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"seamonkey-nspr-1.0.9-0.1.el3.0.1\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"seamonkey-nspr-devel-1.0.9-0.1.el3.0.1\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"seamonkey-nspr-devel-1.0.9-0.1.el3.0.1\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"seamonkey-nss-1.0.9-0.1.el3.0.1\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"seamonkey-nss-1.0.9-0.1.el3.0.1\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"seamonkey-nss-devel-1.0.9-0.1.el3.0.1\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"seamonkey-nss-devel-1.0.9-0.1.el3.0.1\")) flag++;\n\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"devhelp-0.10-0.8.el4\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"devhelp-0.10-0.8.el4\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"devhelp-devel-0.10-0.8.el4\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"devhelp-devel-0.10-0.8.el4\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"seamonkey-1.0.9-2.el4.0.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"seamonkey-1.0.9-2.el4.0.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"seamonkey-chat-1.0.9-2.el4.0.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"seamonkey-chat-1.0.9-2.el4.0.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"seamonkey-devel-1.0.9-2.el4.0.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"seamonkey-devel-1.0.9-2.el4.0.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"seamonkey-dom-inspector-1.0.9-2.el4.0.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"seamonkey-dom-inspector-1.0.9-2.el4.0.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"seamonkey-js-debugger-1.0.9-2.el4.0.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"seamonkey-js-debugger-1.0.9-2.el4.0.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"seamonkey-mail-1.0.9-2.el4.0.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"seamonkey-mail-1.0.9-2.el4.0.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"seamonkey-nspr-1.0.9-2.el4.0.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"seamonkey-nspr-1.0.9-2.el4.0.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"seamonkey-nspr-devel-1.0.9-2.el4.0.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"seamonkey-nspr-devel-1.0.9-2.el4.0.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"seamonkey-nss-1.0.9-2.el4.0.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"seamonkey-nss-1.0.9-2.el4.0.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"seamonkey-nss-devel-1.0.9-2.el4.0.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"seamonkey-nss-devel-1.0.9-2.el4.0.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"devhelp / devhelp-devel / seamonkey / seamonkey-chat / etc\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-12-13T07:03:00", "bulletinFamily": "scanner", "description": "Updated firefox packages that fix several security bugs are now\navailable for Fedora Core 7.\n\nUsers of epiphany are advised to upgrade to these erratum packages\nwhich have been rebuilt against a patched firefox which is not\nvulnerable to these issues.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2019-12-02T00:00:00", "id": "FEDORA_2007-0008.NASL", "href": "https://www.tenable.com/plugins/nessus/62269", "published": "2012-09-24T00:00:00", "title": "Fedora 7 : epiphany-2.18.1-3.fc7 (2007-0008)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2007-0008.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(62269);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2019/08/02 13:32:25\");\n\n script_cve_id(\"CVE-2007-1362\", \"CVE-2007-1562\", \"CVE-2007-2867\", \"CVE-2007-2868\", \"CVE-2007-2869\", \"CVE-2007-2870\", \"CVE-2007-2871\");\n script_xref(name:\"FEDORA\", value:\"2007-0008\");\n\n script_name(english:\"Fedora 7 : epiphany-2.18.1-3.fc7 (2007-0008)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated firefox packages that fix several security bugs are now\navailable for Fedora Core 7.\n\nUsers of epiphany are advised to upgrade to these erratum packages\nwhich have been rebuilt against a patched firefox which is not\nvulnerable to these issues.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=241840\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2007-May/001783.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c8995b32\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected epiphany, epiphany-debuginfo and / or\nepiphany-devel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(20, 94, 119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:epiphany\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:epiphany-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:epiphany-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/03/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/05/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/09/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 7.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC7\", reference:\"epiphany-2.18.1-3.fc7\")) flag++;\nif (rpm_check(release:\"FC7\", reference:\"epiphany-debuginfo-2.18.1-3.fc7\")) flag++;\nif (rpm_check(release:\"FC7\", reference:\"epiphany-devel-2.18.1-3.fc7\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"epiphany / epiphany-debuginfo / epiphany-devel\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-12-13T07:03:00", "bulletinFamily": "scanner", "description": "Updated firefox packages that fix several security bugs are now\navailable for Fedora Core 7.\n\nUsers of yelp are advised to upgrade to these erratum packages which\ncontain a version of yelp built against a firefox version not\nvulnerable to these flaws.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2019-12-02T00:00:00", "id": "FEDORA_2007-0009.NASL", "href": "https://www.tenable.com/plugins/nessus/62270", "published": "2012-09-24T00:00:00", "title": "Fedora 7 : yelp-2.18.1-4.fc7 (2007-0009)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2007-0009.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(62270);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2019/08/02 13:32:25\");\n\n script_cve_id(\"CVE-2007-1362\", \"CVE-2007-1562\", \"CVE-2007-2867\", \"CVE-2007-2868\", \"CVE-2007-2869\", \"CVE-2007-2870\", \"CVE-2007-2871\");\n script_xref(name:\"FEDORA\", value:\"2007-0009\");\n\n script_name(english:\"Fedora 7 : yelp-2.18.1-4.fc7 (2007-0009)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated firefox packages that fix several security bugs are now\navailable for Fedora Core 7.\n\nUsers of yelp are advised to upgrade to these erratum packages which\ncontain a version of yelp built against a firefox version not\nvulnerable to these flaws.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=241840\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2007-May/001782.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?80047899\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected yelp and / or yelp-debuginfo packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(20, 94, 119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:yelp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:yelp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/03/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/05/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/09/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 7.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC7\", reference:\"yelp-2.18.1-4.fc7\")) flag++;\nif (rpm_check(release:\"FC7\", reference:\"yelp-debuginfo-2.18.1-4.fc7\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"yelp / yelp-debuginfo\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-12-13T08:52:42", "bulletinFamily": "scanner", "description": "Updated firefox packages that fix several security bugs are now\navailable for Red Hat Enterprise Linux 4 and 5.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nMozilla Firefox is an open source Web browser.\n\nSeveral flaws were found in the way Firefox processed certain\nmalformed JavaScript code. A web page containing malicious JavaScript\ncode could cause Firefox to crash or potentially execute arbitrary\ncode as the user running Firefox. (CVE-2007-2867, CVE-2007-2868)\n\nA flaw was found in the way Firefox handled certain FTP PASV commands.\nA malicious FTP server could use this flaw to perform a rudimentary\nport-scan of machines behind a user", "modified": "2019-12-02T00:00:00", "id": "REDHAT-RHSA-2007-0400.NASL", "href": "https://www.tenable.com/plugins/nessus/25365", "published": "2007-06-01T00:00:00", "title": "RHEL 4 / 5 : firefox (RHSA-2007:0400)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2007:0400. