{"id": "OPENVAS:870472", "type": "openvas", "bulletinFamily": "scanner", "title": "RedHat Update for firefox RHSA-2011:1164-01", "description": "Check for the Version of firefox", "published": "2011-08-19T00:00:00", "modified": "2017-07-12T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=870472", "reporter": "Copyright (c) 2011 Greenbone Networks GmbH", "references": ["https://www.redhat.com/archives/rhsa-announce/2011-August/msg00013.html", "2011:1164-01"], "cvelist": ["CVE-2011-2982", "CVE-2011-2984", "CVE-2011-2378", "CVE-2011-0084", "CVE-2011-2983", "CVE-2011-2981"], "lastseen": "2017-07-27T10:55:06", "viewCount": 0, "enchantments": {"score": {"value": 8.2, "vector": "NONE", "modified": "2017-07-27T10:55:06", "rev": 2}, "dependencies": {"references": [{"type": "debian", "idList": ["DEBIAN:DSA-2296-1:1BC31", "DEBIAN:DSA-2295-1:07B34", "DEBIAN:BSA-046:D9C0C", "DEBIAN:DSA-2297-1:5713C"]}, {"type": "ubuntu", "idList": ["USN-1184-1", "USN-1185-1"]}, {"type": "oraclelinux", "idList": ["ELSA-2011-1167", "ELSA-2011-1165", "ELSA-2011-1164", "ELSA-2011-1166"]}, {"type": "centos", "idList": ["CESA-2011:1165", "CESA-2011:1164", "CESA-2011:1167"]}, {"type": "redhat", "idList": ["RHSA-2011:1164", "RHSA-2011:1166", "RHSA-2011:1165"]}, {"type": "nessus", "idList": ["ORACLELINUX_ELSA-2011-1164.NASL", "DEBIAN_DSA-2297.NASL", "DEBIAN_DSA-2296.NASL", "UBUNTU_USN-1185-1.NASL", "REDHAT-RHSA-2011-1164.NASL", "UBUNTU_USN-1184-1.NASL", "SUSE_11_4_MOZILLATHUNDERBIRD-110826.NASL", "DEBIAN_DSA-2295.NASL", "CENTOS_RHSA-2011-1164.NASL", "SL_20110816_FIREFOX_ON_SL4_X.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310880979", "OPENVAS:1361412562310881006", "OPENVAS:136141256231070230", "OPENVAS:1361412562310840727", "OPENVAS:1361412562310122108", "OPENVAS:881413", "OPENVAS:1361412562310881429", "OPENVAS:840727", "OPENVAS:1361412562310881270", "OPENVAS:1361412562310840731"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2011:0935-2", "SUSE-SU-2011:0967-1", "OPENSUSE-SU-2011:0958-1"]}, {"type": "cve", "idList": ["CVE-2011-2983", "CVE-2011-2982", "CVE-2011-2981", "CVE-2011-0084", "CVE-2011-2378", "CVE-2011-2984"]}], "modified": "2017-07-27T10:55:06", "rev": 2}, "vulnersScore": 8.2}, "pluginID": "870472", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for firefox RHSA-2011:1164-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Mozilla Firefox is an open source web browser. XULRunner provides the XUL\n Runtime environment for Mozilla Firefox.\n\n Several flaws were found in the processing of malformed web content. A web\n page containing malicious content could cause Firefox to crash or,\n potentially, execute arbitrary code with the privileges of the user running\n Firefox. (CVE-2011-2982)\n \n A dangling pointer flaw was found in the Firefox Scalable Vector Graphics\n (SVG) text manipulation routine. A web page containing a malicious SVG\n image could cause Firefox to crash or, potentially, execute arbitrary code\n with the privileges of the user running Firefox. (CVE-2011-0084)\n \n A dangling pointer flaw was found in the way Firefox handled a certain\n Document Object Model (DOM) element. A web page containing malicious\n content could cause Firefox to crash or, potentially, execute arbitrary\n code with the privileges of the user running Firefox. (CVE-2011-2378)\n \n A flaw was found in the event management code in Firefox. A website\n containing malicious JavaScript could cause Firefox to execute that\n JavaScript with the privileges of the user running Firefox. (CVE-2011-2981)\n \n A flaw was found in the way Firefox handled malformed JavaScript. A web\n page containing malicious JavaScript could cause Firefox to access already\n freed memory, causing Firefox to crash or, potentially, execute arbitrary\n code with the privileges of the user running Firefox. (CVE-2011-2983)\n \n It was found that a malicious web page could execute arbitrary code with\n the privileges of the user running Firefox if the user dropped a tab onto\n the malicious web page. (CVE-2011-2984)\n \n For technical details regarding these flaws, refer to the Mozilla security\n advisories for Firefox 3.6.20. You can find a link to the Mozilla\n advisories in the References section of this erratum.\n \n All Firefox users should upgrade to these updated packages, which contain\n Firefox version 3.6.20, which corrects these issues. After installing the\n update, Firefox must be restarted for the changes to take effect.\";\n\ntag_affected = \"firefox on Red Hat Enterprise Linux (v. 5 server),\n Red Hat Enterprise Linux AS version 4,\n Red Hat Enterprise Linux ES version 4,\n Red Hat Enterprise Linux WS version 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2011-August/msg00013.html\");\n script_id(870472);\n script_version(\"$Revision: 6685 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:44:46 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-19 15:17:22 +0200 (Fri, 19 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"RHSA\", value: \"2011:1164-01\");\n script_cve_id(\"CVE-2011-0084\", \"CVE-2011-2378\", \"CVE-2011-2981\", \"CVE-2011-2982\", \"CVE-2011-2983\", \"CVE-2011-2984\");\n script_name(\"RedHat Update for firefox RHSA-2011:1164-01\");\n\n script_summary(\"Check for the Version of firefox\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~3.6.20~2.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-debuginfo\", rpm:\"firefox-debuginfo~3.6.20~2.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xulrunner\", rpm:\"xulrunner~1.9.2.20~2.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xulrunner-debuginfo\", rpm:\"xulrunner-debuginfo~1.9.2.20~2.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xulrunner-devel\", rpm:\"xulrunner-devel~1.9.2.20~2.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"RHENT_4\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~3.6.20~2.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-debuginfo\", rpm:\"firefox-debuginfo~3.6.20~2.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "naslFamily": "Red Hat Local Security Checks"}

{"debian": [{"lastseen": "2019-05-30T02:22:25", "bulletinFamily": "unix", "cvelist": ["CVE-2011-2982", "CVE-2011-2984", "CVE-2011-2378", "CVE-2011-0084", "CVE-2011-2983", "CVE-2011-2981"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2295-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nAugust 17, 2011 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : iceape\nVulnerability : several\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2011-0084 CVE-2011-2378 CVE-2011-2981 CVE-2011-2982 \n CVE-2011-2983 CVE-2011-2984 \n\nSeveral vulnerabilities have been found in the Iceape internet suite, an\nunbranded version of Seamonkey:\n\nCVE-2011-0084\n\n &quot;regenrecht&quot; discovered that incorrect pointer handling in the SVG \n processing code could lead to the execution of arbitrary code.\n\nCVE-2011-2378\n\n &quot;regenrecht&quot; discovered that incorrect memory management in DOM\n processing could lead to the execution of arbitrary code.\n\nCVE-2011-2981\n\n &quot;moz_bug_r_a_4&quot; discovered a Chrome privilege escalation\n vulnerability in the event handler code.\n\nCVE-2011-2982\n\n Gary Kwong, Igor Bukanov, Nils and Bob Clary discovered memory\n corruption bugs, which may lead to the execution of arbitrary code.\n\nCVE-2011-2983\n\n &quot;shutdown&quot; discovered an information leak in the handling of\n RegExp.input.\n\nCVE-2011-2984\n\n &quot;moz_bug_r_a4&quot; discovered a Chrome privilege escalation\n vulnerability.\n\nThe oldstable distribution (lenny) is not affected. The iceape\npackage only provides the XPCOM code.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 2.0.11-7.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2.0.14-5.\n\nWe recommend that you upgrade your iceape packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n\n", "edition": 2, "modified": "2011-08-17T17:54:12", "published": "2011-08-17T17:54:12", "id": "DEBIAN:DSA-2295-1:07B34", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2011/msg00169.html", "title": "[SECURITY] [DSA 2295-1] iceape security update", "type": "debian", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-11-11T13:16:44", "bulletinFamily": "unix", "cvelist": ["CVE-2011-2982", "CVE-2011-2984", "CVE-2011-2378", "CVE-2011-0084", "CVE-2011-2983", "CVE-2011-2981"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2297-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nAugust 21, 2011 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : icedove\nVulnerability : several\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2011-0084 CVE-2011-2378 CVE-2011-2981 CVE-2011-2982 \n CVE-2011-2983 CVE-2011-2984 \n\nSeveral vulnerabilities have been discovered in Icedove, an unbranded\nversion of the Thunderbird mail/news client.\n\nCVE-2011-0084\n\n &quot;regenrecht&quot; discovered that incorrect pointer handling in the SVG\n processing code could lead to the execution of arbitrary code.\n\nCVE-2011-2378\n\n &quot;regenrecht&quot; discovered that incorrect memory management in DOM\n processing could lead to the execution of arbitrary code.\n\nCVE-2011-2981\n\n &quot;moz_bug_r_a_4&quot; discovered a Chrome privilege escalation\n vulnerability in the event handler code.\n\nCVE-2011-2982\n\n Gary Kwong, Igor Bukanov, Nils and Bob Clary discovered memory\n corruption bugs, which may lead to the execution of arbitrary code.\n\nCVE-2011-2983\n\n &quot;shutdown&quot; discovered an information leak in the handling of\n RegExp.input.\n\nCVE-2011-2984\n\n &quot;moz_bug_r_a4&quot; discovered a Chrome privilege escalation vulnerability.\n\n\nAs indicated in the Lenny (oldstable) release notes, security support for\nthe Icedove packages in the oldstable needed to be stopped before the end\nof the regular Lenny security maintenance life cycle.\nYou are strongly encouraged to upgrade to stable or switch to a different\nmail client.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 3.0.11-1+squeeze4.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 3.1.12-1.\n\nWe recommend that you upgrade your iceweasel packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 3, "modified": "2011-08-21T19:15:08", "published": "2011-08-21T19:15:08", "id": "DEBIAN:DSA-2297-1:5713C", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2011/msg00171.html", "title": "[SECURITY] [DSA 2297-1] icedove security update", "type": "debian", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-30T02:21:31", "bulletinFamily": "unix", "cvelist": ["CVE-2011-2982", "CVE-2011-2984", "CVE-2011-2378", "CVE-2011-0084", "CVE-2011-2983", "CVE-2011-2981"], "description": "Christoph G\u00f6hre uploaded new packages for icedove which fixed the following\nsecurity problems:\n\nCVE-2011-0084\n\n &quot;regenrecht&quot; discovered that incorrect pointer handling in the SVG\n processing code could lead to the execution of arbitrary code.\n\nCVE-2011-2378\n\n &quot;regenrecht&quot; discovered that incorrect memory management in DOM\n processing could lead to the execution of arbitrary code.\n\nCVE-2011-2981\n\n &quot;moz_bug_r_a_4&quot; discovered a Chrome privilege escalation\n vulnerability in the event handler code.\n\nCVE-2011-2982\n\n Gary Kwong, Igor Bukanov, Nils and Bob Clary discovered memory\n corruption bugs, which may lead to the execution of arbitrary code.\n\nCVE-2011-2983\n\n &quot;shutdown&quot; discovered an information leak in the handling of\n RegExp.input.\n\nCVE-2011-2984\n\n &quot;moz_bug_r_a4&quot; discovered a Chrome privilege escalation vulnerability.\n\n\nFor the squeeze-backports distribution, this problem have been fixed in\nversion 3.1.12-1~bpo60+1.\n\nFor the testing distribution (wheezy), this problem has been fixed in\nversion 3.1.12-1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 3.1.12-1.\n", "edition": 2, "modified": "2011-09-01T07:06:17", "published": "2011-09-01T07:06:17", "id": "DEBIAN:BSA-046:D9C0C", "href": "https://lists.debian.org/debian-backports-announce/2011/debian-backports-announce-201109/msg00000.html", "title": "[BSA-046] Security Update for icedove", "type": "debian", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-11-11T13:15:59", "bulletinFamily": "unix", "cvelist": ["CVE-2011-2982", "CVE-2011-2984", "CVE-2011-2378", "CVE-2011-0084", "CVE-2011-2983", "CVE-2011-2981"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2296-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nAugust 17, 2011 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : iceweasel\nVulnerability : several\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2011-0084 CVE-2011-2378 CVE-2011-2981 CVE-2011-2982 \n CVE-2011-2983 CVE-2011-2984 \n\nSeveral vulnerabilities have been discovered in Iceweasel, a web browser\nbased on Firefox. The included XULRunner library provides rendering\nservices for several other applications included in Debian.\n\nCVE-2011-0084\n\n &quot;regenrecht&quot; discovered that incorrect pointer handling in the SVG\n processing code could lead to the execution of arbitrary code.\n\nCVE-2011-2378\n\n &quot;regenrecht&quot; discovered that incorrect memory management in DOM\n processing could lead to the execution of arbitrary code.\n\nCVE-2011-2981\n\n &quot;moz_bug_r_a_4&quot; discovered a Chrome privilege escalation\n vulnerability in the event handler code.\n\nCVE-2011-2982\n\n Gary Kwong, Igor Bukanov, Nils and Bob Clary discovered memory\n corruption bugs, which may lead to the execution of arbitrary code.\n\nCVE-2011-2983\n\n &quot;shutdown&quot; discovered an information leak in the handling of\n RegExp.input.\n\nCVE-2011-2984\n\n &quot;moz_bug_r_a4&quot; discovered a Chrome privilege escalation vulnerability.\n\n\nFor the oldstable distribution (lenny), this problem has been fixed in\nversion 1.9.0.19-13 of the xulrunner source package.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 3.5.16-9.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 6.0-1\n\nWe recommend that you upgrade your iceweasel packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n\n", "edition": 7, "modified": "2011-08-17T19:30:11", "published": "2011-08-17T19:30:11", "id": "DEBIAN:DSA-2296-1:1BC31", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2011/msg00170.html", "title": "[SECURITY] [DSA 2296-1] iceweasel security update", "type": "debian", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "ubuntu": [{"lastseen": "2020-07-09T00:20:18", "bulletinFamily": "unix", "cvelist": ["CVE-2011-2982", "CVE-2011-2984", "CVE-2011-2378", "CVE-2011-0084", "CVE-2011-2983", "CVE-2011-2981"], "description": "Gary Kwong, Igor Bukanov, and Bob Clary discovered multiple memory \nvulnerabilities in the browser rendering engine. An attacker could use \nthese to possibly execute arbitrary code with the privileges of the user \ninvoking Firefox. (CVE-2011-2982)\n\nIt was discovered that a vulnerability in event management code could \npermit JavaScript to be run in the wrong context. This could potentially \nallow a malicious website to run code as another website or with escalated \nprivileges within the browser. (CVE-2011-2981)\n\nIt was discovered that an SVG text manipulation routine contained a \ndangling pointer vulnerability. An attacker could potentially use this to \ncrash Firefox or execute arbitrary code with the privileges of the user \ninvoking Firefox. (CVE-2011-0084)\n\nIt was discovered that web content could receive chrome privileges if it \nregistered for drop events and a browser tab element was dropped into the \ncontent area. This could potentially allow a malicious website to run code \nwith escalated privileges within the browser. (CVE-2011-2984)\n\nIt was discovered that appendChild contained a dangling pointer \nvulnerability. An attacker could potentially use this to crash Firefox or \nexecute arbitrary code with the privileges of the user invoking Firefox. \n(CVE-2011-2378)\n\nIt was discovered that data from other domains could be read when \nRegExp.input was set. This could potentially allow a malicious website \naccess to private data from other domains. (CVE-2011-2983)", "edition": 5, "modified": "2011-08-19T00:00:00", "published": "2011-08-19T00:00:00", "id": "USN-1184-1", "href": "https://ubuntu.com/security/notices/USN-1184-1", "title": "Firefox and Xulrunner vulnerabilities", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-09T00:32:20", "bulletinFamily": "unix", "cvelist": ["CVE-2011-2982", "CVE-2011-2984", "CVE-2011-2378", "CVE-2011-0084", "CVE-2011-2983", "CVE-2011-2981"], "description": "Gary Kwong, Igor Bukanov, and Bob Clary discovered multiple memory \nvulnerabilities in the Gecko rendering engine. An attacker could use \nthese to possibly execute arbitrary code with the privileges of the user \ninvoking Thunderbird. (CVE-2011-2982)\n\nIt was discovered that a vulnerability in event management code could \npermit JavaScript to be run in the wrong context. This could potentially \nallow a malicious website to run code as another website or with escalated \nprivileges in a chrome-privileged context. (CVE-2011-2981)\n\nIt was discovered that an SVG text manipulation routine contained a \ndangling pointer vulnerability. An attacker could potentially use this to \ncrash Thunderbird or execute arbitrary code with the privileges of the user \ninvoking Thunderbird. (CVE-2011-0084)\n\nIt was discovered that web content could receive chrome privileges if it \nregistered for drop events and a browser tab element was dropped into the \ncontent area. This could potentially allow a malicious website to run code \nwith escalated privileges within Thunderbird. (CVE-2011-2984)\n\nIt was discovered that appendChild contained a dangling pointer \nvulnerability. An attacker could potentially use this to crash Thunderbird \nor execute arbitrary code with the privileges of the user invoking \nThunderbird. (CVE-2011-2378)\n\nIt was discovered that data from other domains could be read when \nRegExp.input was set. This could potentially allow a malicious website \naccess to private data from other domains. (CVE-2011-2983)", "edition": 5, "modified": "2011-08-26T00:00:00", "published": "2011-08-26T00:00:00", "id": "USN-1185-1", "href": "https://ubuntu.com/security/notices/USN-1185-1", "title": "Thunderbird vulnerabilities", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:38:45", "bulletinFamily": "unix", "cvelist": ["CVE-2011-2982", "CVE-2011-2984", "CVE-2011-2378", "CVE-2011-0084", "CVE-2011-2983", "CVE-2011-2981"], "description": " \nfirefox:\r\n \n[3.6.20-2.0.1.el6_1]\r\n- Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat ones\r\n \n[3.6.20-2]\r\n- Update to 3.6.20\r\n \nxulrunner:\r\n \n[1.9.2.20-2.0.1.el6_1]\r\n- Replace xulrunner-redhat-default-prefs.js with\r\n xulrunner-oracle-default-prefs.js\r\n \n[1.9.2.20-2]\r\n- Update to 1.9.2.20", "edition": 4, "modified": "2011-08-16T00:00:00", "published": "2011-08-16T00:00:00", "id": "ELSA-2011-1164", "href": "http://linux.oracle.com/errata/ELSA-2011-1164.html", "title": "firefox security update", "type": "oraclelinux", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:36:53", "bulletinFamily": "unix", "cvelist": ["CVE-2011-2982", "CVE-2011-2378", "CVE-2011-0084"], "description": "[3.1.12-1.0.1.el6_1]\n- Replaced thunderbird-redhat-default-prefs.js with\n thunderbird-oracle-default-prefs.js\n- Replace clean.gif in tarball\n[3.1.12-1]\n- Update to 3.1.12", "edition": 4, "modified": "2011-08-16T00:00:00", "published": "2011-08-16T00:00:00", "id": "ELSA-2011-1166", "href": "http://linux.oracle.com/errata/ELSA-2011-1166.html", "title": "thunderbird security update", "type": "oraclelinux", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:39:07", "bulletinFamily": "unix", "cvelist": ["CVE-2011-2982", "CVE-2011-2983"], "description": "[1.5.0.12-40.0.1.el4]\n- Add thunderbird-oracle-default-prefs.js for errata rebuild and\n remove thunderbird-redhat-default-prefs.js\n- Replaced clean.gif in tarball\n[1.5.0.12-40]\n- Added fixes from 1.9.2.20", "edition": 4, "modified": "2011-08-16T00:00:00", "published": "2011-08-16T00:00:00", "id": "ELSA-2011-1165", "href": "http://linux.oracle.com/errata/ELSA-2011-1165.html", "title": "thunderbird security update", "type": "oraclelinux", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "centos": [{"lastseen": "2020-10-30T13:19:28", "bulletinFamily": "unix", "cvelist": ["CVE-2011-2982", "CVE-2011-2984", "CVE-2011-2378", "CVE-2011-0084", "CVE-2011-2983", "CVE-2011-2981"], "description": "**CentOS Errata and Security Advisory** CESA-2011:1164\n\n\nMozilla Firefox is an open source web browser. XULRunner provides the XUL\nRuntime environment for Mozilla Firefox.