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(25365);\n script_version (\"1.26\");\n script_cvs_date(\"Date: 2019/10/25 13:36:12\");\n\n script_cve_id(\"CVE-2007-1362\", \"CVE-2007-1562\", \"CVE-2007-2867\", \"CVE-2007-2868\", \"CVE-2007-2869\", \"CVE-2007-2870\", \"CVE-2007-2871\");\n script_bugtraq_id(23082, 24242);\n script_xref(name:\"RHSA\", value:\"2007:0400\");\n\n script_name(english:\"RHEL 4 / 5 : firefox (RHSA-2007:0400)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated firefox packages that fix several security bugs are now\navailable for Red Hat Enterprise Linux 4 and 5.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nMozilla Firefox is an open source Web browser.\n\nSeveral flaws were found in the way Firefox processed certain\nmalformed JavaScript code. A web page containing malicious JavaScript\ncode could cause Firefox to crash or potentially execute arbitrary\ncode as the user running Firefox. (CVE-2007-2867, CVE-2007-2868)\n\nA flaw was found in the way Firefox handled certain FTP PASV commands.\nA malicious FTP server could use this flaw to perform a rudimentary\nport-scan of machines behind a user's firewall. (CVE-2007-1562)\n\nSeveral denial of service flaws were found in the way Firefox handled\ncertain form and cookie data. A malicious website that is able to set\narbitrary form and cookie data could prevent Firefox from functioning\nproperly. (CVE-2007-1362, CVE-2007-2869)\n\nA flaw was found in the way Firefox handled the addEventListener\nJavaScript method. A malicious website could use this method to access\nor modify sensitive data from another website. (CVE-2007-2870)\n\nA flaw was found in the way Firefox displayed certain web content. A\nmalicious web page could generate content that would overlay user\ninterface elements such as the hostname and security indicators,\ntricking users into thinking they are visiting a different site.\n(CVE-2007-2871)\n\nUsers of Firefox are advised to upgrade to these erratum packages,\nwhich contain Firefox version 1.5.0.12 that corrects these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-1362\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-1562\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-2867\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-2868\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-2869\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-2870\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-2871\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2007:0400\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 94, 119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:devhelp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:devhelp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:firefox-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:yelp\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/03/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/05/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/06/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x / 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2007:0400\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL4\", reference:\"firefox-1.5.0.12-0.1.el4\")) flag++;\n\n\n if (rpm_check(release:\"RHEL5\", reference:\"devhelp-0.12-11.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"devhelp-devel-0.12-11.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"firefox-1.5.0.12-1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"firefox-devel-1.5.0.12-1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"yelp-2.16.0-15.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"yelp-2.16.0-15.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"yelp-2.16.0-15.el5\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"devhelp / devhelp-devel / firefox / firefox-devel / yelp\");\n }\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-12-13T09:12:55", "bulletinFamily": "scanner", "description": "Several flaws were found in the way Firefox processed certain\nmalformed JavaScript code. A web page containing malicious JavaScript\ncode could cause Firefox to crash or potentially execute arbitrary\ncode as the user running Firefox. (CVE-2007-2867, CVE-2007-2868)\n\nA flaw was found in the way Firefox handled certain FTP PASV commands.\nA malicious FTP server could use this flaw to perform a rudimentary\nport-scan of machines behind a user", "modified": "2019-12-02T00:00:00", "id": "SL_20070530_FIREFOX_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/nessus/60192", "published": "2012-08-01T00:00:00", "title": "Scientific Linux Security Update : firefox on SL5.x, SL4.x, SL3.x i386/x86_64", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(60192);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2019/10/25 13:36:17\");\n\n script_cve_id(\"CVE-2007-1362\", \"CVE-2007-1562\", \"CVE-2007-2867\", \"CVE-2007-2868\", \"CVE-2007-2869\", \"CVE-2007-2870\", \"CVE-2007-2871\");\n\n script_name(english:\"Scientific Linux Security Update : firefox on SL5.x, SL4.x, SL3.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several flaws were found in the way Firefox processed certain\nmalformed JavaScript code. A web page containing malicious JavaScript\ncode could cause Firefox to crash or potentially execute arbitrary\ncode as the user running Firefox. (CVE-2007-2867, CVE-2007-2868)\n\nA flaw was found in the way Firefox handled certain FTP PASV commands.\nA malicious FTP server could use this flaw to perform a rudimentary\nport-scan of machines behind a user's firewall. (CVE-2007-1562)\n\nSeveral denial of service flaws were found in the way Firefox handled\ncertain form and cookie data. A malicious website that is able to set\narbitrary form and cookie data could prevent Firefox from functioning\nproperly. (CVE-2007-1362, CVE-2007-2869)\n\nA flaw was found in the way Firefox handled the addEventListener\nJavaScript method. A malicious website could use this method to access\nor modify sensitive data from another website. (CVE-2007-2870)\n\nA flaw was found in the way Firefox displayed certain web content. A\nmalicious web page could generate content that would overlay user\ninterface elements such as the hostname and security indicators,\ntricking users into thinking they are visiting a different site.\n(CVE-2007-2871)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind0706&L=scientific-linux-errata&T=0&P=710\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d2378ece\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected devhelp, firefox and / or yelp packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(20, 94, 119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/05/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL3\", reference:\"firefox-1.5.0.12-0.1.SL3\")) flag++;\n\nif (rpm_check(release:\"SL4\", reference:\"firefox-1.5.0.12-0.1.el4\")) flag++;\n\nif (rpm_check(release:\"SL5\", reference:\"devhelp-0.12-11.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"firefox-1.5.0.12-1.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"yelp-2.16.0-15.el5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-12-13T09:21:40", "bulletinFamily": "scanner", "description": "This update brings Mozilla Firefox to security update version 2.0.0.4\n\nThis is a major upgrade from the Firefox 1.5.0.x line for SUSE Linux\n10.0 and 10.1.\n\n - MFSA 2007-17 / CVE-2007-2871 :\n\n Chris Thomas demonstrated that XUL popups opened by web\n content could be placed outside the boundaries of the\n content area. This could be used to spoof or hide parts\n of the browser chrome UI such as the location bar.\n\n - MFSA 2007-16 / CVE-2007-2870 :\n\n Mozilla contributor moz_bug_r_a4 demonstrated that the\n addEventListener method could be used to inject script\n into another site in violation of the browser", "modified": "2019-12-02T00:00:00", "id": "SUSE_MOZILLAFIREFOX-3547.NASL", "href": "https://www.tenable.com/plugins/nessus/27121", "published": "2007-10-17T00:00:00", "title": "openSUSE 10 Security Update : MozillaFirefox (MozillaFirefox-3547)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update MozillaFirefox-3547.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(27121);\n script_version (\"1.15\");\n script_cvs_date(\"Date: 2019/10/25 13:36:29\");\n\n script_cve_id(\"CVE-2007-1362\", \"CVE-2007-1562\", \"CVE-2007-2867\", \"CVE-2007-2868\", \"CVE-2007-2869\", \"CVE-2007-2870\", \"CVE-2007-2871\");\n\n script_name(english:\"openSUSE 10 Security Update : MozillaFirefox (MozillaFirefox-3547)\");\n script_summary(english:\"Check for the MozillaFirefox-3547 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update brings Mozilla Firefox to security update version 2.0.0.4\n\nThis is a major upgrade from the Firefox 1.5.0.x line for SUSE Linux\n10.0 and 10.1.\n\n - MFSA 2007-17 / CVE-2007-2871 :\n\n Chris Thomas demonstrated that XUL popups opened by web\n content could be placed outside the boundaries of the\n content area. This could be used to spoof or hide parts\n of the browser chrome UI such as the location bar.