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nFirefox. (CVE-2011-2982)\n\nA dangling pointer flaw was found in the Firefox Scalable Vector Graphics\n(SVG) text manipulation routine. A web page containing a malicious SVG\nimage could cause Firefox to crash or, potentially, execute arbitrary code\nwith the privileges of the user running Firefox. (CVE-2011-0084)\n\nA dangling pointer flaw was found in the way Firefox handled a certain\nDocument Object Model (DOM) element. A web page containing malicious\ncontent could cause Firefox to crash or, potentially, execute arbitrary\ncode with the privileges of the user running Firefox. (CVE-2011-2378)\n\nA flaw was found in the event management code in Firefox. A website\ncontaining malicious JavaScript could cause Firefox to execute that\nJavaScript with the privileges of the user running Firefox. (CVE-2011-2981)\n\nA flaw was found in the way Firefox handled malformed JavaScript. A web\npage containing malicious JavaScript could cause Firefox to access already\nfreed memory, causing Firefox to crash or, potentially, execute arbitrary\ncode with the privileges of the user running Firefox. (CVE-2011-2983)\n\nIt was found that a malicious web page could execute arbitrary code with\nthe privileges of the user running Firefox if the user dropped a tab onto\nthe malicious web page. (CVE-2011-2984)\n\nFor technical details regarding these flaws, refer to the Mozilla security\nadvisories for Firefox 3.6.20. You can find a link to the Mozilla\nadvisories in the References section of this erratum.\n\nAll Firefox users should upgrade to these updated packages, which contain\nFirefox version 3.6.20, which corrects these issues. After installing the\nupdate, Firefox must be restarted for the changes to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2011-August/029736.html\nhttp://lists.centos.org/pipermail/centos-announce/2011-August/029737.html\nhttp://lists.centos.org/pipermail/centos-announce/2011-September/029859.html\nhttp://lists.centos.org/pipermail/centos-announce/2011-September/029860.html\nhttp://lists.centos.org/pipermail/centos-announce/2011-September/030092.html\nhttp://lists.centos.org/pipermail/centos-announce/2011-September/030093.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2011-September/006396.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2011-September/006397.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2011-September/006422.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2011-September/006423.html\n\n**Affected packages:**\nfirefox\nxulrunner\nxulrunner-devel\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2011-1164.html", "edition": 11, "modified": "2011-09-22T10:01:30", "published": "2011-08-16T23:27:06", "href": "http://lists.centos.org/pipermail/centos-announce/2011-August/029736.html", "id": "CESA-2011:1164", "title": "firefox, xulrunner security update", "type": "centos", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "redhat": [{"lastseen": "2019-08-13T18:46:09", "bulletinFamily": "unix", "cvelist": ["CVE-2011-0084", "CVE-2011-2378", "CVE-2011-2981", "CVE-2011-2982", "CVE-2011-2983", "CVE-2011-2984"], "description": "Mozilla Firefox is an open source web browser. XULRunner provides the XUL\nRuntime environment for Mozilla Firefox.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nFirefox. (CVE-2011-2982)\n\nA dangling pointer flaw was found in the Firefox Scalable Vector Graphics\n(SVG) text manipulation routine. A web page containing a malicious SVG\nimage could cause Firefox to crash or, potentially, execute arbitrary code\nwith the privileges of the user running Firefox. (CVE-2011-0084)\n\nA dangling pointer flaw was found in the way Firefox handled a certain\nDocument Object Model (DOM) element. A web page containing malicious\ncontent could cause Firefox to crash or, potentially, execute arbitrary\ncode with the privileges of the user running Firefox. (CVE-2011-2378)\n\nA flaw was found in the event management code in Firefox. A website\ncontaining malicious JavaScript could cause Firefox to execute that\nJavaScript with the privileges of the user running Firefox. (CVE-2011-2981)\n\nA flaw was found in the way Firefox handled malformed JavaScript. A web\npage containing malicious JavaScript could cause Firefox to access already\nfreed memory, causing Firefox to crash or, potentially, execute arbitrary\ncode with the privileges of the user running Firefox. (CVE-2011-2983)\n\nIt was found that a malicious web page could execute arbitrary code with\nthe privileges of the user running Firefox if the user dropped a tab onto\nthe malicious web page. (CVE-2011-2984)\n\nFor technical details regarding these flaws, refer to the Mozilla security\nadvisories for Firefox 3.6.20. You can find a link to the Mozilla\nadvisories in the References section of this erratum.\n\nAll Firefox users should upgrade to these updated packages, which contain\nFirefox version 3.6.20, which corrects these issues. After installing the\nupdate, Firefox must be restarted for the changes to take effect.\n", "modified": "2018-06-06T20:24:15", "published": "2011-08-16T04:00:00", "id": "RHSA-2011:1164", "href": "https://access.redhat.com/errata/RHSA-2011:1164", "type": "redhat", "title": "(RHSA-2011:1164) Critical: firefox security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:44:53", "bulletinFamily": "unix", "cvelist": ["CVE-2011-0084", "CVE-2011-2378", "CVE-2011-2982"], "description": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the processing of malformed HTML content.\nMalicious HTML content could cause Thunderbird to crash or, potentially,\nexecute arbitrary code with the privileges of the user running Thunderbird.\n(CVE-2011-2982)\n\nA dangling pointer flaw was found in the Thunderbird Scalable Vector\nGraphics (SVG) text manipulation routine. An HTML mail message containing a\nmalicious SVG image could cause Thunderbird to crash or, potentially,\nexecute arbitrary code with the privileges of the user running Thunderbird.\n(CVE-2011-0084)\n\nA dangling pointer flaw was found in the way Thunderbird handled a certain\nDocument Object Model (DOM) element. An HTML mail message containing\nmalicious content could cause Thunderbird to crash or, potentially, execute\narbitrary code with the privileges of the user running Thunderbird.\n(CVE-2011-2378)\n\nAll Thunderbird users should upgrade to this updated package, which\nresolves these issues. All running instances of Thunderbird must be\nrestarted for the update to take effect.\n", "modified": "2018-06-06T20:24:33", "published": "2011-08-16T04:00:00", "id": "RHSA-2011:1166", "href": "https://access.redhat.com/errata/RHSA-2011:1166", "type": "redhat", "title": "(RHSA-2011:1166) Critical: thunderbird security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:45:47", "bulletinFamily": "unix", "cvelist": ["CVE-2011-2982", "CVE-2011-2983"], "description": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the processing of malformed HTML content.\nMalicious HTML content could cause Thunderbird to crash or, potentially,\nexecute arbitrary code with the privileges of the user running\nThunderbird. (CVE-2011-2982)\n\nA flaw was found in the way Thunderbird handled malformed JavaScript.\nMalicious content could cause Thunderbird to access already freed memory,\ncausing Thunderbird to crash or, potentially, execute arbitrary code with\nthe privileges of the user running Thunderbird. (CVE-2011-2983)\n\nNote: This update disables support for Scalable Vector Graphics (SVG)\nimages in Thunderbird on Red Hat Enterprise Linux 5.\n\nAll Thunderbird users should upgrade to this updated package, which\nresolves these issues. All running instances of Thunderbird must be\nrestarted for the update to take effect.\n", "modified": "2017-09-08T12:17:26", "published": "2011-08-16T04:00:00", "id": "RHSA-2011:1165", "href": "https://access.redhat.com/errata/RHSA-2011:1165", "type": "redhat", "title": "(RHSA-2011:1165) Critical: thunderbird security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:46:53", "bulletinFamily": "unix", "cvelist": ["CVE-2011-2982", "CVE-2011-2983"], "description": "SeaMonkey is an open source web browser, email and newsgroup client, IRC\nchat client, and HTML editor.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause SeaMonkey to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nSeaMonkey. (CVE-2011-2982)\n\nA flaw was found in the way SeaMonkey handled malformed JavaScript. A web\npage containing malicious JavaScript could cause SeaMonkey to access\nalready freed memory, causing SeaMonkey to crash or, potentially, execute\narbitrary code with the privileges of the user running SeaMonkey.\n(CVE-2011-2983)\n\nAll SeaMonkey users should upgrade to these updated packages, which correct\nthese issues. After installing the update, SeaMonkey must be restarted for\nthe changes to take effect.\n", "modified": "2017-09-08T12:08:58", "published": "2011-08-16T04:00:00", "id": "RHSA-2011:1167", "href": "https://access.redhat.com/errata/RHSA-2011:1167", "type": "redhat", "title": "(RHSA-2011:1167) Critical: seamonkey security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2021-01-17T12:46:10", "description": "From Red Hat Security Advisory 2011:1164 :\n\nUpdated firefox packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 4, 5, and 6.\n\nThe Red Hat Security Response Team has rated this update as having\ncritical security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nMozilla Firefox is an open source web browser. XULRunner provides the\nXUL Runtime environment for Mozilla Firefox.\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning Firefox. (CVE-2011-2982)\n\nA dangling pointer flaw was found in the Firefox Scalable Vector\nGraphics (SVG) text manipulation routine. A web page containing a\nmalicious SVG image could cause Firefox to crash or, potentially,\nexecute arbitrary code with the privileges of the user running\nFirefox. (CVE-2011-0084)\n\nA dangling pointer flaw was found in the way Firefox handled a certain\nDocument Object Model (DOM) element. A web page containing malicious\ncontent could cause Firefox to crash or, potentially, execute\narbitrary code with the privileges of the user running Firefox.\n(CVE-2011-2378)\n\nA flaw was found in the event management code in Firefox. A website\ncontaining malicious JavaScript could cause Firefox to execute that\nJavaScript with the privileges of the user running Firefox.\n(CVE-2011-2981)\n\nA flaw was found in the way Firefox handled malformed JavaScript. A\nweb page containing malicious JavaScript could cause Firefox to access\nalready freed memory, causing Firefox to crash or, potentially,\nexecute arbitrary code with the privileges of the user running\nFirefox. (CVE-2011-2983)\n\nIt was found that a malicious web page could execute arbitrary code\nwith the privileges of the user running Firefox if the user dropped a\ntab onto the malicious web page. (CVE-2011-2984)\n\nFor technical details regarding these flaws, refer to the Mozilla\nsecurity advisories for Firefox 3.6.20. You can find a link to the\nMozilla advisories in the References section of this erratum.\n\nAll Firefox users should upgrade to these updated packages, which\ncontain Firefox version 3.6.20, which corrects these issues. After\ninstalling the update, Firefox must be restarted for the changes to\ntake effect.", "edition": 26, "published": "2013-07-12T00:00:00", "title": "Oracle Linux 4 / 5 / 6 : firefox (ELSA-2011-1164)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2982", "CVE-2011-2984", "CVE-2011-2378", "CVE-2011-0084", "CVE-2011-2983", "CVE-2011-2981"], "modified": "2013-07-12T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:xulrunner", "p-cpe:/a:oracle:linux:firefox", "cpe:/o:oracle:linux:5", "cpe:/o:oracle:linux:4", "p-cpe:/a:oracle:linux:xulrunner-devel"], "id": "ORACLELINUX_ELSA-2011-1164.NASL", "href": "https://www.tenable.com/plugins/nessus/68326", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2011:1164 and \n# Oracle Linux Security Advisory ELSA-2011-1164 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(68326);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-0084\", \"CVE-2011-2378\", \"CVE-2011-2981\", \"CVE-2011-2982\", \"CVE-2011-2983\", \"CVE-2011-2984\");\n script_bugtraq_id(49166);\n script_xref(name:\"RHSA\", value:\"2011:1164\");\n\n script_name(english:\"Oracle Linux 4 / 5 / 6 : firefox (ELSA-2011-1164)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2011:1164 :\n\nUpdated firefox packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 4, 5, and 6.\n\nThe Red Hat Security Response Team has rated this update as having\ncritical security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nMozilla Firefox is an open source web browser. XULRunner provides the\nXUL Runtime environment for Mozilla Firefox.\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning Firefox. (CVE-2011-2982)\n\nA dangling pointer flaw was found in the Firefox Scalable Vector\nGraphics (SVG) text manipulation routine. A web page containing a\nmalicious SVG image could cause Firefox to crash or, potentially,\nexecute arbitrary code with the privileges of the user running\nFirefox. (CVE-2011-0084)\n\nA dangling pointer flaw was found in the way Firefox handled a certain\nDocument Object Model (DOM) element. A web page containing malicious\ncontent could cause Firefox to crash or, potentially, execute\narbitrary code with the privileges of the user running Firefox.\n(CVE-2011-2378)\n\nA flaw was found in the event management code in Firefox. A website\ncontaining malicious JavaScript could cause Firefox to execute that\nJavaScript with the privileges of the user running Firefox.\n(CVE-2011-2981)\n\nA flaw was found in the way Firefox handled malformed JavaScript. A\nweb page containing malicious JavaScript could cause Firefox to access\nalready freed memory, causing Firefox to crash or, potentially,\nexecute arbitrary code with the privileges of the user running\nFirefox. (CVE-2011-2983)\n\nIt was found that a malicious web page could execute arbitrary code\nwith the privileges of the user running Firefox if the user dropped a\ntab onto the malicious web page. (CVE-2011-2984)\n\nFor technical details regarding these flaws, refer to the Mozilla\nsecurity advisories for Firefox 3.6.20. You can find a link to the\nMozilla advisories in the References section of this erratum.\n\nAll Firefox users should upgrade to these updated packages, which\ncontain Firefox version 3.6.20, which corrects these issues. After\ninstalling the update, Firefox must be restarted for the changes to\ntake effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2011-August/002284.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2011-August/002286.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2011-August/002287.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected firefox packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:xulrunner\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:xulrunner-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/08/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/08/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(4|5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 4 / 5 / 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL4\", reference:\"firefox-3.6.20-2.0.1.el4\")) flag++;\n\nif (rpm_check(release:\"EL5\", reference:\"firefox-3.6.20-2.0.1.el5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"xulrunner-1.9.2.20-2.0.1.el5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"xulrunner-devel-1.9.2.20-2.0.1.el5\")) flag++;\n\nif (rpm_check(release:\"EL6\", reference:\"firefox-3.6.20-2.0.1.el6_1\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"xulrunner-1.9.2.20-2.0.1.el6_1\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"xulrunner-devel-1.9.2.20-2.0.1.el6_1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox / xulrunner / xulrunner-devel\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-12T09:46:54", "description": "Several vulnerabilities have been discovered in Icedove, an unbranded\nversion of the Thunderbird mail/news client.\n\n - CVE-2011-0084\n 'regenrecht' discovered that incorrect pointer handling\n in the SVG processing code could lead to the execution\n of arbitrary code.\n\n - CVE-2011-2378\n 'regenrecht' discovered that incorrect memory management\n in DOM processing could lead to the execution of\n arbitrary code.\n\n - CVE-2011-2981\n 'moz_bug_r_a_4' discovered a Chrome privilege escalation\n vulnerability in the event handler code.\n\n - CVE-2011-2982\n Gary Kwong, Igor Bukanov, Nils and Bob Clary discovered\n memory corruption bugs, which may lead to the execution\n of arbitrary code.\n\n - CVE-2011-2983\n 'shutdown' discovered an information leak in the\n handling of RegExp.input.\n\n - CVE-2011-2984\n 'moz_bug_r_a4' discovered a Chrome privilege escalation\n vulnerability.\n\nAs indicated in the Lenny (oldstable) release notes, security support\nfor the Icedove packages in the oldstable needed to be stopped before\nthe end of the regular Lenny security maintenance life cycle. You are\nstrongly encouraged to upgrade to stable or switch to a different mail\nclient.", "edition": 19, "published": "2011-08-23T00:00:00", "title": "Debian DSA-2297-1 : icedove - several vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2982", "CVE-2011-2984", "CVE-2011-2378", "CVE-2011-0084", "CVE-2011-2983", "CVE-2011-2981"], "modified": "2011-08-23T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:6.0", "p-cpe:/a:debian:debian_linux:icedove"], "id": "DEBIAN_DSA-2297.NASL", "href": "https://www.tenable.com/plugins/nessus/55942", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2297. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(55942);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2011-0084\", \"CVE-2011-2378\", \"CVE-2011-2981\", \"CVE-2011-2982\", \"CVE-2011-2983\", \"CVE-2011-2984\");\n script_bugtraq_id(49213, 49214, 49216, 49218, 49219, 49223);\n script_xref(name:\"DSA\", value:\"2297\");\n\n script_name(english:\"Debian DSA-2297-1 : icedove - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in Icedove, an unbranded\nversion of the Thunderbird mail/news client.\n\n - CVE-2011-0084\n 'regenrecht' discovered that incorrect pointer handling\n in the SVG processing code could lead to the execution\n of arbitrary code.\n\n - CVE-2011-2378\n 'regenrecht' discovered that incorrect memory management\n in DOM processing could lead to the execution of\n arbitrary code.\n\n - CVE-2011-2981\n 'moz_bug_r_a_4' discovered a Chrome privilege escalation\n vulnerability in the event handler code.\n\n - CVE-2011-2982\n Gary Kwong, Igor Bukanov, Nils and Bob Clary discovered\n memory corruption bugs, which may lead to the execution\n of arbitrary code.\n\n - CVE-2011-2983\n 'shutdown' discovered an information leak in the\n handling of RegExp.input.\n\n - CVE-2011-2984\n 'moz_bug_r_a4' discovered a Chrome privilege escalation\n vulnerability.\n\nAs indicated in the Lenny (oldstable) release notes, security support\nfor the Icedove packages in the oldstable needed to be stopped before\nthe end of the regular Lenny security maintenance life cycle. You are\nstrongly encouraged to upgrade to stable or switch to a different mail\nclient.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-0084\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-2378\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-2981\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-2982\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-2983\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-2984\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze/icedove\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2011/dsa-2297\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the iceweasel packages.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 3.0.11-1+squeeze4.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/08/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/08/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"icedove\", reference:\"3.0.11-1+squeeze4\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"icedove-dbg\", reference:\"3.0.11-1+squeeze4\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"icedove-dev\", reference:\"3.0.11-1+squeeze4\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-12T09:46:53", "description": "Several vulnerabilities have been found in the Iceape internet suite,\nan unbranded version of SeaMonkey :\n\n - CVE-2011-0084\n 'regenrecht' discovered that incorrect pointer handling\n in the SVG processing code could lead to the execution\n of arbitrary code.\n\n - CVE-2011-2378\n 'regenrecht' discovered that incorrect memory management\n in DOM processing could lead to the execution of\n arbitrary code.\n\n - CVE-2011-2981\n 'moz_bug_r_a_4' discovered a Chrome privilege escalation\n vulnerability in the event handler code.\n\n - CVE-2011-2982\n Gary Kwong, Igor Bukanov, Nils and Bob Clary discovered\n memory corruption bugs, which may lead to the execution\n of arbitrary code.\n\n - CVE-2011-2983\n 'shutdown' discovered an information leak in the\n handling of RegExp.input.\n\n - CVE-2011-2984\n 'moz_bug_r_a4' discovered a Chrome privilege escalation\n vulnerability.\n\nThe oldstable distribution (lenny) is not affected. The iceape package\nonly provides the XPCOM code.", "edition": 18, "published": "2011-08-18T00:00:00", "title": "Debian DSA-2295-1 : iceape - several vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2982", "CVE-2011-2984", "CVE-2011-2378", "CVE-2011-0084", "CVE-2011-2983", "CVE-2011-2981"], "modified": "2011-08-18T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:6.0", "p-cpe:/a:debian:debian_linux:iceape"], "id": "DEBIAN_DSA-2295.NASL", "href": "https://www.tenable.com/plugins/nessus/55888", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2295. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(55888);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2011-0084\", \"CVE-2011-2378\", \"CVE-2011-2981\", \"CVE-2011-2982\", \"CVE-2011-2983\", \"CVE-2011-2984\");\n script_xref(name:\"DSA\", value:\"2295\");\n\n script_name(english:\"Debian DSA-2295-1 : iceape - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been found in the Iceape internet suite,\nan unbranded version of SeaMonkey :\n\n - CVE-2011-0084\n 'regenrecht' discovered that incorrect pointer handling\n in the SVG processing code could lead to the execution\n of arbitrary code.\n\n - CVE-2011-2378\n 'regenrecht' discovered that incorrect memory management\n in DOM processing could lead to the execution of\n arbitrary code.\n\n - CVE-2011-2981\n 'moz_bug_r_a_4' discovered a Chrome privilege escalation\n vulnerability in the event handler code.\n\n - CVE-2011-2982\n Gary Kwong, Igor Bukanov, Nils and Bob Clary discovered\n memory corruption bugs, which may lead to the execution\n of arbitrary code.\n\n - CVE-2011-2983\n 'shutdown' discovered an information leak in the\n handling of RegExp.input.\n\n - CVE-2011-2984\n 'moz_bug_r_a4' discovered a Chrome privilege escalation\n vulnerability.\n\nThe oldstable distribution (lenny) is not affected. The iceape package\nonly provides the XPCOM code.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-0084\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-2378\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-2981\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-2982\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-2983\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-2984\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze/iceape\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2011/dsa-2295\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the iceape packages.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 2.0.11-7.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceape\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/08/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/08/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/08/18\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"iceape\", reference:\"2.0.11-7\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"iceape-browser\", reference:\"2.0.11-7\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"iceape-chatzilla\", reference:\"2.0.11-7\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"iceape-dbg\", reference:\"2.0.11-7\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"iceape-dev\", reference:\"2.0.11-7\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"iceape-mailnews\", reference:\"2.0.11-7\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-06T09:27:14", "description": "Updated firefox packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 4, 5, and 6.\n\nThe Red Hat Security Response Team has rated this update as having\ncritical security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nMozilla Firefox is an open source web browser. XULRunner provides the\nXUL Runtime environment for Mozilla Firefox.\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning Firefox. (CVE-2011-2982)\n\nA dangling pointer flaw was found in the Firefox Scalable Vector\nGraphics (SVG) text manipulation routine. A web page containing a\nmalicious SVG image could cause Firefox to crash or, potentially,\nexecute arbitrary code with the privileges of the user running\nFirefox. (CVE-2011-0084)\n\nA dangling pointer flaw was found in the way Firefox handled a certain\nDocument Object Model (DOM) element. A web page containing malicious\ncontent could cause Firefox to crash or, potentially, execute\narbitrary code with the privileges of the user running Firefox.\n(CVE-2011-2378)\n\nA flaw was found in the event management code in Firefox. A website\ncontaining malicious JavaScript could cause Firefox to execute that\nJavaScript with the privileges of the user running Firefox.\n(CVE-2011-2981)\n\nA flaw was found in the way Firefox handled malformed JavaScript. A\nweb page containing malicious JavaScript could cause Firefox to access\nalready freed memory, causing Firefox to crash or, potentially,\nexecute arbitrary code with the privileges of the user running\nFirefox. (CVE-2011-2983)\n\nIt was found that a malicious web page could execute arbitrary code\nwith the privileges of the user running Firefox if the user dropped a\ntab onto the malicious web page. (CVE-2011-2984)\n\nFor technical details regarding these flaws, refer to the Mozilla\nsecurity advisories for Firefox 3.6.20. You can find a link to the\nMozilla advisories in the References section of this erratum.\n\nAll Firefox users should upgrade to these updated packages, which\ncontain Firefox version 3.6.20, which corrects these issues. After\ninstalling the update, Firefox must be restarted for the changes to\ntake effect.", "edition": 28, "published": "2011-08-17T00:00:00", "title": "CentOS 4 / 5 : firefox / xulrunner (CESA-2011:1164)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2982", "CVE-2011-2984", "CVE-2011-2378", "CVE-2011-0084", "CVE-2011-2983", "CVE-2011-2981"], "modified": "2011-08-17T00:00:00", "cpe": ["p-cpe:/a:centos:centos:xulrunner-devel", "cpe:/o:centos:centos:4", "p-cpe:/a:centos:centos:xulrunner", "p-cpe:/a:centos:centos:firefox", "cpe:/o:centos:centos:5"], "id": "CENTOS_RHSA-2011-1164.NASL", "href": "https://www.tenable.com/plugins/nessus/55862", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2011:1164 and \n# CentOS Errata and Security Advisory 2011:1164 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(55862);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2011-0084\", \"CVE-2011-2378\", \"CVE-2011-2981\", \"CVE-2011-2982\", \"CVE-2011-2983\", \"CVE-2011-2984\");\n script_bugtraq_id(49166);\n script_xref(name:\"RHSA\", value:\"2011:1164\");\n\n script_name(english:\"CentOS 4 / 5 : firefox / xulrunner (CESA-2011:1164)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated firefox packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 4, 5, and 6.\n\nThe Red Hat Security Response Team has rated this update as having\ncritical security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nMozilla Firefox is an open source web browser. XULRunner provides the\nXUL Runtime environment for Mozilla Firefox.\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning Firefox. (CVE-2011-2982)\n\nA dangling pointer flaw was found in the Firefox Scalable Vector\nGraphics (SVG) text manipulation routine. A web page containing a\nmalicious SVG image could cause Firefox to crash or, potentially,\nexecute arbitrary code with the privileges of the user running\nFirefox. (CVE-2011-0084)\n\nA dangling pointer flaw was found in the way Firefox handled a certain\nDocument Object Model (DOM) element. A web page containing malicious\ncontent could cause Firefox to crash or, potentially, execute\narbitrary code with the privileges of the user running Firefox.\n(CVE-2011-2378)\n\nA flaw was found in the event management code in Firefox. A website\ncontaining malicious JavaScript could cause Firefox to execute that\nJavaScript with the privileges of the user running Firefox.\n(CVE-2011-2981)\n\nA flaw was found in the way Firefox handled malformed JavaScript. A\nweb page containing malicious JavaScript could cause Firefox to access\nalready freed memory, causing Firefox to crash or, potentially,\nexecute arbitrary code with the privileges of the user running\nFirefox. (CVE-2011-2983)\n\nIt was found that a malicious web page could execute arbitrary code\nwith the privileges of the user running Firefox if the user dropped a\ntab onto the malicious web page. (CVE-2011-2984)\n\nFor technical details regarding these flaws, refer to the Mozilla\nsecurity advisories for Firefox 3.6.20. You can find a link to the\nMozilla advisories in the References section of this erratum.\n\nAll Firefox users should upgrade to these updated packages, which\ncontain Firefox version 3.6.20, which corrects these issues. After\ninstalling the update, Firefox must be restarted for the changes to\ntake effect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2011-August/017698.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?754dd6f2\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2011-August/017699.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e4bfd372\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2011-September/017821.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6ae8bbee\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2011-September/017822.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2262bb7f\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2011-September/018054.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d910751a\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2011-September/018055.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8e3259d8\"\n );\n # https://lists.centos.org/pipermail/centos-cr-announce/2011-September/000196.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f4441c54\"\n );\n # https://lists.centos.org/pipermail/centos-cr-announce/2011-September/000197.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?06eb5d74\"\n );\n # https://lists.centos.org/pipermail/centos-cr-announce/2011-September/000222.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?40dd1101\"\n );\n # https://lists.centos.org/pipermail/centos-cr-announce/2011-September/000223.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?fc087769\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected firefox and / or xulrunner packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:xulrunner\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:xulrunner-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/08/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/08/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/08/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 4.x / 5.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"firefox-3.6.20-2.el4.centos\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"firefox-3.6.20-2.el4.centos\")) flag++;\n\nif (rpm_check(release:\"CentOS-5\", reference:\"firefox-3.6.20-2.el5.centos\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"xulrunner-1.9.2.20-2.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"xulrunner-devel-1.9.2.20-2.el5\")) flag++;\n\n\nif (flag)\n{\n cr_plugin_caveat = '\\n' +\n 'NOTE: The security advisory associated with this vulnerability has a\\n' +\n 'fixed package version that may only be available in the continuous\\n' +\n 'release (CR) repository for CentOS, until it is present in the next\\n' +\n 'point release of CentOS.\\n\\n' +\n\n 'If an equal or higher package level does not exist in the baseline\\n' +\n 'repository for your major version of CentOS, then updates from the CR\\n' +\n 'repository will need to be applied in order to address the\\n' +\n 'vulnerability.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + cr_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox / xulrunner / xulrunner-devel\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-02-01T07:12:58", "description": "Gary Kwong, Igor Bukanov, and Bob Clary discovered multiple memory\nvulnerabilities in the browser rendering engine. An attacker could use\nthese to possibly execute arbitrary code with the privileges of the\nuser invoking Firefox. (CVE-2011-2982)\n\nIt was discovered that a vulnerability in event management code could\npermit JavaScript to be run in the wrong context. This could\npotentially allow a malicious website to run code as another website\nor with escalated privileges within the browser. (CVE-2011-2981)\n\nIt was discovered that an SVG text manipulation routine contained a\ndangling pointer vulnerability. An attacker could potentially use this\nto crash Firefox or execute arbitrary code with the privileges of the\nuser invoking Firefox. (CVE-2011-0084)\n\nIt was discovered that web content could receive chrome privileges if\nit registered for drop events and a browser tab element was dropped\ninto the content area. This could potentially allow a malicious\nwebsite to run code with escalated privileges within the browser.\n(CVE-2011-2984)\n\nIt was discovered that appendChild contained a dangling pointer\nvulnerability. An attacker could potentially use this to crash Firefox\nor execute arbitrary code with the privileges of the user invoking\nFirefox. (CVE-2011-2378)\n\nIt was discovered that data from other domains could be read when\nRegExp.input was set. This could potentially allow a malicious website\naccess to private data from other domains. (CVE-2011-2983).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 26, "published": "2011-08-20T00:00:00", "title": "Ubuntu 10.04 LTS / 10.10 : firefox, xulrunner-1.9.2 vulnerabilities (USN-1184-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2982", "CVE-2011-2984", "CVE-2011-2378", "CVE-2011-0084", "CVE-2011-2983", "CVE-2011-2981"], "modified": "2021-02-02T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9.2", "p-cpe:/a:canonical:ubuntu_linux:firefox", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts", "cpe:/o:canonical:ubuntu_linux:10.10"], "id": "UBUNTU_USN-1184-1.NASL", "href": "https://www.tenable.com/plugins/nessus/55921", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1184-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(55921);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2019/10/16 10:34:22\");\n\n script_cve_id(\"CVE-2011-0084\", \"CVE-2011-2378\", \"CVE-2011-2981\", \"CVE-2011-2982\", \"CVE-2011-2983\", \"CVE-2011-2984\");\n script_bugtraq_id(49166, 49213, 49214, 49216, 49218, 49219, 49223);\n script_xref(name:\"USN\", value:\"1184-1\");\n\n script_name(english:\"Ubuntu 10.04 LTS / 10.10 : firefox, xulrunner-1.9.2 vulnerabilities (USN-1184-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Gary Kwong, Igor Bukanov, and Bob Clary discovered multiple memory\nvulnerabilities in the browser rendering engine. An attacker could use\nthese to possibly execute arbitrary code with the privileges of the\nuser invoking Firefox. (CVE-2011-2982)\n\nIt was discovered that a vulnerability in event management code could\npermit JavaScript to be run in the wrong context. This could\npotentially allow a malicious website to run code as another website\nor with escalated privileges within the browser. (CVE-2011-2981)\n\nIt was discovered that an SVG text manipulation routine contained a\ndangling pointer vulnerability. An attacker could potentially use this\nto crash Firefox or execute arbitrary code with the privileges of the\nuser invoking Firefox. (CVE-2011-0084)\n\nIt was discovered that web content could receive chrome privileges if\nit registered for drop events and a browser tab element was dropped\ninto the content area. This could potentially allow a malicious\nwebsite to run code with escalated privileges within the browser.\n(CVE-2011-2984)\n\nIt was discovered that appendChild contained a dangling pointer\nvulnerability. An attacker could potentially use this to crash Firefox\nor execute arbitrary code with the privileges of the user invoking\nFirefox. (CVE-2011-2378)\n\nIt was discovered that data from other domains could be read when\nRegExp.input was set. This could potentially allow a malicious website\naccess to private data from other domains. (CVE-2011-2983).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1184-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected firefox and / or xulrunner-1.9.2 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/08/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/08/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/08/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(10\\.04|10\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 10.04 / 10.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.04\", pkgname:\"firefox\", pkgver:\"3.6.20+build1+nobinonly-0ubuntu0.10.04.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"xulrunner-1.9.2\", pkgver:\"1.9.2.20+build1+nobinonly-0ubuntu0.10.04.1\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"firefox\", pkgver:\"3.6.20+build1+nobinonly-0ubuntu0.10.10.1\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"xulrunner-1.9.2\", pkgver:\"1.9.2.20+build1+nobinonly-0ubuntu0.10.10.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox / xulrunner-1.9.2\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-12T09:46:54", "description": "Several vulnerabilities have been discovered in Iceweasel, a web\nbrowser based on Firefox. The included XULRunner library provides\nrendering services for several other applications included in Debian.\n\n - CVE-2011-0084\n 'regenrecht' discovered that incorrect pointer handling\n in the SVG processing code could lead to the execution\n of arbitrary code.\n\n - CVE-2011-2378\n 'regenrecht' discovered that incorrect memory management\n in DOM processing could lead to the execution of\n arbitrary code.\n\n - CVE-2011-2981\n 'moz_bug_r_a_4' discovered a Chrome privilege escalation\n vulnerability in the event handler code.\n\n - CVE-2011-2982\n Gary Kwong, Igor Bukanov, Nils and Bob Clary discovered\n memory corruption bugs, which may lead to the execution\n of arbitrary code.\n\n - CVE-2011-2983\n 'shutdown' discovered an information leak in the\n handling of RegExp.input.\n\n - CVE-2011-2984\n 'moz_bug_r_a4' discovered a Chrome privilege escalation\n vulnerability.", "edition": 19, "published": "2011-08-18T00:00:00", "title": "Debian DSA-2296-1 : iceweasel - several vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2982", "CVE-2011-2984", "CVE-2011-2378", "CVE-2011-0084", "CVE-2011-2983", "CVE-2011-2981"], "modified": "2011-08-18T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:6.0", "cpe:/o:debian:debian_linux:5.0", "p-cpe:/a:debian:debian_linux:iceweasel"], "id": "DEBIAN_DSA-2296.NASL", "href": "https://www.tenable.com/plugins/nessus/55889", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2296. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(55889);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2011-0084\", \"CVE-2011-2378\", \"CVE-2011-2981\", \"CVE-2011-2982\", \"CVE-2011-2983\", \"CVE-2011-2984\");\n script_bugtraq_id(49166);\n script_xref(name:\"DSA\", value:\"2296\");\n\n script_name(english:\"Debian DSA-2296-1 : iceweasel - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in Iceweasel, a web\nbrowser based on Firefox. The included XULRunner library provides\nrendering services for several other applications included in Debian.\n\n - CVE-2011-0084\n 'regenrecht' discovered that incorrect pointer handling\n in the SVG processing code could lead to the execution\n of arbitrary code.\n\n - CVE-2011-2378\n 'regenrecht' discovered that incorrect memory management\n in DOM processing could lead to the execution of\n arbitrary code.\n\n - CVE-2011-2981\n 'moz_bug_r_a_4' discovered a Chrome privilege escalation\n vulnerability in the event handler code.\n\n - CVE-2011-2982\n Gary Kwong, Igor Bukanov, Nils and Bob Clary discovered\n memory corruption bugs, which may lead to the execution\n of arbitrary code.\n\n - CVE-2011-2983\n 'shutdown' discovered an information leak in the\n handling of RegExp.input.\n\n - CVE-2011-2984\n 'moz_bug_r_a4' discovered a Chrome privilege escalation\n vulnerability.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-0084\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-2378\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-2981\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-2982\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-2983\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-2984\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze/iceweasel\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2011/dsa-2296\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the iceweasel packages.\n\nFor the oldstable distribution (lenny), this problem has been fixed in\nversion 1.9.0.19-13 of the xulrunner source package.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 3.5.16-9.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:5.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/08/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/08/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"5.0\", prefix:\"iceweasel\", reference:\"1.9.0.19-13\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"iceweasel\", reference:\"3.5.16-9\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"iceweasel-dbg\", reference:\"3.5.16-9\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-02-01T07:12:59", "description": "Gary Kwong, Igor Bukanov, and Bob Clary discovered multiple memory\nvulnerabilities in the Gecko rendering engine. An attacker could use\nthese to possibly execute arbitrary code with the privileges of the\nuser invoking Thunderbird. (CVE-2011-2982)\n\nIt was discovered that a vulnerability in event management code could\npermit JavaScript to be run in the wrong context. This could\npotentially allow a malicious website to run code as another website\nor with escalated privileges in a chrome-privileged context.\n(CVE-2011-2981)\n\nIt was discovered that an SVG text manipulation routine contained a\ndangling pointer vulnerability. An attacker could potentially use this\nto crash Thunderbird or execute arbitrary code with the privileges of\nthe user invoking Thunderbird. (CVE-2011-0084)\n\nIt was discovered that web content could receive chrome privileges if\nit registered for drop events and a browser tab element was dropped\ninto the content area. This could potentially allow a malicious\nwebsite to run code with escalated privileges within Thunderbird.\n(CVE-2011-2984)\n\nIt was discovered that appendChild contained a dangling pointer\nvulnerability. An attacker could potentially use this to crash\nThunderbird or execute arbitrary code with the privileges of the user\ninvoking Thunderbird. (CVE-2011-2378)\n\nIt was discovered that data from other domains could be read when\nRegExp.input was set. This could potentially allow a malicious website\naccess to private data from other domains. (CVE-2011-2983).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 27, "published": "2011-08-26T00:00:00", "title": "Ubuntu 10.04 LTS / 10.10 / 11.04 : thunderbird vulnerabilities (USN-1185-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2982", "CVE-2011-2984", "CVE-2011-2378", "CVE-2011-0084", "CVE-2011-2983", "CVE-2011-2981"], "modified": "2021-02-02T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:11.04", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts", "cpe:/o:canonical:ubuntu_linux:10.10", "p-cpe:/a:canonical:ubuntu_linux:thunderbird"], "id": "UBUNTU_USN-1185-1.NASL", "href": "https://www.tenable.com/plugins/nessus/55982", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1185-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(55982);\n script_version(\"1.14\");\n script_cvs_date(\"Date: 2019/09/19 12:54:27\");\n\n script_cve_id(\"CVE-2011-0084\", \"CVE-2011-2378\", \"CVE-2011-2981\", \"CVE-2011-2982\", \"CVE-2011-2983\", \"CVE-2011-2984\");\n script_bugtraq_id(49213, 49214, 49216, 49218, 49219, 49223);\n script_xref(name:\"USN\", value:\"1185-1\");\n\n script_name(english:\"Ubuntu 10.04 LTS / 10.10 / 11.04 : thunderbird vulnerabilities (USN-1185-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Gary Kwong, Igor Bukanov, and Bob Clary discovered multiple memory\nvulnerabilities in the Gecko rendering engine. An attacker could use\nthese to possibly execute arbitrary code with the privileges of the\nuser invoking Thunderbird. (CVE-2011-2982)\n\nIt was discovered that a vulnerability in event management code could\npermit JavaScript to be run in the wrong context. This could\npotentially allow a malicious website to run code as another website\nor with escalated privileges in a chrome-privileged context.\n(CVE-2011-2981)\n\nIt was discovered that an SVG text manipulation routine contained a\ndangling pointer vulnerability. An attacker could potentially use this\nto crash Thunderbird or execute arbitrary code with the privileges of\nthe user invoking Thunderbird. (CVE-2011-0084)\n\nIt was discovered that web content could receive chrome privileges if\nit registered for drop events and a browser tab element was dropped\ninto the content area. This could potentially allow a malicious\nwebsite to run code with escalated privileges within Thunderbird.\n(CVE-2011-2984)\n\nIt was discovered that appendChild contained a dangling pointer\nvulnerability. An attacker could potentially use this to crash\nThunderbird or execute arbitrary code with the privileges of the user\ninvoking Thunderbird. (CVE-2011-2378)\n\nIt was discovered that data from other domains could be read when\nRegExp.input was set. This could potentially allow a malicious website\naccess to private data from other domains. (CVE-2011-2983).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1185-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected thunderbird package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/08/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/08/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/08/26\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(10\\.04|10\\.10|11\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 10.04 / 10.10 / 11.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.04\", pkgname:\"thunderbird\", pkgver:\"3.1.12+build1+nobinonly-0ubuntu0.10.04.1\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"thunderbird\", pkgver:\"3.1.12+build1+nobinonly-0ubuntu0.10.10.1\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"thunderbird\", pkgver:\"3.1.12+build1+nobinonly-0ubuntu0.11.04.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"thunderbird\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T13:45:56", "description": "Mozilla Firefox is an open source web browser. XULRunner provides the\nXUL Runtime environment for Mozilla Firefox.\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning Firefox. (CVE-2011-2982)\n\nA dangling pointer flaw was found in the Firefox Scalable Vector\nGraphics (SVG) text manipulation routine. A web page containing a\nmalicious SVG image could cause Firefox to crash or, potentially,\nexecute arbitrary code with the privileges of the user running\nFirefox. (CVE-2011-0084)\n\nA dangling pointer flaw was found in the way Firefox handled a certain\nDocument Object Model (DOM) element. A web page containing malicious\ncontent could cause Firefox to crash or, potentially, execute\narbitrary code with the privileges of the user running Firefox.\n(CVE-2011-2378)\n\nA flaw was found in the event management code in Firefox. A website\ncontaining malicious JavaScript could cause Firefox to execute that\nJavaScript with the privileges of the user running Firefox.\n(CVE-2011-2981)\n\nA flaw was found in the way Firefox handled malformed JavaScript. A\nweb page containing malicious JavaScript could cause Firefox to access\nalready freed memory, causing Firefox to crash or, potentially,\nexecute arbitrary code with the privileges of the user running\nFirefox. (CVE-2011-2983)\n\nIt was found that a malicious web page could execute arbitrary code\nwith the privileges of the user running Firefox if the user dropped a\ntab onto the malicious web page. (CVE-2011-2984)\n\nFor technical details regarding these flaws, refer to the Mozilla\nsecurity advisories for Firefox 3.6.20. You can find a link to the\nMozilla advisories in the References section of this erratum.\n\nAll Firefox users should upgrade to these updated packages, which\ncontain Firefox version 3.6.20, which corrects these issues. After\ninstalling the update, Firefox must be restarted for the changes to\ntake effect.", "edition": 25, "published": "2012-08-01T00:00:00", "title": "Scientific Linux Security Update : firefox on SL4.x, SL5.x, SL6.x i386/x86_64", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2982", "CVE-2011-2984", "CVE-2011-2378", "CVE-2011-0084", "CVE-2011-2983", "CVE-2011-2981"], "modified": "2012-08-01T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20110816_FIREFOX_ON_SL4_X.NASL", "href": "https://www.tenable.com/plugins/nessus/61112", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(61112);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-0084\", \"CVE-2011-2378\", \"CVE-2011-2981\", \"CVE-2011-2982\", \"CVE-2011-2983\", \"CVE-2011-2984\");\n\n script_name(english:\"Scientific Linux Security Update : firefox on SL4.x, SL5.x, SL6.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Mozilla Firefox is an open source web browser. XULRunner provides the\nXUL Runtime environment for Mozilla Firefox.\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning Firefox. (CVE-2011-2982)\n\nA dangling pointer flaw was found in the Firefox Scalable Vector\nGraphics (SVG) text manipulation routine. A web page containing a\nmalicious SVG image could cause Firefox to crash or, potentially,\nexecute arbitrary code with the privileges of the user running\nFirefox. (CVE-2011-0084)\n\nA dangling pointer flaw was found in the way Firefox handled a certain\nDocument Object Model (DOM) element. A web page containing malicious\ncontent could cause Firefox to crash or, potentially, execute\narbitrary code with the privileges of the user running Firefox.\n(CVE-2011-2378)\n\nA flaw was found in the event management code in Firefox. A website\ncontaining malicious JavaScript could cause Firefox to execute that\nJavaScript with the privileges of the user running Firefox.\n(CVE-2011-2981)\n\nA flaw was found in the way Firefox handled malformed JavaScript. A\nweb page containing malicious JavaScript could cause Firefox to access\nalready freed memory, causing Firefox to crash or, potentially,\nexecute arbitrary code with the privileges of the user running\nFirefox. (CVE-2011-2983)\n\nIt was found that a malicious web page could execute arbitrary code\nwith the privileges of the user running Firefox if the user dropped a\ntab onto the malicious web page. (CVE-2011-2984)\n\nFor technical details regarding these flaws, refer to the Mozilla\nsecurity advisories for Firefox 3.6.20. You can find a link to the\nMozilla advisories in the References section of this erratum.\n\nAll Firefox users should upgrade to these updated packages, which\ncontain Firefox version 3.6.20, which corrects these issues. After\ninstalling the update, Firefox must be restarted for the changes to\ntake effect.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1108&L=scientific-linux-errata&T=0&P=2515\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?14c2e454\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected firefox, xulrunner and / or xulrunner-devel\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/08/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/08/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL4\", reference:\"firefox-3.6.20-2.el4\")) flag++;\n\nif (rpm_check(release:\"SL5\", reference:\"firefox-3.6.20-2.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"xulrunner-1.9.2.20-2.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"xulrunner-devel-1.9.2.20-2.el5\")) flag++;\n\nif (rpm_check(release:\"SL6\", reference:\"firefox-3.6.20-2.el6_1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"xulrunner-1.9.2.20-2.el6_1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"xulrunner-devel-1.9.2.20-2.el6_1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T13:09:40", "description": "Updated firefox packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 4, 5, and 6.\n\nThe Red Hat Security Response Team has rated this update as having\ncritical security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nMozilla Firefox is an open source web browser. XULRunner provides the\nXUL Runtime environment for Mozilla Firefox.\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning Firefox. (CVE-2011-2982)\n\nA dangling pointer flaw was found in the Firefox Scalable Vector\nGraphics (SVG) text manipulation routine. A web page containing a\nmalicious SVG image could cause Firefox to crash or, potentially,\nexecute arbitrary code with the privileges of the user running\nFirefox. (CVE-2011-0084)\n\nA dangling pointer flaw was found in the way Firefox handled a certain\nDocument Object Model (DOM) element. A web page containing malicious\ncontent could cause Firefox to crash or, potentially, execute\narbitrary code with the privileges of the user running Firefox.\n(CVE-2011-2378)\n\nA flaw was found in the event management code in Firefox. A website\ncontaining malicious JavaScript could cause Firefox to execute that\nJavaScript with the privileges of the user running Firefox.\n(CVE-2011-2981)\n\nA flaw was found in the way Firefox handled malformed JavaScript. A\nweb page containing malicious JavaScript could cause Firefox to access\nalready freed memory, causing Firefox to crash or, potentially,\nexecute arbitrary code with the privileges of the user running\nFirefox. (CVE-2011-2983)\n\nIt was found that a malicious web page could execute arbitrary code\nwith the privileges of the user running Firefox if the user dropped a\ntab onto the malicious web page. (CVE-2011-2984)\n\nFor technical details regarding these flaws, refer to the Mozilla\nsecurity advisories for Firefox 3.6.20. You can find a link to the\nMozilla advisories in the References section of this erratum.\n\nAll Firefox users should upgrade to these updated packages, which\ncontain Firefox version 3.6.20, which corrects these issues. After\ninstalling the update, Firefox must be restarted for the changes to\ntake effect.", "edition": 29, "published": "2011-08-17T00:00:00", "title": "RHEL 4 / 5 / 6 : firefox (RHSA-2011:1164)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2982", "CVE-2011-2984", "CVE-2011-2378", "CVE-2011-0084", "CVE-2011-2983", "CVE-2011-2981"], "modified": "2011-08-17T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:4", "cpe:/o:redhat:enterprise_linux:5", "p-cpe:/a:redhat:enterprise_linux:xulrunner-debuginfo", "cpe:/o:redhat:enterprise_linux:6.1", "p-cpe:/a:redhat:enterprise_linux:xulrunner", "p-cpe:/a:redhat:enterprise_linux:firefox", "p-cpe:/a:redhat:enterprise_linux:firefox-debuginfo", "p-cpe:/a:redhat:enterprise_linux:xulrunner-devel", "cpe:/o:redhat:enterprise_linux:6"], "id": "REDHAT-RHSA-2011-1164.NASL", "href": "https://www.tenable.com/plugins/nessus/55879", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2011:1164. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(55879);\n script_version(\"1.24\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-0084\", \"CVE-2011-2378\", \"CVE-2011-2981\", \"CVE-2011-2982\", \"CVE-2011-2983\", \"CVE-2011-2984\");\n script_bugtraq_id(49166);\n script_xref(name:\"RHSA\", value:\"2011:1164\");\n\n script_name(english:\"RHEL 4 / 5 / 6 : firefox (RHSA-2011:1164)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated firefox packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 4, 5, and 6.\n\nThe Red Hat Security Response Team has rated this update as having\ncritical security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nMozilla Firefox is an open source web browser. XULRunner provides the\nXUL Runtime environment for Mozilla Firefox.\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning Firefox. (CVE-2011-2982)\n\nA dangling pointer flaw was found in the Firefox Scalable Vector\nGraphics (SVG) text manipulation routine. A web page containing a\nmalicious SVG image could cause Firefox to crash or, potentially,\nexecute arbitrary code with the privileges of the user running\nFirefox. (CVE-2011-0084)\n\nA dangling pointer flaw was found in the way Firefox handled a certain\nDocument Object Model (DOM) element. A web page containing malicious\ncontent could cause Firefox to crash or, potentially, execute\narbitrary code with the privileges of the user running Firefox.\n(CVE-2011-2378)\n\nA flaw was found in the event management code in Firefox. A website\ncontaining malicious JavaScript could cause Firefox to execute that\nJavaScript with the privileges of the user running Firefox.\n(CVE-2011-2981)\n\nA flaw was found in the way Firefox handled malformed JavaScript. A\nweb page containing malicious JavaScript could cause Firefox to access\nalready freed memory, causing Firefox to crash or, potentially,\nexecute arbitrary code with the privileges of the user running\nFirefox. (CVE-2011-2983)\n\nIt was found that a malicious web page could execute arbitrary code\nwith the privileges of the user running Firefox if the user dropped a\ntab onto the malicious web page. (CVE-2011-2984)\n\nFor technical details regarding these flaws, refer to the Mozilla\nsecurity advisories for Firefox 3.6.20. You can find a link to the\nMozilla advisories in the References section of this erratum.\n\nAll Firefox users should upgrade to these updated packages, which\ncontain Firefox version 3.6.20, which corrects these issues. After\ninstalling the update, Firefox must be restarted for the changes to\ntake effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-0084\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2378\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2981\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2982\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2983\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2984\"\n );\n # http://www.mozilla.org/security/known-vulnerabilities/firefox36.html#\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ab0bbddd\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2011:1164\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:firefox-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xulrunner\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xulrunner-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xulrunner-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/08/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/08/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/08/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(4|5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x / 5.x / 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2011:1164\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL4\", reference:\"firefox-3.6.20-2.el4\")) flag++;\n\n\n if (rpm_check(release:\"RHEL5\", reference:\"firefox-3.6.20-2.