\n\n - MFSA 2007-16 / CVE-2007-2870 :\n\n Mozilla contributor moz_bug_r_a4 demonstrated that the\n addEventListener method could be used to inject script\n into another site in violation of the browser's\n same-origin policy. This could be used to access or\n modify private or valuable information from that other\n site.\n\n - MFSA 2007-14 / CVE-2007-1362 :\n\n Nicolas Derouet reported two problems with cookie\n handling in Mozilla clients. Insufficient length checks\n could be use to exhaust browser memory and so to crash\n the browser or at least slow it done by a large degree.\n\n The second issue was that the cookie path and name\n values were not checked for the presence of the\n delimiter used for internal cookie storage, and if\n present this confused future interpretation of the\n cookie data. This is not considered to be exploitable.\n\n - MFSA 2007-13 / CVE-2007-2869 :\n\n Marcel reported that a malicious web page could perform\n a denial of service attack against the form autocomplete\n feature that would persist from session to session until\n the malicious form data was deleted. Filling a text\n field with millions of characters and submitting the\n form will cause the victim's browser to hang for up to\n several minutes while the form data is read, and this\n will happen the first time autocomplete is triggered\n after every browser restart. \n\n No harm is done to the user's computer, but the\n frustration caused by the hang could prevent use of\n Firefox if users don't know how to clear the bad state.\n\n - MFSA 2007-12 / CVE-2007-2867 / CVE-2007-2868\n\n As part of the Firefox 2.0.0.4 and 1.5.0.12 update\n releases Mozilla developers fixed many bugs to improve\n the stability of the product. Some of these crashes that\n showed evidence of memory corruption under certain\n circumstances and we presume that with enough effort at\n least some of these could be exploited to run arbitrary\n code. \n\n Without further investigation we cannot rule out the\n possibility that for some of these an attacker might be\n able to prepare memory for exploitation through some\n means other than JavaScript, such as large images.\n\n - MFSA 2007-11 / CVE-2007-1562 :\n\n Incorrect FTP PASV handling could be used by malicious\n ftp servers to do a rudimentary port scanning of for\n instance internal networks of the computer the browser\n is running on.\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected MozillaFirefox packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(20, 94, 119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-translations\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/06/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/10/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.1\", reference:\"MozillaFirefox-2.0.0.4-1.2\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"MozillaFirefox-translations-2.0.0.4-1.2\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MozillaFirefox\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-12-13T07:03:03", "bulletinFamily": "scanner", "description": "Updated firefox packages that fix several security bugs are now\navailable for Fedora Core 5.\n\nThis update has been rated as having critical security impact by the\nFedora Security Response Team.\n\nMozilla Firefox is an open source Web browser.\n\nSeveral flaws were found in the way Firefox processed certain\nmalformed JavaScript code. A web page containing malicious JavaScript\ncode could cause Firefox to crash or potentially execute arbitrary\ncode as the user running Firefox. (CVE-2007-2867, CVE-2007-2868)\n\nA flaw was found in the way Firefox handled certain FTP PASV commands.\nA malicious FTP server could use this flaw to perform a rudimentary\nport-scan of machines behind a user", "modified": "2019-12-02T00:00:00", "id": "FEDORA_2007-554.NASL", "href": "https://www.tenable.com/plugins/nessus/25379", "published": "2007-06-04T00:00:00", "title": "Fedora Core 5 : firefox-1.5.0.12-1.fc5 (2007-554)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2007-554.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(25379);\n script_version (\"1.16\");\n script_cvs_date(\"Date: 2019/08/02 13:32:26\");\n\n script_xref(name:\"FEDORA\", value:\"2007-554\");\n\n script_name(english:\"Fedora Core 5 : firefox-1.5.0.12-1.fc5 (2007-554)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora Core host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated firefox packages that fix several security bugs are now\navailable for Fedora Core 5.\n\nThis update has been rated as having critical security impact by the\nFedora Security Response Team.\n\nMozilla Firefox is an open source Web browser.\n\nSeveral flaws were found in the way Firefox processed certain\nmalformed JavaScript code. A web page containing malicious JavaScript\ncode could cause Firefox to crash or potentially execute arbitrary\ncode as the user running Firefox. (CVE-2007-2867, CVE-2007-2868)\n\nA flaw was found in the way Firefox handled certain FTP PASV commands.\nA malicious FTP server could use this flaw to perform a rudimentary\nport-scan of machines behind a user's firewall. (CVE-2007-1562)\n\nSeveral denial of service flaws were found in the way Firefox handled\ncertain form and cookie data. A malicious website that is able to set\narbitrary form and cookie data could prevent Firefox from functioning\nproperly. (CVE-2007-1362, CVE-2007-2869)\n\nA flaw was found in the way Firefox handled the addEventListener\nJavaScript method. A malicious website could use this method to access\nor modify sensitive data from another website. (CVE-2007-2870)\n\nA flaw was found in the way Firefox displayed certain web content. A\nmalicious web page could generate content that would overlay user\ninterface elements such as the hostname and security indicators,\ntricking users into thinking they are visiting a different site.\n(CVE-2007-2871)\n\nUsers of Firefox are advised to upgrade to these erratum packages,\nwhich contain Firefox version 1.5.0.12 that corrects these issues.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2007-May/001770.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c788a34e\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected firefox and / or firefox-debuginfo packages.\"\n );\n script_set_attribute(attribute:\"risk_factor\", value:\"High\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:firefox-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora_core:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/05/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/06/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 5.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC5\", reference:\"firefox-1.5.0.12-1.fc5\")) flag++;\nif (rpm_check(release:\"FC5\", reference:\"firefox-debuginfo-1.5.0.12-1.fc5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox / firefox-debuginfo\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "exploitdb": [{"lastseen": "2016-02-03T11:05:46", "bulletinFamily": "exploit", "description": "Mozilla FireFox 1.5.x/2.0 FTP PASV Port-Scanning Vulnerability. CVE-2007-1562. Remote exploit for linux platform", "modified": "2007-03-21T00:00:00", "published": "2007-03-21T00:00:00", "id": "EDB-ID:29768", "href": "https://www.exploit-db.com/exploits/29768/", "type": "exploitdb", "title": "Mozilla FireFox 1.5.x/2.0 - FTP PASV Port-Scanning Vulnerability", "sourceData": "source: http://www.securityfocus.com/bid/23082/info\r\n\r\nMozilla Firefox is prone to vulnerability that may allow attackers to obtain potentially sensitive information.\r\n\r\nA successful exploit of this issue would cause the affected application to connect to arbitrary TCP ports and potentially reveal sensitive information about services that are running on the affected computer. Information obtained may aid attackers in further attacks. \r\n\r\nhttps://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/29768.zip", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/29768/"}], "ubuntu": [{"lastseen": "2019-05-29T17:21:32", "bulletinFamily": "unix", "description": "A flaw was discovered in how Firefox handled PASV FTP responses. If a user were tricked into visiting a malicious FTP server, a remote attacker could perform a port-scan of machines within the user\u2019s network, leading to private information disclosure.", "modified": "2007-03-27T00:00:00", "published": "2007-03-27T00:00:00", "id": "USN-443-1", "href": "https://usn.ubuntu.com/443-1/", "title": "Firefox vulnerability", "type": "ubuntu", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:24", "bulletinFamily": "software", "description": "Passive FTP implementation in multiple client allows to use FTP bounce attack for port scanning.", "modified": "2009-01-05T00:00:00", "published": "2009-01-05T00:00:00", "id": "SECURITYVULNS:VULN:7348", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:7348", "title": "Multiple FTP clients FTP bounce attack", "type": "securityvulns", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:26", "bulletinFamily": "software", "description": "Multiple DoS conditions, addEventListener method crossite scripting. Multiple heap oberflows, integer overflows, etc.", "modified": "2007-06-05T00:00:00", "published": "2007-06-05T00:00:00", "id": "SECURITYVULNS:VULN:7761", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:7761", "title": "Mozilla Firefox / Thunderbird / SeaMonkey multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "suse": [{"lastseen": "2016-09-04T12:20:33", "bulletinFamily": "unix", "description": "Various Mozilla family browsers have been updated to their current security release versions.