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"xulrunner-1.9.2.20-2.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"xulrunner-devel-1.9.2.20-2.el5\")) flag++;\n\n\n if (rpm_check(release:\"RHEL6\", reference:\"firefox-3.6.20-2.el6_1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"firefox-debuginfo-3.6.20-2.el6_1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"xulrunner-1.9.2.20-2.el6_1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"xulrunner-debuginfo-1.9.2.20-2.el6_1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"xulrunner-devel-1.9.2.20-2.el6_1\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox / firefox-debuginfo / xulrunner / xulrunner-debuginfo / etc\");\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-20T14:42:36", "description": "Mozilla Firefox was updated to version 3.6.20.\n\nIt fixes bugs and security issues. Following security issues were\nfixed: Mozilla Foundation Security Advisory 2011-30 - MFSA 2011-30\n\n - Miscellaneous memory safety hazards Mozilla developers\n and community members identified and fixed several\n memory safety bugs in the browser engine used in Firefox\n 3.6 and other Mozilla-based products. Some of these bugs\n showed evidence of memory corruption under certain\n circumstances, and we presume that with enough effort at\n least some of these could be exploited to run arbitrary\n code.\n\n Gary Kwong, Igor Bukanov, Nils and Bob Clary reported\n memory safety issues which affected Firefox 3.6.\n (CVE-2011-2982)\n\n - Crash in SVGTextElement.getCharNumAtPosition() Security\n researcher regenrecht reported via TippingPoint's Zero\n Day Initiative that a SVG text manipulation routine\n contained a dangling pointer vulnerability.\n (CVE-2011-0084)\n\n - Privilege escalation using event handlers Mozilla\n security researcher moz_bug_r_a_4 reported a\n vulnerability in event management code that would permit\n JavaScript to be run in the wrong context, including\n that of a different website or potentially in a\n chrome-privileged context. (CVE-2011-2981)\n\n - Dangling pointer vulnerability in appendChild Security\n researcher regenrecht reported via TippingPoint's Zero\n Day Initiative that appendChild did not correctly\n account for DOM objects it operated upon and could be\n exploited to dereference an invalid pointer.\n (CVE-2011-2378)\n\n - Privilege escalation dropping a tab element in content\n area Mozilla security researcher moz_bug_r_a4 reported\n that web content could receive chrome privileges if it\n registered for drop events and a browser tab element was\n dropped into the content area. (CVE-2011-2984)\n\n - Binary planting vulnerability in ThinkPadSensor::Startup\n Security researcher Mitja Kolsek of Acros Security\n reported that ThinkPadSensor::Startup could potentially\n be exploited to load a malicious DLL into the running\n process. (CVE-2011-2980) (This issue is likely Windows\n only)\n\n - Private data leakage using RegExp.input Security\n researcher shutdown reported that data from other\n domains could be read when RegExp.input was set.\n (CVE-2011-2983)", "edition": 25, "published": "2011-08-30T00:00:00", "title": "SuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 7712)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2982", "CVE-2011-2984", "CVE-2011-2980", "CVE-2011-2378", "CVE-2011-0084", "CVE-2011-2983", "CVE-2011-2981"], "modified": "2011-08-30T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_MOZILLAFIREFOX-7712.NASL", "href": "https://www.tenable.com/plugins/nessus/56005", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(56005);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2011-0084\", \"CVE-2011-2378\", \"CVE-2011-2980\", \"CVE-2011-2981\", \"CVE-2011-2982\", \"CVE-2011-2983\", \"CVE-2011-2984\");\n\n script_name(english:\"SuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 7712)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Mozilla Firefox was updated to version 3.6.20.\n\nIt fixes bugs and security issues. Following security issues were\nfixed: Mozilla Foundation Security Advisory 2011-30 - MFSA 2011-30\n\n - Miscellaneous memory safety hazards Mozilla developers\n and community members identified and fixed several\n memory safety bugs in the browser engine used in Firefox\n 3.6 and other Mozilla-based products. Some of these bugs\n showed evidence of memory corruption under certain\n circumstances, and we presume that with enough effort at\n least some of these could be exploited to run arbitrary\n code.\n\n Gary Kwong, Igor Bukanov, Nils and Bob Clary reported\n memory safety issues which affected Firefox 3.6.\n (CVE-2011-2982)\n\n - Crash in SVGTextElement.getCharNumAtPosition() Security\n researcher regenrecht reported via TippingPoint's Zero\n Day Initiative that a SVG text manipulation routine\n contained a dangling pointer vulnerability.\n (CVE-2011-0084)\n\n - Privilege escalation using event handlers Mozilla\n security researcher moz_bug_r_a_4 reported a\n vulnerability in event management code that would permit\n JavaScript to be run in the wrong context, including\n that of a different website or potentially in a\n chrome-privileged context. (CVE-2011-2981)\n\n - Dangling pointer vulnerability in appendChild Security\n researcher regenrecht reported via TippingPoint's Zero\n Day Initiative that appendChild did not correctly\n account for DOM objects it operated upon and could be\n exploited to dereference an invalid pointer.\n (CVE-2011-2378)\n\n - Privilege escalation dropping a tab element in content\n area Mozilla security researcher moz_bug_r_a4 reported\n that web content could receive chrome privileges if it\n registered for drop events and a browser tab element was\n dropped into the content area. (CVE-2011-2984)\n\n - Binary planting vulnerability in ThinkPadSensor::Startup\n Security researcher Mitja Kolsek of Acros Security\n reported that ThinkPadSensor::Startup could potentially\n be exploited to load a malicious DLL into the running\n process. (CVE-2011-2980) (This issue is likely Windows\n only)\n\n - Private data leakage using RegExp.input Security\n researcher shutdown reported that data from other\n domains could be read when RegExp.input was set.\n (CVE-2011-2983)\"\n );\n # http://www.mozilla.org/security/announce/2011/mfsa2011-30.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2011-30/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-0084.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2378.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2980.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2981.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2982.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2983.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2984.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 7712.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploithub_sku\", value:\"EH-11-772\");\n script_set_attribute(attribute:\"exploit_framework_exploithub\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/08/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/08/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/08/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"MozillaFirefox-3.6.20-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"MozillaFirefox-translations-3.6.20-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"mozilla-xulrunner192-1.9.2.20-1.5.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"mozilla-xulrunner192-gnome-1.9.2.20-1.5.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"mozilla-xulrunner192-translations-1.9.2.20-1.5.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"x86_64\", reference:\"mozilla-xulrunner192-32bit-1.9.2.20-1.5.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"x86_64\", reference:\"mozilla-xulrunner192-gnome-32bit-1.9.2.20-1.5.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"x86_64\", reference:\"mozilla-xulrunner192-translations-32bit-1.9.2.20-1.5.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2019-05-29T18:39:31", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2982", "CVE-2011-2984", "CVE-2011-2378", "CVE-2011-0084", "CVE-2011-2983", "CVE-2011-2981"], "description": "The remote host is missing an update to iceweasel\nannounced via advisory DSA 2296-1.", "modified": "2019-03-18T00:00:00", "published": "2011-09-21T00:00:00", "id": "OPENVAS:136141256231070231", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231070231", "type": "openvas", "title": "Debian Security Advisory DSA 2296-1 (iceweasel)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2296_1.nasl 14275 2019-03-18 14:39:45Z cfischer $\n# Description: Auto-generated from advisory DSA 2296-1 (iceweasel)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.70231\");\n script_version(\"$Revision: 14275 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:39:45 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-09-21 05:47:11 +0200 (Wed, 21 Sep 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2011-0084\", \"CVE-2011-2378\", \"CVE-2011-2981\", \"CVE-2011-2982\", \"CVE-2011-2983\", \"CVE-2011-2984\");\n script_name(\"Debian Security Advisory DSA 2296-1 (iceweasel)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB6\");\n script_xref(name:\"URL\", value:\"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202296-1\");\n script_tag(name:\"insight\", value:\"Several vulnerabilities have been discovered in Iceweasel, a web browser\nbased on Firefox. The included XULRunner library provides rendering\nservices for several other applications included in Debian.\n\nCVE-2011-0084\n\nregenrecht discovered that incorrect pointer handling in the SVG\nprocessing code could lead to the execution of arbitrary code.\n\nCVE-2011-2378\n\nregenrecht discovered that incorrect memory management in DOM\nprocessing could lead to the execution of arbitrary code.\n\nCVE-2011-2981\n\nmoz_bug_r_a_4 discovered a Chrome privilege escalation\nvulnerability in the event handler code.\n\nCVE-2011-2982\n\nGary Kwong, Igor Bukanov, Nils and Bob Clary discovered memory\ncorruption bugs, which may lead to the execution of arbitrary code.\n\nCVE-2011-2983\n\nshutdown discovered an information leak in the handling of\nRegExp.input.\n\nCVE-2011-2984\n\nmoz_bug_r_a4 discovered a Chrome privilege escalation vulnerability.\n\n\nFor the oldstable distribution (lenny), this problem has been fixed in\nversion 1.9.0.19-13 of the xulrunner source package.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 3.5.16-9.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 6.0-1\");\n\n script_tag(name:\"solution\", value:\"We recommend that you upgrade your iceweasel packages.\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update to iceweasel\nannounced via advisory DSA 2296-1.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"iceweasel\", ver:\"3.5.16-9\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-dbg\", ver:\"3.5.16-9\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmozjs-dev\", ver:\"1.9.1.16-9\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmozjs2d\", ver:\"1.9.1.16-9\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmozjs2d-dbg\", ver:\"1.9.1.16-9\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"spidermonkey-bin\", ver:\"1.9.1.16-9\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"xulrunner-1.9.1\", ver:\"1.9.1.16-9\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"xulrunner-1.9.1-dbg\", ver:\"1.9.1.16-9\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"xulrunner-dev\", ver:\"1.9.1.16-9\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2018-01-08T12:57:12", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2982", "CVE-2011-2984", "CVE-2011-2378", "CVE-2011-0084", "CVE-2011-2983", "CVE-2011-2981"], "description": "Check for the Version of firefox", "modified": "2018-01-08T00:00:00", "published": "2012-07-30T00:00:00", "id": "OPENVAS:881270", "href": "http://plugins.openvas.org/nasl.php?oid=881270", "type": "openvas", "title": "CentOS Update for firefox CESA-2011:1164 centos4 x86_64", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for firefox CESA-2011:1164 centos4 x86_64\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Mozilla Firefox is an open source web browser. XULRunner provides the XUL\n Runtime environment for Mozilla Firefox.\n\n Several flaws were found in the processing of malformed web content. A web\n page containing malicious content could cause Firefox to crash or,\n potentially, execute arbitrary code with the privileges of the user running\n Firefox. (CVE-2011-2982)\n \n A dangling pointer flaw was found in the Firefox Scalable Vector Graphics\n (SVG) text manipulation routine. A web page containing a malicious SVG\n image could cause Firefox to crash or, potentially, execute arbitrary code\n with the privileges of the user running Firefox. (CVE-2011-0084)\n \n A dangling pointer flaw was found in the way Firefox handled a certain\n Document Object Model (DOM) element. A web page containing malicious\n content could cause Firefox to crash or, potentially, execute arbitrary\n code with the privileges of the user running Firefox. (CVE-2011-2378)\n \n A flaw was found in the event management code in Firefox. A website\n containing malicious JavaScript could cause Firefox to execute that\n JavaScript with the privileges of the user running Firefox. (CVE-2011-2981)\n \n A flaw was found in the way Firefox handled malformed JavaScript. A web\n page containing malicious JavaScript could cause Firefox to access already\n freed memory, causing Firefox to crash or, potentially, execute arbitrary\n code with the privileges of the user running Firefox. (CVE-2011-2983)\n \n It was found that a malicious web page could execute arbitrary code with\n the privileges of the user running Firefox if the user dropped a tab onto\n the malicious web page. (CVE-2011-2984)\n \n For technical details regarding these flaws, refer to the Mozilla security\n advisories for Firefox 3.6.20. You can find a link to the Mozilla\n advisories in the References section of this erratum.\n \n All Firefox users should upgrade to these updated packages, which contain\n Firefox version 3.6.20, which corrects these issues. After installing the\n update, Firefox must be restarted for the changes to take effect.\";\n\ntag_affected = \"firefox on CentOS 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2011-August/017699.html\");\n script_id(881270);\n script_version(\"$Revision: 8313 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-08 08:02:11 +0100 (Mon, 08 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 17:14:17 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2011-0084\", \"CVE-2011-2378\", \"CVE-2011-2981\", \"CVE-2011-2982\",\n \"CVE-2011-2983\", \"CVE-2011-2984\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2011:1164\");\n script_name(\"CentOS Update for firefox CESA-2011:1164 centos4 x86_64\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of firefox\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~3.6.20~2.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:55:56", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2982", "CVE-2011-2984", "CVE-2011-2378", "CVE-2011-0084", "CVE-2011-2983", "CVE-2011-2981"], "description": "The remote host is missing an update to iceape\nannounced via advisory DSA 2295-1.", "modified": "2017-07-07T00:00:00", "published": "2011-09-21T00:00:00", "id": "OPENVAS:70230", "href": "http://plugins.openvas.org/nasl.php?oid=70230", "type": "openvas", "title": "Debian Security Advisory DSA 2295-1 (iceape)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2295_1.nasl 6613 2017-07-07 12:08:40Z cfischer $\n# Description: Auto-generated from advisory DSA 2295-1 (iceape)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several vulnerabilities have been found in the Iceape internet suite, an\nunbranded version of Seamonkey:\n\nCVE-2011-0084\n\nregenrecht discovered that incorrect pointer handling in the SVG\nprocessing code could lead to the execution of arbitrary code.\n\nCVE-2011-2378\n\nregenrecht discovered that incorrect memory management in DOM\nprocessing could lead to the execution of arbitrary code.\n\nCVE-2011-2981\n\nmoz_bug_r_a_4 discovered a Chrome privilege escalation\nvulnerability in the event handler code.\n\nCVE-2011-2982\n\nGary Kwong, Igor Bukanov, Nils and Bob Clary discovered memory\ncorruption bugs, which may lead to the execution of arbitrary code.\n\nCVE-2011-2983\n\nshutdown discovered an information leak in the handling of\nRegExp.input.\n\nCVE-2011-2984\n\nmoz_bug_r_a4 discovered a Chrome privilege escalation\nvulnerability.\n\nThe oldstable distribution (lenny) is not affected. The iceape\npackage only provides the XPCOM code.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 2.0.11-7.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2.0.14-5.\n\nWe recommend that you upgrade your iceape packages.\";\ntag_summary = \"The remote host is missing an update to iceape\nannounced via advisory DSA 2295-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202295-1\";\n\n\nif(description)\n{\n script_id(70230);\n script_version(\"$Revision: 6613 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:08:40 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-09-21 05:47:11 +0200 (Wed, 21 Sep 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2011-0084\", \"CVE-2011-2378\", \"CVE-2011-2981\", \"CVE-2011-2982\", \"CVE-2011-2983\", \"CVE-2011-2984\");\n script_name(\"Debian Security Advisory DSA 2295-1 (iceape)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"iceape\", ver:\"2.0.11-7\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceape-browser\", ver:\"2.0.11-7\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceape-chatzilla\", ver:\"2.0.11-7\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceape-dbg\", ver:\"2.0.11-7\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceape-dev\", ver:\"2.0.11-7\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceape-mailnews\", ver:\"2.0.11-7\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:39:51", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2982", "CVE-2011-2984", "CVE-2011-2378", "CVE-2011-0084", "CVE-2011-2983", "CVE-2011-2981"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2011-09-23T00:00:00", "id": "OPENVAS:1361412562310880979", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880979", "type": "openvas", "title": "CentOS Update for firefox CESA-2011:1164 centos5 i386", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for firefox CESA-2011:1164 centos5 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2011-September/017821.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880979\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-09-23 16:39:49 +0200 (Fri, 23 Sep 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"CESA\", value:\"2011:1164\");\n script_cve_id(\"CVE-2011-0084\", \"CVE-2011-2378\", \"CVE-2011-2981\", \"CVE-2011-2982\", \"CVE-2011-2983\", \"CVE-2011-2984\");\n script_name(\"CentOS Update for firefox CESA-2011:1164 centos5 i386\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'firefox'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n script_tag(name:\"affected\", value:\"firefox on CentOS 5\");\n script_tag(name:\"insight\", value:\"Mozilla Firefox is an open source web browser. XULRunner provides the XUL\n Runtime environment for Mozilla Firefox.\n\n Several flaws were found in the processing of malformed web content. A web\n page containing malicious content could cause Firefox to crash or,\n potentially, execute arbitrary code with the privileges of the user running\n Firefox. (CVE-2011-2982)\n\n A dangling pointer flaw was found in the Firefox Scalable Vector Graphics\n (SVG) text manipulation routine. A web page containing a malicious SVG\n image could cause Firefox to crash or, potentially, execute arbitrary code\n with the privileges of the user running Firefox. (CVE-2011-0084)\n\n A dangling pointer flaw was found in the way Firefox handled a certain\n Document Object Model (DOM) element. A web page containing malicious\n content could cause Firefox to crash or, potentially, execute arbitrary\n code with the privileges of the user running Firefox. (CVE-2011-2378)\n\n A flaw was found in the event management code in Firefox. A website\n containing malicious JavaScript could cause Firefox to execute that\n JavaScript with the privileges of the user running Firefox. (CVE-2011-2981)\n\n A flaw was found in the way Firefox handled malformed JavaScript. A web\n page containing malicious JavaScript could cause Firefox to access already\n freed memory, causing Firefox to crash or, potentially, execute arbitrary\n code with the privileges of the user running Firefox. (CVE-2011-2983)\n\n It was found that a malicious web page could execute arbitrary code with\n the privileges of the user running Firefox if the user dropped a tab onto\n the malicious web page. (CVE-2011-2984)\n\n For technical details regarding these flaws, refer to the Mozilla security\n advisories for Firefox 3.6.20. You can find a link to the Mozilla\n advisories in the References section of this erratum.\n\n All Firefox users should upgrade to these updated packages, which contain\n Firefox version 3.6.20, which corrects these issues. After installing the\n update, Firefox must be restarted for the changes to take effect.\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~3.6.20~2.el5.centos\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:39:35", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2982", "CVE-2011-2984", "CVE-2011-2378", "CVE-2011-0084", "CVE-2011-2983", "CVE-2011-2981"], "description": "The remote host is missing an update to iceape\nannounced via advisory DSA 2295-1.", "modified": "2019-03-18T00:00:00", "published": "2011-09-21T00:00:00", "id": "OPENVAS:136141256231070230", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231070230", "type": "openvas", "title": "Debian Security Advisory DSA 2295-1 (iceape)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2295_1.nasl 14275 2019-03-18 14:39:45Z cfischer $\n# Description: Auto-generated from advisory DSA 2295-1 (iceape)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.70230\");\n script_version(\"$Revision: 14275 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:39:45 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-09-21 05:47:11 +0200 (Wed, 21 Sep 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2011-0084\", \"CVE-2011-2378\", \"CVE-2011-2981\", \"CVE-2011-2982\", \"CVE-2011-2983\", \"CVE-2011-2984\");\n script_name(\"Debian Security Advisory DSA 2295-1 (iceape)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB6\");\n script_xref(name:\"URL\", value:\"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202295-1\");\n script_tag(name:\"insight\", value:\"Several vulnerabilities have been found in the Iceape internet suite, an\nunbranded version of Seamonkey:\n\nCVE-2011-0084\n\nregenrecht discovered that incorrect pointer handling in the SVG\nprocessing code could lead to the execution of arbitrary code.\n\nCVE-2011-2378\n\nregenrecht discovered that incorrect memory management in DOM\nprocessing could lead to the execution of arbitrary code.\n\nCVE-2011-2981\n\nmoz_bug_r_a_4 discovered a Chrome privilege escalation\nvulnerability in the event handler code.\n\nCVE-2011-2982\n\nGary Kwong, Igor Bukanov, Nils and Bob Clary discovered memory\ncorruption bugs, which may lead to the execution of arbitrary code.\n\nCVE-2011-2983\n\nshutdown discovered an information leak in the handling of\nRegExp.input.\n\nCVE-2011-2984\n\nmoz_bug_r_a4 discovered a Chrome privilege escalation\nvulnerability.\n\nThe oldstable distribution (lenny) is not affected. The iceape\npackage only provides the XPCOM code.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 2.0.11-7.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2.0.14-5.\");\n\n script_tag(name:\"solution\", value:\"We recommend that you upgrade your iceape packages.\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update to iceape\nannounced via advisory DSA 2295-1.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"iceape\", ver:\"2.0.11-7\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceape-browser\", ver:\"2.0.11-7\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceape-chatzilla\", ver:\"2.0.11-7\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceape-dbg\", ver:\"2.0.11-7\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceape-dev\", ver:\"2.0.11-7\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceape-mailnews\", ver:\"2.0.11-7\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:39:57", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2982", "CVE-2011-2984", "CVE-2011-2378", "CVE-2011-0084", "CVE-2011-2983", "CVE-2011-2981"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2011-09-23T00:00:00", "id": "OPENVAS:1361412562310881006", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881006", "type": "openvas", "title": "CentOS Update for xulrunner CESA-2011:1164 centos5 i386", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for xulrunner CESA-2011:1164 centos5 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2011-September/018054.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.881006\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-09-23 16:39:49 +0200 (Fri, 23 Sep 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"CESA\", value:\"2011:1164\");\n script_cve_id(\"CVE-2011-0084\", \"CVE-2011-2378\", \"CVE-2011-2981\", \"CVE-2011-2982\", \"CVE-2011-2983\", \"CVE-2011-2984\");\n script_name(\"CentOS Update for xulrunner CESA-2011:1164 centos5 i386\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'xulrunner'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n script_tag(name:\"affected\", value:\"xulrunner on CentOS 5\");\n script_tag(name:\"insight\", value:\"Mozilla Firefox is an open source web browser. XULRunner provides the XUL\n Runtime environment for Mozilla Firefox.\n\n Several flaws were found in the processing of malformed web content. A web\n page containing malicious content could cause Firefox to crash or,\n potentially, execute arbitrary code with the privileges of the user running\n Firefox. (CVE-2011-2982)\n\n A dangling pointer flaw was found in the Firefox Scalable Vector Graphics\n (SVG) text manipulation routine. A web page containing a malicious SVG\n image could cause Firefox to crash or, potentially, execute arbitrary code\n with the privileges of the user running Firefox. (CVE-2011-0084)\n\n A dangling pointer flaw was found in the way Firefox handled a certain\n Document Object Model (DOM) element. A web page containing malicious\n content could cause Firefox to crash or, potentially, execute arbitrary\n code with the privileges of the user running Firefox. (CVE-2011-2378)\n\n A flaw was found in the event management code in Firefox. A website\n containing malicious JavaScript could cause Firefox to execute that\n JavaScript with the privileges of the user running Firefox. (CVE-2011-2981)\n\n A flaw was found in the way Firefox handled malformed JavaScript. A web\n page containing malicious JavaScript could cause Firefox to access already\n freed memory, causing Firefox to crash or, potentially, execute arbitrary\n code with the privileges of the user running Firefox. (CVE-2011-2983)\n\n It was found that a malicious web page could execute arbitrary code with\n the privileges of the user running Firefox if the user dropped a tab onto\n the malicious web page. (CVE-2011-2984)\n\n For technical details regarding these flaws, refer to the Mozilla security\n advisories for Firefox 3.6.20. You can find a link to the Mozilla\n advisories in the References section of this erratum.\n\n All Firefox users should upgrade to these updated packages, which contain\n Firefox version 3.6.20, which corrects these issues. After installing the\n update, Firefox must be restarted for the changes to take effect.\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"xulrunner\", rpm:\"xulrunner~1.9.2.20~2.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xulrunner-devel\", rpm:\"xulrunner-devel~1.9.2.20~2.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:38:41", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2982", "CVE-2011-2984", "CVE-2011-2378", "CVE-2011-0084", "CVE-2011-2983", "CVE-2011-2981"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2012-07-30T00:00:00", "id": "OPENVAS:1361412562310881270", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881270", "type": "openvas", "title": "CentOS Update for firefox CESA-2011:1164 centos4 x86_64", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for firefox CESA-2011:1164 centos4 x86_64\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2011-August/017699.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.881270\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 17:14:17 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2011-0084\", \"CVE-2011-2378\", \"CVE-2011-2981\", \"CVE-2011-2982\",\n \"CVE-2011-2983\", \"CVE-2011-2984\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"CESA\", value:\"2011:1164\");\n script_name(\"CentOS Update for firefox CESA-2011:1164 centos4 x86_64\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'firefox'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS4\");\n script_tag(name:\"affected\", value:\"firefox on CentOS 4\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"insight\", value:\"Mozilla Firefox is an open source web browser. XULRunner provides the XUL\n Runtime environment for Mozilla Firefox.\n\n Several flaws were found in the processing of malformed web content. A web\n page containing malicious content could cause Firefox to crash or,\n potentially, execute arbitrary code with the privileges of the user running\n Firefox. (CVE-2011-2982)\n\n A dangling pointer flaw was found in the Firefox Scalable Vector Graphics\n (SVG) text manipulation routine. A web page containing a malicious SVG\n image could cause Firefox to crash or, potentially, execute arbitrary code\n with the privileges of the user running Firefox. (CVE-2011-0084)\n\n A dangling pointer flaw was found in the way Firefox handled a certain\n Document Object Model (DOM) element. A web page containing malicious\n content could cause Firefox to crash or, potentially, execute arbitrary\n code with the privileges of the user running Firefox. (CVE-2011-2378)\n\n A flaw was found in the event management code in Firefox. A website\n containing malicious JavaScript could cause Firefox to execute that\n JavaScript with the privileges of the user running Firefox. (CVE-2011-2981)\n\n A flaw was found in the way Firefox handled malformed JavaScript. A web\n page containing malicious JavaScript could cause Firefox to access already\n freed memory, causing Firefox to crash or, potentially, execute arbitrary\n code with the privileges of the user running Firefox. (CVE-2011-2983)\n\n It was found that a malicious web page could execute arbitrary code with\n the privileges of the user running Firefox if the user dropped a tab onto\n the malicious web page. (CVE-2011-2984)\n\n For technical details regarding these flaws, refer to the Mozilla security\n advisories for Firefox 3.6.20. You can find a link to the Mozilla\n advisories in the References section of this erratum.\n\n All Firefox users should upgrade to these updated packages, which contain\n Firefox version 3.6.20, which corrects these issues. After installing the\n update, Firefox must be restarted for the changes to take effect.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~3.6.20~2.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:36:57", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2982", "CVE-2011-2984", "CVE-2011-2378", "CVE-2011-0084", "CVE-2011-2983", "CVE-2011-2981"], "description": "Oracle Linux Local Security Checks ELSA-2011-1164", "modified": "2018-09-28T00:00:00", "published": "2015-10-06T00:00:00", "id": "OPENVAS:1361412562310122108", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122108", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2011-1164", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2011-1164.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122108\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:13:12 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2011-1164\");\n script_tag(name:\"insight\", value:\"ELSA-2011-1164 - firefox security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2011-1164\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2011-1164.html\");\n script_cve_id(\"CVE-2011-0084\", \"CVE-2011-2378\", \"CVE-2011-2981\", \"CVE-2011-2982\", \"CVE-2011-2983\", \"CVE-2011-2984\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux(5|6)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~3.6.20~2.0.1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"xulrunner\", rpm:\"xulrunner~1.9.2.20~2.0.1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"xulrunner-devel\", rpm:\"xulrunner-devel~1.9.2.20~2.0.1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~3.6.20~2.0.1.el6_1\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"xulrunner\", rpm:\"xulrunner~1.9.2.20~2.0.1.el6_1\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"xulrunner-devel\", rpm:\"xulrunner-devel~1.9.2.20~2.0.1.el6_1\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:39:47", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2982", "CVE-2011-2984", "CVE-2011-2378", "CVE-2011-0084", "CVE-2011-2983", "CVE-2011-2981"], "description": "The remote host is missing an update to icedove\nannounced via advisory DSA 2297-1.", "modified": "2019-03-18T00:00:00", "published": "2011-09-21T00:00:00", "id": "OPENVAS:136141256231070232", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231070232", "type": "openvas", "title": "Debian Security Advisory DSA 2297-1 (icedove)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2297_1.nasl 14275 2019-03-18 14:39:45Z cfischer $\n# Description: Auto-generated from advisory DSA 2297-1 (icedove)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.70232\");\n script_version(\"$Revision: 14275 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:39:45 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-09-21 05:47:11 +0200 (Wed, 21 Sep 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2011-0084\", \"CVE-2011-2378\", \"CVE-2011-2981\", \"CVE-2011-2982\", \"CVE-2011-2983\", \"CVE-2011-2984\");\n script_name(\"Debian Security Advisory DSA 2297-1 (icedove)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB6\");\n script_xref(name:\"URL\", value:\"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202297-1\");\n script_tag(name:\"insight\", value:\"Several vulnerabilities have been discovered in Icedove, an unbranded\nversion of the Thunderbird mail/news client.\n\nCVE-2011-0084\n\nregenrecht discovered that incorrect pointer handling in the SVG\nprocessing code could lead to the execution of arbitrary code.\n\nCVE-2011-2378\n\nregenrecht discovered that incorrect memory management in DOM\nprocessing could lead to the execution of arbitrary code.\n\nCVE-2011-2981\n\nmoz_bug_r_a_4 discovered a Chrome privilege escalation\nvulnerability in the event handler code.\n\nCVE-2011-2982\n\nGary Kwong, Igor Bukanov, Nils and Bob Clary discovered memory\ncorruption bugs, which may lead to the execution of arbitrary code.\n\nCVE-2011-2983\n\nshutdown discovered an information leak in the handling of\nRegExp.input.\n\nCVE-2011-2984\n\nmoz_bug_r_a4 discovered a Chrome privilege escalation vulnerability.\n\n\nAs indicated in the Lenny (oldstable) release notes, security support for\nthe Icedove packages in the oldstable needed to be stopped before the end\nof the regular Lenny security maintenance life cycle.\nYou are strongly encouraged to upgrade to stable or switch to a different\nmail client.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 3.0.11-1+squeeze4.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 3.1.12-1.\");\n\n script_tag(name:\"solution\", value:\"We recommend that you upgrade your iceweasel packages.\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update to icedove\nannounced via advisory DSA 2297-1.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"icedove\", ver:\"3.0.11-1+squeeze4\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-dbg\", ver:\"3.0.11-1+squeeze4\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-dev\", ver:\"3.0.11-1+squeeze4\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:39:58", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2982", "CVE-2011-2984", "CVE-2011-2378", "CVE-2011-0084", "CVE-2011-2983", "CVE-2011-2981"], "description": "The remote host is missing an update for the ", "modified": "2018-11-23T00:00:00", "published": "2011-08-19T00:00:00", "id": "OPENVAS:1361412562310870472", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870472", "type": "openvas", "title": "RedHat Update for firefox RHSA-2011:1164-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for firefox RHSA-2011:1164-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2011-August/msg00013.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870472\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-19 15:17:22 +0200 (Fri, 19 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"RHSA\", value:\"2011:1164-01\");\n script_cve_id(\"CVE-2011-0084\", \"CVE-2011-2378\", \"CVE-2011-2981\", \"CVE-2011-2982\", \"CVE-2011-2983\", \"CVE-2011-2984\");\n script_name(\"RedHat Update for firefox RHSA-2011:1164-01\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'firefox'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_(5|4)\");\n script_tag(name:\"affected\", value:\"firefox on Red Hat Enterprise Linux (v. 5 server),\n Red Hat Enterprise Linux AS version 4,\n Red Hat Enterprise Linux ES version 4,\n Red Hat Enterprise Linux WS version 4\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"Mozilla Firefox is an open source web browser. XULRunner provides the XUL\n Runtime environment for Mozilla Firefox.\n\n Several flaws were found in the processing of malformed web content. A web\n page containing malicious content could cause Firefox to crash or,\n potentially, execute arbitrary code with the privileges of the user running\n Firefox. (CVE-2011-2982)\n\n A dangling pointer flaw was found in the Firefox Scalable Vector Graphics\n (SVG) text manipulation routine. A web page containing a malicious SVG\n image could cause Firefox to crash or, potentially, execute arbitrary code\n with the privileges of the user running Firefox. (CVE-2011-0084)\n\n A dangling pointer flaw was found in the way Firefox handled a certain\n Document Object Model (DOM) element. A web page containing malicious\n content could cause Firefox to crash or, potentially, execute arbitrary\n code with the privileges of the user running Firefox. (CVE-2011-2378)\n\n A flaw was found in the event management code in Firefox. A website\n containing malicious JavaScript could cause Firefox to execute that\n JavaScript with the privileges of the user running Firefox. (CVE-2011-2981)\n\n A flaw was found in the way Firefox handled malformed JavaScript. A web\n page containing malicious JavaScript could cause Firefox to access already\n freed memory, causing Firefox to crash or, potentially, execute arbitrary\n code with the privileges of the user running Firefox. (CVE-2011-2983)\n\n It was found that a malicious web page could execute arbitrary code with\n the privileges of the user running Firefox if the user dropped a tab onto\n the malicious web page. (CVE-2011-2984)\n\n For technical details regarding these flaws, refer to the Mozilla security\n advisories for Firefox 3.6.20. You can find a link to the Mozilla\n advisories in the References section of this erratum.\n\n All Firefox users should upgrade to these updated packages, which contain\n Firefox version 3.6.20, which corrects these issues. After installing the\n update, Firefox must be restarted for the changes to take effect.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~3.6.20~2.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-debuginfo\", rpm:\"firefox-debuginfo~3.6.20~2.