\n#### Solution\nThere is no known workaround, please install the update packages.", "modified": "2007-06-27T15:10:40", "published": "2007-06-27T15:10:40", "id": "SUSE-SA:2007:036", "href": "http://lists.opensuse.org/opensuse-security-announce/2007-06/msg00007.html", "type": "suse", "title": "remote code execution in mozilla,MozillaFirefox,MozillaThunderbird", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "openvas": [{"lastseen": "2017-07-26T08:55:51", "bulletinFamily": "scanner", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n mozilla-hu\n mozilla-irc\n mozilla-calendar\n mozilla-dom-inspector\n mozilla\n mozilla-venkman\n mozilla-mail\n mozilla-deat\n mozilla-devel\n mozilla-cs\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5016317 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "modified": "2017-07-11T00:00:00", "published": "2009-10-10T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=65037", "id": "OPENVAS:65037", "title": "SLES9: Security update for Mozilla suite", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5016317.nasl 6666 2017-07-11 13:13:36Z cfischer $\n# Description: Security update for Mozilla suite\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n mozilla-hu\n mozilla-irc\n mozilla-calendar\n mozilla-dom-inspector\n mozilla\n mozilla-venkman\n mozilla-mail\n mozilla-deat\n mozilla-devel\n mozilla-cs\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5016317 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_id(65037);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2007-2871\", \"CVE-2007-2870\", \"CVE-2007-1558\", \"CVE-2007-1362\", \"CVE-2007-2869\", \"CVE-2007-2867\", \"CVE-2007-2868\", \"CVE-2007-1562\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"SLES9: Security update for Mozilla suite\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"mozilla-hu\", rpm:\"mozilla-hu~1.80_seamonkey_1.0.4~3\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:57:13", "bulletinFamily": "scanner", "description": "Check for the Version of devhelp", "modified": "2017-07-10T00:00:00", "published": "2009-02-27T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=861375", "id": "OPENVAS:861375", "title": "Fedora Update for devhelp FEDORA-2007-0001", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for devhelp FEDORA-2007-0001\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"devhelp on Fedora 7\";\ntag_insight = \"An API document browser for GNOME 2.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2007-May/msg00080.html\");\n script_id(861375);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 16:31:39 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2007-0001\");\n script_cve_id(\"CVE-2007-1362\", \"CVE-2007-1562\", \"CVE-2007-2867\", \"CVE-2007-2868\", \"CVE-2007-2869\", \"CVE-2007-2870\", \"CVE-2007-2871\");\n script_name( \"Fedora Update for devhelp FEDORA-2007-0001\");\n\n script_summary(\"Check for the Version of devhelp\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC7\")\n{\n\n if ((res = isrpmvuln(pkg:\"devhelp\", rpm:\"devhelp~0.13~8.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"devhelp-devel\", rpm:\"devhelp-devel~0.13~8.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"devhelp-debuginfo\", rpm:\"devhelp-debuginfo~0.13~8.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"devhelp\", rpm:\"devhelp~0.13~8.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"devhelp-debuginfo\", rpm:\"devhelp-debuginfo~0.13~8.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"devhelp\", rpm:\"devhelp~0.13~8.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"devhelp-devel\", rpm:\"devhelp-devel~0.13~8.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:36:38", "bulletinFamily": "scanner", "description": "Oracle Linux Local Security Checks ELSA-2007-0400", "modified": "2018-09-28T00:00:00", "published": "2015-10-08T00:00:00", "id": "OPENVAS:1361412562310122700", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122700", "title": "Oracle Linux Local Check: ELSA-2007-0400", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2007-0400.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122700\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-08 14:51:26 +0300 (Thu, 08 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2007-0400\");\n script_tag(name:\"insight\", value:\"ELSA-2007-0400 - Critical: firefox security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2007-0400\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2007-0400.html\");\n script_cve_id(\"CVE-2007-1362\", \"CVE-2007-1562\", \"CVE-2007-2867\", \"CVE-2007-2868\", \"CVE-2007-2869\", \"CVE-2007-2870\", \"CVE-2007-2871\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"devhelp\", rpm:\"devhelp~0.12~11.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"devhelp-devel\", rpm:\"devhelp-devel~0.12~11.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~1.5.0.12~1.el5.0.1\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"firefox-devel\", rpm:\"firefox-devel~1.5.0.12~1.el5.0.1\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"yelp\", rpm:\"yelp~2.16.0~15.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-25T10:56:04", "bulletinFamily": "scanner", "description": "Check for the Version of devhelp", "modified": "2017-07-10T00:00:00", "published": "2009-02-27T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=861205", "id": "OPENVAS:861205", "title": "Fedora Update for devhelp FEDORA-2007-552", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for devhelp FEDORA-2007-552\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"devhelp on Fedora Core 5\";\ntag_insight = \"An API document browser for GNOME 2.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2007-May/msg00067.html\");\n script_id(861205);\n script_version(\"$Revision: 6622 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 07:52:50 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 16:31:39 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2007-552\");\n script_cve_id(\"CVE-2007-2867\", \"CVE-2007-2868\", \"CVE-2007-1562\", \"CVE-2007-1362\", \"CVE-2007-2869\", \"CVE-2007-1558\", \"CVE-2007-2870\", \"CVE-2007-2871\");\n script_name( \"Fedora Update for devhelp FEDORA-2007-552\");\n\n script_summary(\"Check for the Version of devhelp\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora_core\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC5\")\n{\n\n if ((res = isrpmvuln(pkg:\"devhelp\", rpm:\"devhelp~0.11~7.fc5\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/devhelp\", rpm:\"x86_64/devhelp~0.11~7.fc5\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/devhelp-devel\", rpm:\"x86_64/devhelp-devel~0.11~7.fc5\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/debug/devhelp-debuginfo\", rpm:\"x86_64/debug/devhelp-debuginfo~0.11~7.fc5\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/devhelp\", rpm:\"i386/devhelp~0.11~7.fc5\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/devhelp-devel\", rpm:\"i386/devhelp-devel~0.11~7.fc5\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/debug/devhelp-debuginfo\", rpm:\"i386/debug/devhelp-debuginfo~0.11~7.fc5\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:56:27", "bulletinFamily": "scanner", "description": "Check for the Version of devhelp", "modified": "2017-07-10T00:00:00", "published": "2009-02-27T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=861268", "id": "OPENVAS:861268", "title": "Fedora Update for devhelp FEDORA-2007-549", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for devhelp FEDORA-2007-549\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"devhelp on Fedora Core 6\";\ntag_insight = \"An API document browser for GNOME 2.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2007-May/msg00062.html\");\n script_id(861268);\n script_version(\"$Revision: 6622 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 07:52:50 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 16:31:39 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2007-549\");\n script_cve_id(\"CVE-2007-2867\", \"CVE-2007-2868\", \"CVE-2007-1562\", \"CVE-2007-1362\", \"CVE-2007-2869\", \"CVE-2007-2870\", \"CVE-2007-2871\");\n script_name( \"Fedora Update for devhelp FEDORA-2007-549\");\n\n script_summary(\"Check for the Version of devhelp\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora_core\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC6\")\n{\n\n if ((res = isrpmvuln(pkg:\"devhelp\", rpm:\"devhelp~0.12~11.