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xulrunner\", rpm:\"xulrunner~1.9.2.20~2.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xulrunner-debuginfo\", rpm:\"xulrunner-debuginfo~1.9.2.20~2.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xulrunner-devel\", rpm:\"xulrunner-devel~1.9.2.20~2.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"RHENT_4\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~3.6.20~2.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-debuginfo\", rpm:\"firefox-debuginfo~3.6.20~2.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "suse": [{"lastseen": "2016-09-04T11:47:01", "bulletinFamily": "unix", "cvelist": ["CVE-2011-2982", "CVE-2011-2984", "CVE-2011-2980", "CVE-2011-2378", "CVE-2011-0084", "CVE-2011-2983", "CVE-2011-2981"], "description": "Mozilla Thunderbird was updated to 3.1.12 fixing various\n bugs and security issues:\n\n Mozilla Foundation Security Advisory 2011-32 (MFSA 2011-32)\n <a rel=\"nofollow\" href=\"http://www.mozilla.org/security/announce/2011/mfsa2011-32.ht\">http://www.mozilla.org/security/announce/2011/mfsa2011-32.ht</a>\n ml\n\n Many of the issues listed below are not exploitable through\n mail since JavaScript is disabled by default in\n Thunderbird. These particular issues may be triggered while\n viewing RSS feeds and displaying full remote content rather\n than the feed summary. Addons that expose browser\n functionality may also enable such issues to be exploited.\n\n * Miscellaneous memory safety hazards (rv:1.9.2.20)\n\n Mozilla developers and community members identified and\n fixed several memory safety bugs in the browser engine used\n in Thunderbird 3.1 and other Mozilla-based products. Some\n of these bugs showed evidence of memory corruption under\n certain circumstances, and we presume that with enough\n effort at least some of these could be exploited to run\n arbitrary code.\n\n Gary Kwong, Igor Bukanov, Nils and Bob Clary reported\n memory safety issues which affected Thunderbird 3.1.\n (CVE-2011-2982)\n\n * Crash in SVGTextElement.getCharNumAtPosition()\n\n Security researcher regenrecht reported via\n TippingPoint's Zero Day Initiative that a SVG text\n manipulation routine contained a dangling pointer\n vulnerability. (CVE-2011-0084)\n\n * Privilege escalation using event handlers\n\n Mozilla security researcher moz_bug_r_a_4 reported a\n vulnerability in event management code that would permit\n JavaScript to be run in the wrong context, including that\n of a different website or potentially in a\n chrome-privileged context. (CVE-2011-2981)\n\n * Dangling pointer vulnerability in appendChild\n\n Security researcher regenrecht reported via\n TippingPoint's Zero Day Initiative that appendChild did not\n correctly account for DOM objects it operated upon and\n could be exploited to dereference an invalid pointer.\n (CVE-2011-2378)\n\n * Privilege escalation dropping a tab element in content\n area\n\n Mozilla security researcher moz_bug_r_a4 reported that\n web content could receive chrome privileges if it\n registered for drop events and a browser tab element was\n dropped into the content area. (CVE-2011-2984)\n\n * Binary planting vulnerability in ThinkPadSensor::Startup\n\n Security researcher Mitja Kolsek of Acros Security\n reported that ThinkPadSensor::Startup could potentially be\n exploited to load a malicious DLL into the running process.\n (CVE-2011-2980)\n\n * Private data leakage using RegExp.input\n\n Security researcher shutdown reported that data from\n other domains could be read when RegExp.input was set.\n (CVE-2011-2983)\n\n", "edition": 1, "modified": "2011-08-29T20:08:38", "published": "2011-08-29T20:08:38", "id": "OPENSUSE-SU-2011:0935-2", "href": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00024.html", "type": "suse", "title": "MozillaThunderbird: Update to 3.1.12 (important)", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:57:01", "bulletinFamily": "unix", "cvelist": ["CVE-2011-2982", "CVE-2011-2984", "CVE-2011-2980", "CVE-2011-2378", "CVE-2011-0084", "CVE-2011-2983", "CVE-2011-2981"], "description": "Mozilla Firefox was updated to version 3.6.20.\n\n It fixes bugs and security issues. Following security\n issues were fixed: Mozilla Foundation Security Advisory\n 2011-30 - MFSA 2011-30\n &lt;<a rel=\"nofollow\" href=\"http://www.mozilla.org/security/announce/2011/mfsa2011-30.h\">http://www.mozilla.org/security/announce/2011/mfsa2011-30.h</a>\n tml&gt;\n\n *\n\n Miscellaneous memory safety hazards\n\n Mozilla developers and community members identified\n and fixed several memory safety bugs in the browser engine\n used in Firefox 3.6 and other Mozilla-based products. Some\n of these bugs showed evidence of memory corruption under\n certain circumstances, and we presume that with enough\n effort at least some of these could be exploited to run\n arbitrary code.\n\n Gary Kwong, Igor Bukanov, Nils and Bob Clary reported\n memory safety issues which affected Firefox 3.6.\n (CVE-2011-2982)\n\n *\n\n Crash in SVGTextElement.getCharNumAtPosition()\n\n Security researcher regenrecht reported via\n TippingPoint's Zero Day Initiative that a SVG text\n manipulation routine contained a dangling pointer\n vulnerability. (CVE-2011-0084)\n\n *\n\n Privilege escalation using event handlers\n\n Mozilla security researcher moz_bug_r_a_4 reported a\n vulnerability in event management code that would permit\n JavaScript to be run in the wrong context, including that\n of a different website or potentially in a\n chrome-privileged context. (CVE-2011-2981)\n\n *\n\n Dangling pointer vulnerability in appendChild\n\n Security researcher regenrecht reported via\n TippingPoint's Zero Day Initiative that appendChild did not\n correctly account for DOM objects it operated upon and\n could be exploited to dereference an invalid pointer.\n (CVE-2011-2378)\n\n *\n\n Privilege escalation dropping a tab element in\n content area\n\n Mozilla security researcher moz_bug_r_a4 reported\n that web content could receive chrome privileges if it\n registered for drop events and a browser tab element was\n dropped into the content area. (CVE-2011-2984)\n\n *\n\n Binary planting vulnerability in\n ThinkPadSensor::Startup\n\n Security researcher Mitja Kolsek of Acros Security\n reported that ThinkPadSensor::Startup could potentially be\n exploited to load a malicious DLL into the running process.\n (CVE-2011-2980) (This issue is likely Windows only)\n\n *\n\n Private data leakage using RegExp.input\n\n Security researcher shutdown reported that data from\n other domains could be read when RegExp.input was set.\n (CVE-2011-2983)\n", "edition": 1, "modified": "2011-08-29T21:08:22", "published": "2011-08-29T21:08:22", "id": "SUSE-SU-2011:0967-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00027.html", "title": "Security update for Mozilla Firefox (important)", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:46:50", "bulletinFamily": "unix", "cvelist": ["CVE-2011-2982", "CVE-2011-2984", "CVE-2011-2980", "CVE-2011-2378", "CVE-2011-0084", "CVE-2011-2983", "CVE-2011-2981"], "description": "Mozilla Firefox was updated to version 3.6.20.\n\n It fixes bugs and security issues. Following security\n issues were fixed:\n <a rel=\"nofollow\" href=\"http://www.mozilla.org/security/announce/2011/mfsa2011-30.ht\">http://www.mozilla.org/security/announce/2011/mfsa2011-30.ht</a>\n ml Mozilla Foundation Security Advisory 2011-30 (MFSA\n 2011-30)\n\n * Miscellaneous memory safety hazards\n\n Mozilla developers and community members identified and\n fixed several memory safety bugs in the browser engine used\n in Firefox 3.6 and other Mozilla-based products. Some of\n these bugs showed evidence of memory corruption under\n certain circumstances, and we presume that with enough\n effort at least some of these could be exploited to run\n arbitrary code.\n\n Gary Kwong, Igor Bukanov, Nils and Bob Clary reported\n memory safety issues which affected Firefox 3.6.\n (CVE-2011-2982)\n\n * Crash in SVGTextElement.getCharNumAtPosition()\n\n Security researcher regenrecht reported via\n TippingPoint's Zero Day Initiative that a SVG text\n manipulation routine contained a dangling pointer\n vulnerability. (CVE-2011-0084)\n\n * Privilege escalation using event handlers\n\n Mozilla security researcher moz_bug_r_a_4 reported a\n vulnerability in event management code that would permit\n JavaScript to be run in the wrong context, including that\n of a different website or potentially in a\n chrome-privileged context. (CVE-2011-2981)\n\n * Dangling pointer vulnerability in appendChild\n\n Security researcher regenrecht reported via\n TippingPoint's Zero Day Initiative that appendChild did\n not correctly account for DOM objects it operated upon and\n could be exploited to dereference an invalid pointer.\n (CVE-2011-2378)\n\n * Privilege escalation dropping a tab element in content\n area\n\n Mozilla security researcher moz_bug_r_a4 reported that\n web content could receive chrome privileges if it\n registered for drop events and a browser tab element was\n dropped into the content area. (CVE-2011-2984)\n\n * Binary planting vulnerability in ThinkPadSensor::Startup\n\n Security researcher Mitja Kolsek of Acros Security\n reported that ThinkPadSensor::Startup could potentially be\n exploited to load a malicious DLL into the running process.\n (CVE-2011-2980) (This issue is likely Windows only)\n\n * Private data leakage using RegExp.input\n\n Security researcher shutdown reported that data from\n other domains could be read when RegExp.input was set.\n (CVE-2011-2983)\n\n", "edition": 1, "modified": "2011-08-26T20:08:19", "published": "2011-08-26T20:08:19", "id": "OPENSUSE-SU-2011:0958-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00021.html", "type": "suse", "title": "MozillaFirefox: Update to Firefox 3.6.20 (important)", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "cve": [{"lastseen": "2021-02-02T05:51:05", "description": "Mozilla Firefox before 3.6.20, SeaMonkey 2.x, Thunderbird 3.x before 3.1.12, and possibly other products does not properly handle the dropping of a tab element, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges by establishing a content area and registering for drop events.", "edition": 6, "cvss3": {}, "published": "2011-08-18T18:55:00", "title": "CVE-2011-2984", "type": "cve", "cwe": ["CWE-94"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2984"], "modified": "2017-09-19T01:33:00", "cpe": ["cpe:/a:mozilla:firefox:2.0.0.9", "cpe:/a:mozilla:thunderbird:3.0.6", "cpe:/a:mozilla:firefox:3.0.2", "cpe:/a:mozilla:firefox:3.5.6", "cpe:/a:mozilla:firefox:1.5.0.3", "cpe:/a:mozilla:thunderbird:3.0.2", "cpe:/a:mozilla:seamonkey:2.0.6", "cpe:/a:mozilla:seamonkey:2.0", "cpe:/a:mozilla:firefox:1.5.0.2", "cpe:/a:mozilla:firefox:2.0.0.14", "cpe:/a:mozilla:firefox:3.5.12", "cpe:/a:mozilla:seamonkey:2.0.7", "cpe:/a:mozilla:seamonkey:2.7.1", "cpe:/a:mozilla:firefox:3.5.14", "cpe:/a:mozilla:firefox:2.0.0.18", "cpe:/a:mozilla:firefox:2.0.0.8", "cpe:/a:mozilla:thunderbird:3.1.11", "cpe:/a:mozilla:firefox:3.5.18", "cpe:/a:mozilla:thunderbird:3.0", "cpe:/a:mozilla:firefox:3.0.12", "cpe:/a:mozilla:firefox:1.5.1", "cpe:/a:mozilla:firefox:1.5.4", "cpe:/a:mozilla:firefox:2.0.0.13", "cpe:/a:mozilla:firefox:3.5.19", "cpe:/a:mozilla:seamonkey:2.0.3", "cpe:/a:mozilla:firefox:3.5.3", "cpe:/a:mozilla:firefox:2.0.0.3", "cpe:/a:mozilla:seamonkey:2.0.11", "cpe:/a:mozilla:thunderbird:3.1.6", "cpe:/a:mozilla:firefox:2.0.0.2", "cpe:/a:mozilla:firefox:1.5.0.1", "cpe:/a:mozilla:firefox:3.6.12", "cpe:/a:mozilla:firefox:3.6.7", "cpe:/a:mozilla:firefox:3.6.2", "cpe:/a:mozilla:seamonkey:2.3", "cpe:/a:mozilla:firefox:2.0.0.12", "cpe:/a:mozilla:firefox:3.5.13", "cpe:/a:mozilla:thunderbird:3.0.7", "cpe:/a:mozilla:firefox:3.0.4", "cpe:/a:mozilla:firefox:3.6.17", "cpe:/a:mozilla:seamonkey:2.4.1", "cpe:/a:mozilla:seamonkey:2.8", "cpe:/a:mozilla:firefox:3.0.14", "cpe:/a:mozilla:firefox:3.6.4", "cpe:/a:mozilla:firefox:1.5.7", "cpe:/a:mozilla:firefox:3.6.19", "cpe:/a:mozilla:firefox:1.0.5", "cpe:/a:mozilla:firefox:2.0.0.17", "cpe:/a:mozilla:seamonkey:2.7.2", "cpe:/a:mozilla:firefox:2.0", "cpe:/a:mozilla:thunderbird:3.0.10", "cpe:/a:mozilla:firefox:1.0", "cpe:/a:mozilla:firefox:2.0.0.20", "cpe:/a:mozilla:thunderbird:3.1", "cpe:/a:mozilla:firefox:1.0.3", "cpe:/a:mozilla:firefox:2.0.0.10", "cpe:/a:mozilla:firefox:1.5.0.5", "cpe:/a:mozilla:firefox:1.5.0.12", "cpe:/a:mozilla:firefox:3.5.5", "cpe:/a:mozilla:firefox:3.0.5", "cpe:/a:mozilla:firefox:3.6", "cpe:/a:mozilla:thunderbird:3.1.3", "cpe:/a:mozilla:firefox:1.5.6", "cpe:/a:mozilla:seamonkey:2.0.8", "cpe:/a:mozilla:firefox:1.0.4", "cpe:/a:mozilla:thunderbird:3.0.3", "cpe:/a:mozilla:firefox:2.0.0.7", "cpe:/a:mozilla:firefox:3.5.1", "cpe:/a:mozilla:firefox:3.5.7", "cpe:/a:mozilla:firefox:1.0.7", "cpe:/a:mozilla:firefox:1.0.6", "cpe:/a:mozilla:firefox:3.0.9", "cpe:/a:mozilla:firefox:3.6.8", "cpe:/a:mozilla:firefox:1.0.1", "cpe:/a:mozilla:seamonkey:2.4", "cpe:/a:mozilla:thunderbird:3.0.8", "cpe:/a:mozilla:seamonkey:2.6", "cpe:/a:mozilla:firefox:2.0.0.15", "cpe:/a:mozilla:seamonkey:2.0.4", "cpe:/a:mozilla:firefox:3.6.3", "cpe:/a:mozilla:thunderbird:3.1.1", "cpe:/a:mozilla:firefox:3.6.9", "cpe:/a:mozilla:firefox:3.5", "cpe:/a:mozilla:firefox:1.5.0.10", "cpe:/a:mozilla:firefox:3.5.16", "cpe:/a:mozilla:thunderbird:3.1.2", "cpe:/a:mozilla:seamonkey:2.0.14", "cpe:/a:mozilla:seamonkey:2.5", "cpe:/a:mozilla:firefox:1.0.2", "cpe:/a:mozilla:seamonkey:2.3.3", "cpe:/a:mozilla:firefox:3.0.16", "cpe:/a:mozilla:firefox:1.5.8", "cpe:/a:mozilla:seamonkey:2.0.2", "cpe:/a:mozilla:firefox:3.0.13", "cpe:/a:mozilla:seamonkey:2.9", "cpe:/a:mozilla:seamonkey:2.0.13", "cpe:/a:mozilla:seamonkey:2.7", "cpe:/a:mozilla:firefox:1.5.5", "cpe:/a:mozilla:firefox:3.0.11", "cpe:/a:mozilla:firefox:1.5.0.4", "cpe:/a:mozilla:firefox:2.0.0.1", "cpe:/a:mozilla:firefox:1.5.0.9", "cpe:/a:mozilla:firefox:1.5.2", "cpe:/a:mozilla:firefox:3.6.16", "cpe:/a:mozilla:thunderbird:3.0.4", "cpe:/a:mozilla:firefox:1.5.0.11", "cpe:/a:mozilla:firefox:3.0.3", "cpe:/a:mozilla:firefox:1.5.0.6", "cpe:/a:mozilla:firefox:2.0.0.6", "cpe:/a:mozilla:firefox:2.0.0.5", "cpe:/a:mozilla:firefox:1.5", "cpe:/a:mozilla:firefox:3.0.6", "cpe:/a:mozilla:firefox:1.5.0.7", "cpe:/a:mozilla:seamonkey:2.0.9", "cpe:/a:mozilla:firefox:3.5.17", "cpe:/a:mozilla:thunderbird:3.1.5", "cpe:/a:mozilla:seamonkey:2.0.5", "cpe:/a:mozilla:seamonkey:2.0.12", "cpe:/a:mozilla:firefox:3.5.8", "cpe:/a:mozilla:thunderbird:3.0.5", "cpe:/a:mozilla:firefox:3.0.15", "cpe:/a:mozilla:firefox:3.0.7", "cpe:/a:mozilla:thunderbird:3.1.8", "cpe:/a:mozilla:firefox:3.0", "cpe:/a:mozilla:firefox:3.6.15", "cpe:/a:mozilla:thunderbird:3.1.4", "cpe:/a:mozilla:firefox:1.5.3", "cpe:/a:mozilla:firefox:3.5.11", "cpe:/a:mozilla:thunderbird:3.1.10", "cpe:/a:mozilla:firefox:3.0.10", "cpe:/a:mozilla:firefox:3.6.11", "cpe:/a:mozilla:firefox:3.0.8", "cpe:/a:mozilla:firefox:1.0.8", "cpe:/a:mozilla:thunderbird:3.0.9", "cpe:/a:mozilla:firefox:1.5.0.8", "cpe:/a:mozilla:firefox:3.0.1", "cpe:/a:mozilla:seamonkey:2.2", "cpe:/a:mozilla:firefox:3.5.15", "cpe:/a:mozilla:firefox:3.6.13", "cpe:/a:mozilla:firefox:3.5.4", "cpe:/a:mozilla:thunderbird:3.0.1", "cpe:/a:mozilla:seamonkey:2.0.10", "cpe:/a:mozilla:firefox:3.5.9", "cpe:/a:mozilla:firefox:3.6.10", "cpe:/a:mozilla:seamonkey:2.3.1", "cpe:/a:mozilla:thunderbird:3.0.11", "cpe:/a:mozilla:seamonkey:2.3.2", "cpe:/a:mozilla:firefox:3.5.2", "cpe:/a:mozilla:thunderbird:3.1.9", "cpe:/a:mozilla:firefox:2.0.0.16", "cpe:/a:mozilla:firefox:3.5.10", "cpe:/a:mozilla:firefox:3.6.6", "cpe:/a:mozilla:firefox:2.0.0.19", "cpe:/a:mozilla:firefox:3.0.17", "cpe:/a:mozilla:thunderbird:3.1.7", "cpe:/a:mozilla:seamonkey:2.6.1", "cpe:/a:mozilla:firefox:2.0.0.11", "cpe:/a:mozilla:firefox:2.0.0.4", "cpe:/a:mozilla:seamonkey:2.0.1", "cpe:/a:mozilla:firefox:3.6.14", "cpe:/a:mozilla:firefox:3.6.18", "cpe:/a:mozilla:seamonkey:2.1"], "id": "CVE-2011-2984", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2984", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:mozilla:firefox:3.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.18:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.5:beta3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:beta_2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.15:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:beta_1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.7:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.17:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.11:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.2:beta3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.5:beta4:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.6:beta3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.9:beta3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.1.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.1.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.2:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.8:beta6:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.1:alpha1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.1:rc2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.17:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.8:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.1.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:alpha_3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.19:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.1:alpha3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.6:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.7:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.1:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.8:beta3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.9:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.6:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.15:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.8:beta4:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.9:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.17:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.19:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.18:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.5:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.14:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.12:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.16:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.8:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.7:beta3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.3:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.4:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.11:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.1.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.4:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.5:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.7.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.8:beta5:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.7:beta5:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.7:beta4:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.16:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.13:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.1.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.1.11:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.2:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.6:beta4:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.17:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.19:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.1:alpha2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.3:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.20:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.1:rc1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.3:beta3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:alpha_1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:alpha_2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.1:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.18:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.0:preview_release:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.14:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.13:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.12:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.1:beta3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.4:beta3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.13:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T05:51:03", "description": "The appendChild function in Mozilla Firefox before 3.6.20, Thunderbird 3.x before 3.1.12, SeaMonkey 2.x, and possibly other products does not properly handle DOM objects, which allows remote attackers to execute arbitrary code via unspecified vectors that lead to dereferencing of a \"dangling pointer.