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/devhelp-devel\", rpm:\"x86_64/devhelp-devel~0.12~11.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/devhelp\", rpm:\"x86_64/devhelp~0.12~11.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/debug/devhelp-debuginfo\", rpm:\"x86_64/debug/devhelp-debuginfo~0.12~11.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/devhelp-devel\", rpm:\"i386/devhelp-devel~0.12~11.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/debug/devhelp-debuginfo\", rpm:\"i386/debug/devhelp-debuginfo~0.12~11.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/devhelp\", rpm:\"i386/devhelp~0.12~11.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:39:09", "bulletinFamily": "scanner", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n mozilla-hu\n mozilla-irc\n mozilla-calendar\n mozilla-dom-inspector\n mozilla\n mozilla-venkman\n mozilla-mail\n mozilla-deat\n mozilla-devel\n mozilla-cs\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5016317 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "modified": "2018-04-06T00:00:00", "published": "2009-10-10T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231065037", "id": "OPENVAS:136141256231065037", "type": "openvas", "title": "SLES9: Security update for Mozilla suite", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5016317.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Security update for Mozilla suite\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n mozilla-hu\n mozilla-irc\n mozilla-calendar\n mozilla-dom-inspector\n mozilla\n mozilla-venkman\n mozilla-mail\n mozilla-deat\n mozilla-devel\n mozilla-cs\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5016317 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.65037\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2007-2871\", \"CVE-2007-2870\", \"CVE-2007-1558\", \"CVE-2007-1362\", \"CVE-2007-2869\", \"CVE-2007-2867\", \"CVE-2007-2868\", \"CVE-2007-1562\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"SLES9: Security update for Mozilla suite\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"mozilla-hu\", rpm:\"mozilla-hu~1.80_seamonkey_1.0.4~3\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:56:14", "bulletinFamily": "scanner", "description": "Check for the Version of yelp", "modified": "2017-07-10T00:00:00", "published": "2009-02-27T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=861004", "id": "OPENVAS:861004", "title": "Fedora Update for yelp FEDORA-2007-552", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for yelp FEDORA-2007-552\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"yelp on Fedora Core 5\";\ntag_insight = \"Yelp is the Gnome 2 help/documentation browser. It is designed\n to help you browse all the documentation on your system in\n one central tool.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2007-May/msg00068.html\");\n script_id(861004);\n script_version(\"$Revision: 6622 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 07:52:50 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 16:31:39 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2007-552\");\n script_cve_id(\"CVE-2007-2867\", \"CVE-2007-2868\", \"CVE-2007-1562\", \"CVE-2007-1362\", \"CVE-2007-2869\", \"CVE-2007-1558\", \"CVE-2007-2870\", \"CVE-2007-2871\");\n script_name( \"Fedora Update for yelp FEDORA-2007-552\");\n\n script_summary(\"Check for the Version of yelp\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora_core\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC5\")\n{\n\n if ((res = isrpmvuln(pkg:\"yelp\", rpm:\"yelp~2.14.3~5.fc5\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/debug/yelp-debuginfo\", rpm:\"x86_64/debug/yelp-debuginfo~2.14.3~5.fc5\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/yelp\", rpm:\"x86_64/yelp~2.14.3~5.fc5\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/yelp\", rpm:\"i386/yelp~2.14.3~5.fc5\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/debug/yelp-debuginfo\", rpm:\"i386/debug/yelp-debuginfo~2.14.3~5.fc5\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:57:14", "bulletinFamily": "scanner", "description": "Check for the Version of yelp", "modified": "2017-07-10T00:00:00", "published": "2009-02-27T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=861555", "id": "OPENVAS:861555", "title": "Fedora Update for yelp FEDORA-2007-0001", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for yelp FEDORA-2007-0001\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"yelp on Fedora 7\";\ntag_insight = \"Yelp is the Gnome 2 help/documentation browser. It is designed\n to help you browse all the documentation on your system in\n one central tool.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2007-May/msg00082.html\");\n script_id(861555);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 16:31:39 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2007-0001\");\n script_cve_id(\"CVE-2007-1362\", \"CVE-2007-1562\", \"CVE-2007-2867\", \"CVE-2007-2868\", \"CVE-2007-2869\", \"CVE-2007-2870\", \"CVE-2007-2871\");\n script_name( \"Fedora Update for yelp FEDORA-2007-0001\");\n\n script_summary(\"Check for the Version of yelp\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC7\")\n{\n\n if ((res = isrpmvuln(pkg:\"yelp\", rpm:\"yelp~2.18.1~4.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"yelp-debuginfo\", rpm:\"yelp-debuginfo~2.18.1~4.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"yelp\", rpm:\"yelp~2.18.1~4.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"yelp\", rpm:\"yelp~2.18.1~4.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"yelp-debuginfo\", rpm:\"yelp-debuginfo~2.18.1~4.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-12T11:20:03", "bulletinFamily": "scanner", "description": "Check for the Version of mozilla,MozillaFirefox,MozillaThunderbird", "modified": "2017-12-08T00:00:00", "published": "2009-01-28T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=850053", "id": "OPENVAS:850053", "title": "SuSE Update for mozilla,MozillaFirefox,MozillaThunderbird SUSE-SA:2007:036", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_suse_2007_036.nasl 8050 2017-12-08 09:34:29Z santu $\n#\n# SuSE Update for mozilla,MozillaFirefox,MozillaThunderbird SUSE-SA:2007:036\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Various Mozilla family browsers have been updated to their current\n security release versions.\n\n The Mozilla Seamonkey suite was brought to security update version\n 1.0.9.\n\n The Mozilla Firefox browser was brought to security update version\n 1.5.0.12 on Novell Linux Desktop 9 and 2.0.0.4 on SUSE Linux Enterprise\n 10, SUSE Linux 10.0, 10.1 and openSUSE 10.2.\n\n The Mozilla Thunderbird mailreader was brought to security update\n version 1.5.0.12 on SUSE Linux 10.0, 10.1 and openSUSE 10.2.\n\n Note that most of the packages were released some weeks ago already,\n only MozillaFirefox for SLE10 Service Pack 1 was missing and released\n today.\n\n The following security issues have been fixed:\n - CVE-2007-2871:\n\n Chris Thomas demonstrated that XUL popups opened by web content\n could be placed outside the boundaries of the content area. This\n could be used to spoof or hide parts of the browser chrome such as\n the location bar.\n\n - CVE-2007-2870:\n\n Mozilla contributor moz_bug_r_a4 demonstrated that the\n addEventListener method could be used to inject script into another\n site in violation of the browser's same-origin policy. This could\n be used to access or modify private or valuable information from\n that other site.\n\n - CVE-2007-1558:\n\n Ga\u00ebtan Leurent informed us of a weakness in APOP authentication\n that could allow an attacker to recover the first part of your mail\n password if the attacker could interpose a malicious mail server on\n your network masquerading as your legitimate mail server. With normal\n settings it could take several hours for the attacker to gather\n enough data to recover just a few characters of the password. This\n result was presented at the Fast Software Encryption 2007 conference.\n\n - CVE-2007-1362:\n\n Nicolas Derouet reported two problems with cookie handling in\n Mozilla clients. Insufficient length checks could be use to exhaust\n browser memory and so to crash the browser or at least slow it done\n by a large degree.\n\n The second issue was that the cookie path and name values were not\n checked for the presence of the delimiter used for internal cookie\n storage, and if present this confused future interpretation of the\n cookie data. This is not considered to be exploitable.\n\n - CVE-2007-2869:\n\n Marcel repor ... \n\n Description truncated, for more information please check the Reference URL\";\n\ntag_impact = \"remote code execution\";\ntag_affected = \"mozilla,MozillaFirefox,MozillaThunderbird on SUSE LINUX 10.1, openSUSE 10.2, SuSE Linux Enterprise Server 8, SUSE SLES 9, Novell Linux Desktop 9, Open Enterprise Server, Novell Linux POS 9, SUSE Linux Enterprise Desktop 10 SP1, SUSE Linux Enterprise Server 10 SP1\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_id(850053);\n script_version(\"$Revision: 8050 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-08 10:34:29 +0100 (Fri, 08 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-01-28 13:40:10 +0100 (Wed, 28 Jan 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"SUSE-SA\", value: \"2007-036\");\n script_cve_id(\"CVE-2007-1362\", \"CVE-2007-1558\", \"CVE-2007-1562\", \"CVE-2007-2867\", \"CVE-2007-2868\", \"CVE-2007-2869\", \"CVE-2007-2870\", \"CVE-2007-2871\");\n script_name( \"SuSE Update for mozilla,MozillaFirefox,MozillaThunderbird SUSE-SA:2007:036\");\n\n script_summary(\"Check for the Version of mozilla,MozillaFirefox,MozillaThunderbird\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"openSUSE10.2\")\n{\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox\", rpm:\"MozillaFirefox~2.0.0.4~1.1\", rls:\"openSUSE10.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox-translations\", rpm:\"MozillaFirefox-translations~2.0.0.4~1.1\", rls:\"openSUSE10.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaThunderbird\", rpm:\"MozillaThunderbird~1.5.0.12~3.2\", rls:\"openSUSE10.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaThunderbird-translations\", rpm:\"MozillaThunderbird-translations~1.5.0.12~3.2\", rls:\"openSUSE10.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey\", rpm:\"seamonkey~1.1.2~1.1\", rls:\"openSUSE10.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-dom-inspector\", rpm:\"seamonkey-dom-inspector~1.1.2~1.1\", rls:\"openSUSE10.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-irc\", rpm:\"seamonkey-irc~1.1.2~1.1\", rls:\"openSUSE10.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-mail\", rpm:\"seamonkey-mail~1.1.2~1.1\", rls:\"openSUSE10.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-spellchecker\", rpm:\"seamonkey-spellchecker~1.1.2~1.1\", rls:\"openSUSE10.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-venkman\", rpm:\"seamonkey-venkman~1.1.2~1.1\", rls:\"openSUSE10.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"SLESSr8\")\n{\n\n if ((res = isrpmvuln(pkg:\"mozilla\", rpm:\"mozilla~1.8_seamonkey_1.0.9~0.3\", rls:\"SLESSr8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-calendar\", rpm:\"mozilla-calendar~1.8_seamonkey_1.0.9~0.3\", rls:\"SLESSr8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-devel\", rpm:\"mozilla-devel~1.8_seamonkey_1.0.9~0.3\", rls:\"SLESSr8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-dom-inspector\", rpm:\"mozilla-dom-inspector~1.8_seamonkey_1.0.9~0.3\", rls:\"SLESSr8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-irc\", rpm:\"mozilla-irc~1.8_seamonkey_1.0.9~0.3\", rls:\"SLESSr8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-mail\", rpm:\"mozilla-mail~1.8_seamonkey_1.0.9~0.3\", rls:\"SLESSr8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-spellchecker\", rpm:\"mozilla-spellchecker~1.8_seamonkey_1.0.9~0.3\", rls:\"SLESSr8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-venkman\", rpm:\"mozilla-venkman~1.8_seamonkey_1.0.9~0.3\", rls:\"SLESSr8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-xmlterm\", rpm:\"mozilla-xmlterm~1.8_seamonkey_1.0.9~0.3\", rls:\"SLESSr8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"NLPOS9\")\n{\n\n if ((res = isrpmvuln(pkg:\"mozilla\", rpm:\"mozilla~1.8_seamonkey_1.0.9~1.2\", rls:\"NLPOS9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-cs\", rpm:\"mozilla-cs~1.8_seamonkey_1.0.4~0.5\", rls:\"NLPOS9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-deat\", rpm:\"mozilla-deat~1.8_seamonkey_1.0.4~0.5\", rls:\"NLPOS9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-devel\", rpm:\"mozilla-devel~1.8_seamonkey_1.0.9~1.2\", rls:\"NLPOS9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-dom-inspector\", rpm:\"mozilla-dom-inspector~1.8_seamonkey_1.0.9~1.2\", rls:\"NLPOS9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-hu\", rpm:\"mozilla-hu~1.80_seamonkey_1.0.4~3\", rls:\"NLPOS9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-irc\", rpm:\"mozilla-irc~1.8_seamonkey_1.0.9~1.2\", rls:\"NLPOS9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-mail\", rpm:\"mozilla-mail~1.8_seamonkey_1.0.9~1.2\", rls:\"NLPOS9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-venkman\", rpm:\"mozilla-venkman~1.8_seamonkey_1.0.9~1.2\", rls:\"NLPOS9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-lib64\", rpm:\"mozilla-lib64~1.6~0.9\", rls:\"NLPOS9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-calendar\", rpm:\"mozilla-calendar~1.8_seamonkey_1.0.9~1.2\", rls:\"NLPOS9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"OES\")\n{\n\n if ((res = isrpmvuln(pkg:\"mozilla\", rpm:\"mozilla~1.8_seamonkey_1.0.9~1.2\", rls:\"OES\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-cs\", rpm:\"mozilla-cs~1.8_seamonkey_1.0.4~0.5\", rls:\"OES\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-deat\", rpm:\"mozilla-deat~1.8_seamonkey_1.0.4~0.5\", rls:\"OES\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-devel\", rpm:\"mozilla-devel~1.8_seamonkey_1.0.9~1.2\", rls:\"OES\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-dom-inspector\", rpm:\"mozilla-dom-inspector~1.8_seamonkey_1.0.9~1.2\", rls:\"OES\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-hu\", rpm:\"mozilla-hu~1.80_seamonkey_1.0.4~3\", rls:\"OES\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-irc\", rpm:\"mozilla-irc~1.8_seamonkey_1.0.9~1.2\", rls:\"OES\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-mail\", rpm:\"mozilla-mail~1.8_seamonkey_1.0.9~1.2\", rls:\"OES\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-venkman\", rpm:\"mozilla-venkman~1.8_seamonkey_1.0.9~1.2\", rls:\"OES\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-lib64\", rpm:\"mozilla-lib64~1.6~0.9\", rls:\"OES\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-calendar\", rpm:\"mozilla-calendar~1.8_seamonkey_1.0.9~1.2\", rls:\"OES\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"SLES9\")\n{\n\n if ((res = isrpmvuln(pkg:\"mozilla\", rpm:\"mozilla~1.8_seamonkey_1.0.9~1.2\", rls:\"SLES9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-cs\", rpm:\"mozilla-cs~1.8_seamonkey_1.0.4~0.5\", rls:\"SLES9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-deat\", rpm:\"mozilla-deat~1.8_seamonkey_1.0.4~0.5\", rls:\"SLES9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-devel\", rpm:\"mozilla-devel~1.8_seamonkey_1.0.9~1.2\", rls:\"SLES9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-dom-inspector\", rpm:\"mozilla-dom-inspector~1.8_seamonkey_1.0.9~1.2\", rls:\"SLES9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-hu\", rpm:\"mozilla-hu~1.80_seamonkey_1.0.4~3\", rls:\"SLES9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-irc\", rpm:\"mozilla-irc~1.8_seamonkey_1.0.9~1.2\", rls:\"SLES9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-mail\", rpm:\"mozilla-mail~1.8_seamonkey_1.0.9~1.2\", rls:\"SLES9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-venkman\", rpm:\"mozilla-venkman~1.8_seamonkey_1.0.9~1.2\", rls:\"SLES9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-lib64\", rpm:\"mozilla-lib64~1.6~0.9\", rls:\"SLES9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-calendar\", rpm:\"mozilla-calendar~1.8_seamonkey_1.0.9~1.2\", rls:\"SLES9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"LES10SP1\")\n{\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox\", rpm:\"MozillaFirefox~2.0.0.4~1.5\", rls:\"LES10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox-translations\", rpm:\"MozillaFirefox-translations~2.0.0.4~1.5\", rls:\"LES10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"NLDk9\")\n{\n\n if ((res = isrpmvuln(pkg:\"mozilla\", rpm:\"mozilla~1.8_seamonkey_1.0.9~1.2\", rls:\"NLDk9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-cs\", rpm:\"mozilla-cs~1.8_seamonkey_1.0.4~0.5\", rls:\"NLDk9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-deat\", rpm:\"mozilla-deat~1.8_seamonkey_1.0.4~0.5\", rls:\"NLDk9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-devel\", rpm:\"mozilla-devel~1.8_seamonkey_1.0.9~1.2\", rls:\"NLDk9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-dom-inspector\", rpm:\"mozilla-dom-inspector~1.8_seamonkey_1.0.9~1.2\", rls:\"NLDk9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-hu\", rpm:\"mozilla-hu~1.80_seamonkey_1.0.4~3\", rls:\"NLDk9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-irc\", rpm:\"mozilla-irc~1.8_seamonkey_1.0.9~1.2\", rls:\"NLDk9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-mail\", rpm:\"mozilla-mail~1.8_seamonkey_1.0.9~1.2\", rls:\"NLDk9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-venkman\", rpm:\"mozilla-venkman~1.8_seamonkey_1.0.9~1.2\", rls:\"NLDk9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-lib64\", rpm:\"mozilla-lib64~1.6~0.9\", rls:\"NLDk9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-calendar\", rpm:\"mozilla-calendar~1.8_seamonkey_1.0.9~1.2\", rls:\"NLDk9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"epiphany\", rpm:\"epiphany~1.2.10~0.6\", rls:\"NLDk9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"epiphany-extensions\", rpm:\"epiphany-extensions~0.8.2~2.7\", rls:\"NLDk9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox\", rpm:\"MozillaFirefox~1.5.0.12~0.1\", rls:\"NLDk9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox-translations\", rpm:\"MozillaFirefox-translations~1.5.0.12~0.1\", rls:\"NLDk9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"SLESDk10SP1\")\n{\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox\", rpm:\"MozillaFirefox~2.0.0.4~1.5\", rls:\"SLESDk10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox-translations\", rpm:\"MozillaFirefox-translations~2.0.0.4~1.5\", rls:\"SLESDk10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"SL10.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"MozillaThunderbird\", rpm:\"MozillaThunderbird~1.5.0.12~2.2\", rls:\"SL10.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaThunderbird-translations\", rpm:\"MozillaThunderbird-translations~1.5.0.12~2.2\", rls:\"SL10.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey\", rpm:\"seamonkey~1.0.9~1.1\", rls:\"SL10.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-calendar\", rpm:\"seamonkey-calendar~1.0.9~1.1\", rls:\"SL10.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-dom-inspector\", rpm:\"seamonkey-dom-inspector~1.0.9~1.1\", rls:\"SL10.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-irc\", rpm:\"seamonkey-irc~1.0.9~1.1\", rls:\"SL10.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-mail\", rpm:\"seamonkey-mail~1.0.9~1.1\", rls:\"SL10.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-spellchecker\", rpm:\"seamonkey-spellchecker~1.0.9~1.1\", rls:\"SL10.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-venkman\", rpm:\"seamonkey-venkman~1.0.9~1.1\", rls:\"SL10.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:56:13", "bulletinFamily": "scanner", "description": "Check for the Version of yelp", "modified": "2017-07-10T00:00:00", "published": "2009-02-27T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=861448", "id": "OPENVAS:861448", "title": "Fedora Update for yelp FEDORA-2007-549", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for yelp FEDORA-2007-549\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"yelp on Fedora Core 6\";\ntag_insight = \"Yelp is the Gnome 2 help/documentation browser. It is designed\n to help you browse all the documentation on your system in\n one central tool.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2007-May/msg00063.html\");\n script_id(861448);\n script_version(\"$Revision: 6622 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 07:52:50 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 16:31:39 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2007-549\");\n script_cve_id(\"CVE-2007-2867\", \"CVE-2007-2868\", \"CVE-2007-1562\", \"CVE-2007-1362\", \"CVE-2007-2869\", \"CVE-2007-2870\", \"CVE-2007-2871\");\n script_name( \"Fedora Update for yelp FEDORA-2007-549\");\n\n script_summary(\"Check for the Version of yelp\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora_core\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC6\")\n{\n\n if ((res = isrpmvuln(pkg:\"yelp\", rpm:\"yelp~2.16.0~13.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/debug/yelp-debuginfo\", rpm:\"x86_64/debug/yelp-debuginfo~2.16.0~13.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/yelp\", rpm:\"x86_64/yelp~2.16.0~13.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/debug/yelp-debuginfo\", rpm:\"i386/debug/yelp-debuginfo~2.16.0~13.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/yelp\", rpm:\"i386/yelp~2.16.0~13.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "redhat": [{"lastseen": "2019-08-13T18:46:57", "bulletinFamily": "unix", "description": "SeaMonkey is an open source Web browser, advanced email and newsgroup\r\nclient, IRC chat client, and HTML editor.\r\n\r\nSeveral flaws were found in the way SeaMonkey processed certain malformed\r\nJavaScript code. A web page containing malicious JavaScript code could\r\ncause SeaMonkey to crash or potentially execute arbitrary code as\r\nthe user running SeaMonkey. (CVE-2007-2867, CVE-2007-2868)\r\n\r\nA flaw was found in the way SeaMonkey handled certain FTP PASV commands. A\r\nmalicious FTP server could use this flaw to perform a rudimentary port-scan\r\nof machines behind a user's firewall. (CVE-2007-1562)\r\n\r\nSeveral denial of service flaws were found in the way SeaMonkey handled\r\ncertain form and cookie data. A malicious web site that is able to set\r\narbitrary form and cookie data could prevent SeaMonkey from\r\nfunctioning properly. (CVE-2007-1362, CVE-2007-2869)\r\n\r\nA flaw was found in the way SeaMonkey processed certain APOP authentication\r\nrequests. By sending certain responses when SeaMonkey attempted to\r\nauthenticate against an APOP server, a remote attacker could potentially\r\nacquire certain portions of a user's authentication credentials.\r\n(CVE-2007-1558)\r\n\r\nA flaw was found in the way SeaMonkey handled the addEventListener\r\nJavaScript method. A malicious web site could use this method to access or\r\nmodify sensitive data from another web site. (CVE-2007-2870)\r\n\r\nA flaw was found in the way SeaMonkey displayed certain web content. A\r\nmalicious web page could generate content that would overlay user\r\ninterface elements such as the hostname and security indicators, tricking \r\nusers into thinking they are visiting a different site. (CVE-2007-2871) \r\n\r\nUsers of SeaMonkey are advised to upgrade to these erratum packages, which\r\ncontain SeaMonkey version 1.0.9 that corrects these issues.", "modified": "2019-03-22T23:42:30", "published": "2007-05-30T04:00:00", "id": "RHSA-2007:0402", "href": "https://access.redhat.com/errata/RHSA-2007:0402", "type": "redhat", "title": "(RHSA-2007:0402) Critical: seamonkey security update", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:45:46", "bulletinFamily": "unix", "description": "Mozilla Firefox is an open source Web browser.\r\n\r\nSeveral flaws were found in the way Firefox processed certain malformed\r\nJavaScript code. A web page containing malicious JavaScript code could\r\ncause Firefox to crash or potentially execute arbitrary code as the user\r\nrunning Firefox. (CVE-2007-2867, CVE-2007-2868)\r\n\r\nA flaw was found in the way Firefox handled certain FTP PASV commands. A\r\nmalicious FTP server could use this flaw to perform a rudimentary\r\nport-scan of machines behind a user's firewall. (CVE-2007-1562)\r\n\r\nSeveral denial of service flaws were found in the way Firefox handled\r\ncertain form and cookie data. A malicious web site that is able to set\r\narbitrary form and cookie data could prevent Firefox from\r\nfunctioning properly. (CVE-2007-1362, CVE-2007-2869)\r\n\r\nA flaw was found in the way Firefox handled the addEventListener\r\nJavaScript method. A malicious web site could use this method to access or\r\nmodify sensitive data from another web site. (CVE-2007-2870)\r\n\r\nA flaw was found in the way Firefox displayed certain web content. A\r\nmalicious web page could generate content that would overlay user\r\ninterface elements such as the hostname and security indicators, tricking \r\nusers into thinking they are visiting a different site. (CVE-2007-2871)\r\n\r\nUsers of Firefox are advised to upgrade to these erratum packages, which\r\ncontain Firefox version 1.5.0.12 that corrects these issues.", "modified": "2017-09-08T11:55:06", "published": "2007-05-30T04:00:00", "id": "RHSA-2007:0400", "href": "https://access.redhat.com/errata/RHSA-2007:0400", "type": "redhat", "title": "(RHSA-2007:0400) Critical: firefox security update", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "centos": [{"lastseen": "2019-05-29T18:34:06", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2007:0402\n\n\nSeaMonkey is an open source Web browser, advanced email and newsgroup\r\nclient, IRC chat client, and HTML editor.\r\n\r\nSeveral flaws were found in the way SeaMonkey processed certain malformed\r\nJavaScript code. A web page containing malicious JavaScript code could\r\ncause SeaMonkey to crash or potentially execute arbitrary code as\r\nthe user running SeaMonkey. (CVE-2007-2867, CVE-2007-2868)\r\n\r\nA flaw was found in the way SeaMonkey handled certain FTP PASV commands. A\r\nmalicious FTP server could use this flaw to perform a rudimentary port-scan\r\nof machines behind a user's firewall. (CVE-2007-1562)\r\n\r\nSeveral denial of service flaws were found in the way SeaMonkey handled\r\ncertain form and cookie data. A malicious web site that is able to set\r\narbitrary form and cookie data could prevent SeaMonkey from\r\nfunctioning properly. (CVE-2007-1362, CVE-2007-2869)\r\n\r\nA flaw was found in the way SeaMonkey processed certain APOP authentication\r\nrequests. By sending certain responses when SeaMonkey attempted to\r\nauthenticate against an APOP server, a remote attacker could potentially\r\nacquire certain portions of a user's authentication credentials.\r\n(CVE-2007-1558)\r\n\r\nA flaw was found in the way SeaMonkey handled the addEventListener\r\nJavaScript method. A malicious web site could use this method to access or\r\nmodify sensitive data from another web site. (CVE-2007-2870)\r\n\r\nA flaw was found in the way SeaMonkey displayed certain web content. A\r\nmalicious web page could generate content that would overlay user\r\ninterface elements such as the hostname and security indicators, tricking \r\nusers into thinking they are visiting a different site. (CVE-2007-2871) \r\n\r\nUsers of SeaMonkey are advised to upgrade to these erratum packages, which\r\ncontain SeaMonkey version 1.0.9 that corrects these issues.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2007-June/013852.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-June/013853.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-June/013856.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-June/013858.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-May/013845.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-May/013846.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-May/013847.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-May/013848.html\n\n**Affected packages:**\ndevhelp\ndevhelp-devel\nseamonkey\nseamonkey-chat\nseamonkey-devel\nseamonkey-dom-inspector\nseamonkey-js-debugger\nseamonkey-mail\nseamonkey-nspr\nseamonkey-nspr-devel\nseamonkey-nss\nseamonkey-nss-devel\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2007-0402.html", "modified": "2007-06-02T10:28:51", "published": "2007-05-31T21:23:00", "href": "http://lists.centos.org/pipermail/centos-announce/2007-May/013845.html", "id": "CESA-2007:0402", "title": "devhelp, seamonkey security update", "type": "centos", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:33:22", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2007:0402-01\n\n\nSeaMonkey is an open source Web browser, advanced email and newsgroup\r\nclient, IRC chat client, and HTML editor.\r\n\r\nSeveral flaws were found in the way SeaMonkey processed certain malformed\r\nJavaScript code. A web page containing malicious JavaScript code could\r\ncause SeaMonkey to crash or potentially execute arbitrary code as\r\nthe user running SeaMonkey. (CVE-2007-2867, CVE-2007-2868)\r\n\r\nA flaw was found in the way SeaMonkey handled certain FTP PASV commands. A\r\nmalicious FTP server could use this flaw to perform a rudimentary port-scan\r\nof machines behind a user's firewall. (CVE-2007-1562)\r\n\r\nSeveral denial of service flaws were found in the way SeaMonkey handled\r\ncertain form and cookie data. A malicious web site that is able to set\r\narbitrary form and cookie data could prevent SeaMonkey from\r\nfunctioning properly. (CVE-2007-1362, CVE-2007-2869)\r\n\r\nA flaw was found in the way SeaMonkey processed certain APOP authentication\r\nrequests. By sending certain responses when SeaMonkey attempted to\r\nauthenticate against an APOP server, a remote attacker could potentially\r\nacquire certain portions of a user's authentication credentials.\r\n(CVE-2007-1558)\r\n\r\nA flaw was found in the way SeaMonkey handled the addEventListener\r\nJavaScript method. A malicious web site could use this method to access or\r\nmodify sensitive data from another web site. (CVE-2007-2870)\r\n\r\nA flaw was found in the way SeaMonkey displayed certain web content. A\r\nmalicious web page could generate content that would overlay user\r\ninterface elements such as the hostname and security indicators, tricking \r\nusers into thinking they are visiting a different site. (CVE-2007-2871) \r\n\r\nUsers of SeaMonkey are advised to upgrade to these erratum packages, which\r\ncontain SeaMonkey version 1.0.9 that corrects these issues.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2007-May/013851.html\n\n**Affected packages:**\nseamonkey\nseamonkey-chat\nseamonkey-devel\nseamonkey-dom-inspector\nseamonkey-js-debugger\nseamonkey-mail\nseamonkey-nspr\nseamonkey-nspr-devel\nseamonkey-nss\nseamonkey-nss-devel\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/rh21as-errata.html", "modified": "2007-05-31T23:03:51", "published": "2007-05-31T23:03:51", "href": "http://lists.centos.org/pipermail/centos-announce/2007-May/013851.html", "id": "CESA-2007:0402-01", "title": "seamonkey security update", "type": "centos", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:33:52", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2007:0400\n\n\nMozilla Firefox is an open source Web browser.\r\n\r\nSeveral flaws were found in the way Firefox processed certain malformed\r\nJavaScript code. A web page containing malicious JavaScript code could\r\ncause Firefox to crash or potentially execute arbitrary code as the user\r\nrunning Firefox. (CVE-2007-2867, CVE-2007-2868)\r\n\r\nA flaw was found in the way Firefox handled certain FTP PASV commands. A\r\nmalicious FTP server could use this flaw to perform a rudimentary\r\nport-scan of machines behind a user's firewall. (CVE-2007-1562)\r\n\r\nSeveral denial of service flaws were found in the way Firefox handled\r\ncertain form and cookie data. A malicious web site that is able to set\r\narbitrary form and cookie data could prevent Firefox from\r\nfunctioning properly. (CVE-2007-1362, CVE-2007-2869)\r\n\r\nA flaw was found in the way Firefox handled the addEventListener\r\nJavaScript method. A malicious web site could use this method to access or\r\nmodify sensitive data from another web site. (CVE-2007-2870)\r\n\r\nA flaw was found in the way Firefox displayed certain web content. A\r\nmalicious web page could generate content that would overlay user\r\ninterface elements such as the hostname and security indicators, tricking \r\nusers into thinking they are visiting a different site. (CVE-2007-2871)\r\n\r\nUsers of Firefox are advised to upgrade to these erratum packages, which\r\ncontain Firefox version 1.5.0.12 that corrects these issues.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2007-June/013854.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-June/013857.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-June/013859.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-June/013860.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-June/013861.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-June/013862.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-June/013863.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-June/013864.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-May/013841.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-May/013842.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-May/013849.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-May/013850.html\n\n**Affected packages:**\ndevhelp\ndevhelp-devel\nfirefox\nfirefox-devel\nyelp\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2007-0400.html", "modified": "2007-06-02T10:46:03", "published": "2007-05-31T21:22:44", "href": "http://lists.centos.org/pipermail/centos-announce/2007-May/013841.html", "id": "CESA-2007:0400", "title": "devhelp, firefox, yelp security update", "type": "centos", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:39:28", "bulletinFamily": "unix", "description": " devhelp-0.10-0.8.el4:\n \n [0.10-0.8.el4]\n - Rebuild against newer gecko\n \n \n seamonkey-1.0.9-2.el4.0.1:\n \n [1.0.9-2.el4.0.1]\n - Add mozilla-oracle-default-bookmarks.html, \n mozilla-oracle-default-prefs.js,\n - and mozilla-home-page.patch for errata build\n \n [1.0.9-2.el4]\n - Final bits, plus an s390x build fix\n \n [1.0.9-0.1.el4]\n - Update to 1.0.9 (RC) ", "modified": "2007-05-31T00:00:00", "published": "2007-05-31T00:00:00", "id": "ELSA-2007-0402", "href": "http://linux.oracle.com/errata/ELSA-2007-0402.html", "title": "Critical: seamonkey security update ", "type": "oraclelinux", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:38:03", "bulletinFamily": "unix", "description": " [1.5.0.12-0.1.el4.1.0]\n - Add firefox-oracle-default-bookmarks.html and \n firefox-oracle-default-prefs.js for errata rebuild\n \n [1.5.0.12-0.1.el4]\n - Update to 1.5.0.12 ", "modified": "2007-05-31T00:00:00", "published": "2007-05-31T00:00:00", "id": "ELSA-2007-0400", "href": "http://linux.oracle.com/errata/ELSA-2007-0400.html", "title": "Critical: firefox security update ", "type": "oraclelinux", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}]}