\"", "edition": 6, "cvss3": {}, "published": "2011-08-18T18:55:00", "title": "CVE-2011-2378", "type": "cve", "cwe": ["CWE-94"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2378"], "modified": "2017-09-19T01:33:00", "cpe": ["cpe:/a:mozilla:firefox:2.0.0.9", "cpe:/a:mozilla:thunderbird:3.0.6", "cpe:/a:mozilla:firefox:3.0.2", "cpe:/a:mozilla:firefox:3.5.6", "cpe:/a:mozilla:firefox:1.5.0.3", "cpe:/a:mozilla:thunderbird:3.0.2", "cpe:/a:mozilla:seamonkey:2.0.6", "cpe:/a:mozilla:seamonkey:2.0", "cpe:/a:mozilla:firefox:1.5.0.2", "cpe:/a:mozilla:firefox:2.0.0.14", "cpe:/a:mozilla:firefox:3.5.12", "cpe:/a:mozilla:seamonkey:2.0.7", "cpe:/a:mozilla:firefox:3.5.14", "cpe:/a:mozilla:firefox:2.0.0.18", "cpe:/a:mozilla:firefox:2.0.0.8", "cpe:/a:mozilla:thunderbird:3.1.11", "cpe:/a:mozilla:firefox:3.5.18", "cpe:/a:mozilla:thunderbird:3.0", "cpe:/a:mozilla:firefox:3.0.12", "cpe:/a:mozilla:firefox:1.5.1", "cpe:/a:mozilla:firefox:1.5.4", "cpe:/a:mozilla:firefox:2.0.0.13", "cpe:/a:mozilla:firefox:3.5.19", "cpe:/a:mozilla:seamonkey:2.0.3", "cpe:/a:mozilla:firefox:3.5.3", "cpe:/a:mozilla:firefox:2.0.0.3", "cpe:/a:mozilla:seamonkey:2.0.11", "cpe:/a:mozilla:thunderbird:3.1.6", "cpe:/a:mozilla:firefox:2.0.0.2", "cpe:/a:mozilla:firefox:1.5.0.1", "cpe:/a:mozilla:firefox:3.6.12", "cpe:/a:mozilla:firefox:3.6.7", "cpe:/a:mozilla:firefox:3.6.2", "cpe:/a:mozilla:firefox:2.0.0.12", "cpe:/a:mozilla:firefox:3.5.13", "cpe:/a:mozilla:thunderbird:3.0.7", "cpe:/a:mozilla:firefox:3.0.4", "cpe:/a:mozilla:firefox:3.6.17", "cpe:/a:mozilla:firefox:3.0.14", "cpe:/a:mozilla:firefox:3.6.4", "cpe:/a:mozilla:firefox:1.5.7", "cpe:/a:mozilla:firefox:3.6.19", "cpe:/a:mozilla:firefox:1.0.5", "cpe:/a:mozilla:firefox:2.0.0.17", "cpe:/a:mozilla:firefox:2.0", "cpe:/a:mozilla:thunderbird:3.0.10", "cpe:/a:mozilla:firefox:1.0", "cpe:/a:mozilla:firefox:2.0.0.20", "cpe:/a:mozilla:thunderbird:3.1", "cpe:/a:mozilla:firefox:1.0.3", "cpe:/a:mozilla:firefox:2.0.0.10", "cpe:/a:mozilla:firefox:1.5.0.5", "cpe:/a:mozilla:firefox:1.5.0.12", "cpe:/a:mozilla:firefox:3.5.5", "cpe:/a:mozilla:firefox:3.0.5", "cpe:/a:mozilla:firefox:3.6", "cpe:/a:mozilla:thunderbird:3.1.3", "cpe:/a:mozilla:firefox:1.5.6", "cpe:/a:mozilla:seamonkey:2.0.8", "cpe:/a:mozilla:firefox:1.0.4", "cpe:/a:mozilla:thunderbird:3.0.3", "cpe:/a:mozilla:firefox:2.0.0.7", "cpe:/a:mozilla:firefox:3.5.1", "cpe:/a:mozilla:firefox:3.5.7", "cpe:/a:mozilla:firefox:1.0.7", "cpe:/a:mozilla:firefox:1.0.6", "cpe:/a:mozilla:firefox:3.0.9", "cpe:/a:mozilla:firefox:3.6.8", "cpe:/a:mozilla:firefox:1.0.1", "cpe:/a:mozilla:thunderbird:3.0.8", "cpe:/a:mozilla:firefox:2.0.0.15", "cpe:/a:mozilla:seamonkey:2.0.4", "cpe:/a:mozilla:firefox:3.6.3", "cpe:/a:mozilla:thunderbird:3.1.1", "cpe:/a:mozilla:firefox:3.6.9", "cpe:/a:mozilla:firefox:3.5", "cpe:/a:mozilla:firefox:1.5.0.10", "cpe:/a:mozilla:firefox:3.5.16", "cpe:/a:mozilla:thunderbird:3.1.2", "cpe:/a:mozilla:seamonkey:2.0.14", "cpe:/a:mozilla:firefox:1.0.2", "cpe:/a:mozilla:firefox:3.0.16", "cpe:/a:mozilla:firefox:1.5.8", "cpe:/a:mozilla:seamonkey:2.0.2", "cpe:/a:mozilla:firefox:3.0.13", "cpe:/a:mozilla:seamonkey:2.0.13", "cpe:/a:mozilla:firefox:1.5.5", "cpe:/a:mozilla:firefox:3.0.11", "cpe:/a:mozilla:firefox:1.5.0.4", "cpe:/a:mozilla:firefox:2.0.0.1", "cpe:/a:mozilla:firefox:1.5.0.9", "cpe:/a:mozilla:firefox:1.5.2", "cpe:/a:mozilla:firefox:3.6.16", "cpe:/a:mozilla:thunderbird:3.0.4", "cpe:/a:mozilla:firefox:1.5.0.11", "cpe:/a:mozilla:firefox:3.0.3", "cpe:/a:mozilla:firefox:1.5.0.6", "cpe:/a:mozilla:firefox:2.0.0.6", "cpe:/a:mozilla:firefox:2.0.0.5", "cpe:/a:mozilla:firefox:1.5", "cpe:/a:mozilla:firefox:3.0.6", "cpe:/a:mozilla:firefox:1.5.0.7", "cpe:/a:mozilla:seamonkey:2.0.9", "cpe:/a:mozilla:firefox:3.5.17", "cpe:/a:mozilla:thunderbird:3.1.5", "cpe:/a:mozilla:seamonkey:2.0.5", "cpe:/a:mozilla:seamonkey:2.0.12", "cpe:/a:mozilla:firefox:3.5.8", "cpe:/a:mozilla:thunderbird:3.0.5", "cpe:/a:mozilla:firefox:3.0.15", "cpe:/a:mozilla:firefox:3.0.7", "cpe:/a:mozilla:firefox:3.0", "cpe:/a:mozilla:firefox:3.6.15", "cpe:/a:mozilla:thunderbird:3.1.4", "cpe:/a:mozilla:firefox:1.5.3", "cpe:/a:mozilla:firefox:3.5.11", "cpe:/a:mozilla:thunderbird:3.1.10", "cpe:/a:mozilla:firefox:3.0.10", "cpe:/a:mozilla:firefox:3.6.11", "cpe:/a:mozilla:firefox:3.0.8", "cpe:/a:mozilla:firefox:1.0.8", "cpe:/a:mozilla:thunderbird:3.0.9", "cpe:/a:mozilla:firefox:1.5.0.8", "cpe:/a:mozilla:firefox:3.0.1", "cpe:/a:mozilla:firefox:3.5.15", "cpe:/a:mozilla:firefox:3.6.13", "cpe:/a:mozilla:firefox:3.5.4", "cpe:/a:mozilla:thunderbird:3.0.1", "cpe:/a:mozilla:seamonkey:2.0.10", "cpe:/a:mozilla:firefox:3.5.9", "cpe:/a:mozilla:firefox:3.6.10", "cpe:/a:mozilla:thunderbird:3.0.11", "cpe:/a:mozilla:firefox:3.5.2", "cpe:/a:mozilla:firefox:2.0.0.16", "cpe:/a:mozilla:firefox:3.5.10", "cpe:/a:mozilla:firefox:3.6.6", "cpe:/a:mozilla:firefox:2.0.0.19", "cpe:/a:mozilla:firefox:3.0.17", "cpe:/a:mozilla:thunderbird:3.1.7", "cpe:/a:mozilla:firefox:2.0.0.11", "cpe:/a:mozilla:firefox:2.0.0.4", "cpe:/a:mozilla:seamonkey:2.0.1", "cpe:/a:mozilla:firefox:3.6.14", "cpe:/a:mozilla:firefox:3.6.18", "cpe:/a:mozilla:seamonkey:2.1"], "id": "CVE-2011-2378", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2378", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:mozilla:firefox:3.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.18:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:beta_2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.15:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:beta_1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.17:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.11:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.1.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.1:alpha1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.17:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:alpha_3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.19:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.1:alpha3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.15:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.17:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.19:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.18:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.14:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.12:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.16:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.11:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.1.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.16:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.13:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.1.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.1.11:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.17:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.19:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.1:alpha2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.20:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:alpha_1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:alpha_2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.18:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.0:preview_release:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.14:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.13:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.12:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.13:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T05:51:04", "description": "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.20, Thunderbird 2.x and 3.x before 3.1.12, SeaMonkey 1.x and 2.x, and possibly other products allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.", "edition": 6, "cvss3": {}, "published": "2011-08-18T18:55:00", "title": "CVE-2011-2982", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2982"], "modified": "2017-09-19T01:33:00", "cpe": ["cpe:/a:mozilla:seamonkey:1.0.8", "cpe:/a:mozilla:firefox:2.0.0.9", "cpe:/a:mozilla:thunderbird:3.0.6", "cpe:/a:mozilla:firefox:3.0.2", "cpe:/a:mozilla:firefox:3.5.6", "cpe:/a:mozilla:firefox:1.5.0.3", "cpe:/a:mozilla:thunderbird:3.0.2", "cpe:/a:mozilla:seamonkey:2.0.6", "cpe:/a:mozilla:seamonkey:2.0", "cpe:/a:mozilla:thunderbird:2.0.0.9", "cpe:/a:mozilla:firefox:1.5.0.2", "cpe:/a:mozilla:firefox:2.0.0.14", "cpe:/a:mozilla:firefox:3.5.12", "cpe:/a:mozilla:seamonkey:2.0.7", "cpe:/a:mozilla:firefox:3.5.14", "cpe:/a:mozilla:firefox:2.0.0.18", "cpe:/a:mozilla:firefox:2.0.0.8", "cpe:/a:mozilla:thunderbird:3.1.11", "cpe:/a:mozilla:firefox:3.5.18", "cpe:/a:mozilla:thunderbird:3.0", "cpe:/a:mozilla:firefox:3.0.12", "cpe:/a:mozilla:firefox:1.5.1", "cpe:/a:mozilla:firefox:1.5.4", "cpe:/a:mozilla:seamonkey:1.1.17", "cpe:/a:mozilla:seamonkey:1.0.2", "cpe:/a:mozilla:seamonkey:1.1.2", "cpe:/a:mozilla:firefox:2.0.0.13", "cpe:/a:mozilla:firefox:3.5.19", "cpe:/a:mozilla:seamonkey:1.5.0.10", "cpe:/a:mozilla:seamonkey:1.1.18", "cpe:/a:mozilla:thunderbird:2.0.0.21", "cpe:/a:mozilla:seamonkey:2.0.3", "cpe:/a:mozilla:seamonkey:1.0", "cpe:/a:mozilla:firefox:3.5.3", "cpe:/a:mozilla:seamonkey:1.5.0.9", "cpe:/a:mozilla:firefox:2.0.0.3", "cpe:/a:mozilla:seamonkey:2.0.11", "cpe:/a:mozilla:thunderbird:3.1.6", "cpe:/a:mozilla:firefox:2.0.0.2", "cpe:/a:mozilla:firefox:1.5.0.1", "cpe:/a:mozilla:firefox:3.6.12", "cpe:/a:mozilla:firefox:3.6.7", "cpe:/a:mozilla:firefox:3.6.2", "cpe:/a:mozilla:firefox:2.0.0.12", "cpe:/a:mozilla:firefox:3.5.13", "cpe:/a:mozilla:thunderbird:3.0.7", "cpe:/a:mozilla:firefox:3.0.4", "cpe:/a:mozilla:firefox:3.6.17", "cpe:/a:mozilla:seamonkey:1.0.9", "cpe:/a:mozilla:firefox:3.0.14", "cpe:/a:mozilla:firefox:3.6.4", "cpe:/a:mozilla:firefox:1.5.7", "cpe:/a:mozilla:firefox:3.6.19", "cpe:/a:mozilla:thunderbird:2.0.0.22", "cpe:/a:mozilla:firefox:1.0.5", "cpe:/a:mozilla:thunderbird:2.0.0.12", "cpe:/a:mozilla:firefox:2.0.0.17", "cpe:/a:mozilla:seamonkey:1.1.15", "cpe:/a:mozilla:firefox:2.0", "cpe:/a:mozilla:thunderbird:3.0.10", "cpe:/a:mozilla:firefox:1.0", "cpe:/a:mozilla:firefox:2.0.0.20", "cpe:/a:mozilla:thunderbird:3.1", "cpe:/a:mozilla:firefox:1.0.3", "cpe:/a:mozilla:firefox:2.0.0.10", "cpe:/a:mozilla:seamonkey:1.1.9", "cpe:/a:mozilla:firefox:1.5.0.5", "cpe:/a:mozilla:firefox:1.5.0.12", "cpe:/a:mozilla:seamonkey:1.1.10", "cpe:/a:mozilla:firefox:3.5.5", "cpe:/a:mozilla:firefox:3.0.5", "cpe:/a:mozilla:seamonkey:1.1.12", "cpe:/a:mozilla:firefox:3.6", "cpe:/a:mozilla:thunderbird:3.1.3", "cpe:/a:mozilla:firefox:1.5.6", "cpe:/a:mozilla:seamonkey:2.0.8", "cpe:/a:mozilla:firefox:1.0.4", "cpe:/a:mozilla:seamonkey:1.1.6", "cpe:/a:mozilla:thunderbird:3.0.3", "cpe:/a:mozilla:firefox:2.0.0.7", "cpe:/a:mozilla:firefox:3.5.1", "cpe:/a:mozilla:firefox:3.5.7", "cpe:/a:mozilla:thunderbird:2.0.0.23", "cpe:/a:mozilla:firefox:1.0.7", "cpe:/a:mozilla:seamonkey:1.1.5", "cpe:/a:mozilla:firefox:1.0.6", "cpe:/a:mozilla:firefox:3.0.9", "cpe:/a:mozilla:firefox:3.6.8", "cpe:/a:mozilla:firefox:1.0.1", "cpe:/a:mozilla:seamonkey:1.1.4", "cpe:/a:mozilla:thunderbird:2.0.0.19", "cpe:/a:mozilla:thunderbird:3.0.8", "cpe:/a:mozilla:firefox:2.0.0.15", "cpe:/a:mozilla:seamonkey:2.0.4", "cpe:/a:mozilla:firefox:3.6.3", "cpe:/a:mozilla:thunderbird:2.0.0.7", "cpe:/a:mozilla:thunderbird:3.1.1", "cpe:/a:mozilla:firefox:3.6.9", "cpe:/a:mozilla:firefox:3.5", "cpe:/a:mozilla:firefox:1.5.0.10", "cpe:/a:mozilla:firefox:3.5.16", "cpe:/a:mozilla:thunderbird:3.1.2", "cpe:/a:mozilla:thunderbird:2.0.0.2", "cpe:/a:mozilla:seamonkey:2.0.14", "cpe:/a:mozilla:firefox:1.0.2", "cpe:/a:mozilla:thunderbird:2.0.0.5", "cpe:/a:mozilla:seamonkey:1.0.6", "cpe:/a:mozilla:firefox:3.0.16", "cpe:/a:mozilla:firefox:1.5.8", "cpe:/a:mozilla:seamonkey:2.0.2", "cpe:/a:mozilla:firefox:3.0.13", "cpe:/a:mozilla:seamonkey:1.0.4", "cpe:/a:mozilla:seamonkey:2.0.13", "cpe:/a:mozilla:seamonkey:1.0.5", "cpe:/a:mozilla:firefox:1.5.5", "cpe:/a:mozilla:firefox:3.0.11", "cpe:/a:mozilla:firefox:1.5.0.4", "cpe:/a:mozilla:firefox:2.0.0.1", "cpe:/a:mozilla:firefox:1.5.0.9", "cpe:/a:mozilla:seamonkey:1.0.7", "cpe:/a:mozilla:thunderbird:2.0.0.3", "cpe:/a:mozilla:firefox:1.5.2", "cpe:/a:mozilla:seamonkey:1.1.11", "cpe:/a:mozilla:firefox:3.6.16", "cpe:/a:mozilla:seamonkey:1.1.3", "cpe:/a:mozilla:thunderbird:3.0.4", "cpe:/a:mozilla:firefox:1.5.0.11", "cpe:/a:mozilla:firefox:3.0.3", "cpe:/a:mozilla:firefox:1.5.0.6", "cpe:/a:mozilla:thunderbird:2.0", "cpe:/a:mozilla:firefox:2.0.0.6", "cpe:/a:mozilla:thunderbird:2.0.0.1", "cpe:/a:mozilla:firefox:2.0.0.5", "cpe:/a:mozilla:firefox:1.5", "cpe:/a:mozilla:firefox:3.0.6", "cpe:/a:mozilla:seamonkey:1.1.1", "cpe:/a:mozilla:firefox:1.5.0.7", "cpe:/a:mozilla:seamonkey:1.1.7", "cpe:/a:mozilla:thunderbird:2.0.0.4", "cpe:/a:mozilla:seamonkey:2.0.9", "cpe:/a:mozilla:firefox:3.5.17", "cpe:/a:mozilla:thunderbird:3.1.5", "cpe:/a:mozilla:seamonkey:2.0.5", "cpe:/a:mozilla:seamonkey:2.0.12", "cpe:/a:mozilla:firefox:3.5.8", "cpe:/a:mozilla:seamonkey:1.5.0.8", "cpe:/a:mozilla:thunderbird:2.0.0.0", "cpe:/a:mozilla:thunderbird:3.0.5", "cpe:/a:mozilla:firefox:3.0.15", "cpe:/a:mozilla:firefox:3.0.7", "cpe:/a:mozilla:seamonkey:1.1.14", "cpe:/a:mozilla:seamonkey:1.1.16", "cpe:/a:mozilla:firefox:3.0", "cpe:/a:mozilla:firefox:3.6.15", "cpe:/a:mozilla:thunderbird:3.1.4", "cpe:/a:mozilla:firefox:1.5.3", "cpe:/a:mozilla:firefox:3.5.11", "cpe:/a:mozilla:thunderbird:2.0.0.17", "cpe:/a:mozilla:thunderbird:3.1.10", "cpe:/a:mozilla:firefox:3.0.10", "cpe:/a:mozilla:firefox:3.6.11", "cpe:/a:mozilla:firefox:3.0.8", "cpe:/a:mozilla:firefox:1.0.8", "cpe:/a:mozilla:thunderbird:3.0.9", "cpe:/a:mozilla:firefox:1.5.0.8", "cpe:/a:mozilla:firefox:3.0.1", "cpe:/a:mozilla:seamonkey:1.0.1", "cpe:/a:mozilla:firefox:3.5.15", "cpe:/a:mozilla:firefox:3.6.13", "cpe:/a:mozilla:firefox:3.5.4", "cpe:/a:mozilla:thunderbird:3.0.1", "cpe:/a:mozilla:seamonkey:1.0.3", "cpe:/a:mozilla:seamonkey:2.0.10", "cpe:/a:mozilla:firefox:3.5.9", "cpe:/a:mozilla:firefox:3.6.10", "cpe:/a:mozilla:seamonkey:1.1", "cpe:/a:mozilla:thunderbird:3.0.11", "cpe:/a:mozilla:firefox:3.5.2", "cpe:/a:mozilla:firefox:2.0.0.16", "cpe:/a:mozilla:firefox:3.5.10", "cpe:/a:mozilla:firefox:3.6.6", "cpe:/a:mozilla:seamonkey:1.1.19", "cpe:/a:mozilla:thunderbird:2.0.0.16", "cpe:/a:mozilla:firefox:2.0.0.19", "cpe:/a:mozilla:firefox:3.0.17", "cpe:/a:mozilla:thunderbird:3.1.7", "cpe:/a:mozilla:firefox:2.0.0.11", "cpe:/a:mozilla:thunderbird:2.0.0.14", "cpe:/a:mozilla:firefox:2.0.0.4", "cpe:/a:mozilla:seamonkey:2.0.1", "cpe:/a:mozilla:thunderbird:2.0.0.8", "cpe:/a:mozilla:firefox:3.6.14", "cpe:/a:mozilla:thunderbird:2.0.0.18", "cpe:/a:mozilla:seamonkey:1.1.8", "cpe:/a:mozilla:thunderbird:2.0.0.6", "cpe:/a:mozilla:firefox:3.6.18", "cpe:/a:mozilla:seamonkey:2.1", "cpe:/a:mozilla:seamonkey:1.1.13"], "id": "CVE-2011-2982", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2982", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:mozilla:firefox:3.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.18:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:beta_2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.15:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:2.0.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:beta_1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.17:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.11:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:2.0.0.23:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:2.0.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:2.0.0.19:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.17:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.1.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.1:alpha1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.17:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.14:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:alpha_3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.19:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:2.0.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:2.0.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1:beta:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.1:alpha3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.5.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:2.0.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.18:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.15:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.16:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.15:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1:alpha:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.12:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.17:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.19:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:2.0.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.18:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:2.0.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.14:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.12:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0:beta:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.19:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.16:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:2.0.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:2.0.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:2.0.0.17:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.5.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.11:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.11:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.1.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:2.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.16:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.13:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.1.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.1.11:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:2.0.0.21:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:2.0.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:2.0.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.17:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.19:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.1:alpha2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0:alpha:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:2.0.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.20:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:alpha_1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:alpha_2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:2.0.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.18:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.5.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:2.0.0.18:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.0:preview_release:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.14:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:2.0.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.13:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.12:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.13:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.13:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T05:51:04", "description": "The event-management implementation in Mozilla Firefox before 3.6.20, SeaMonkey 2.x, Thunderbird 3.x before 3.1.12, and possibly other products does not properly select the context for script to run in, which allows remote attackers to bypass the Same Origin Policy or execute arbitrary JavaScript code with chrome privileges via a crafted web site.", "edition": 6, "cvss3": {}, "published": "2011-08-18T18:55:00", "title": "CVE-2011-2981", "type": "cve", "cwe": ["CWE-16"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2981"], "modified": "2017-09-19T01:33:00", "cpe": ["cpe:/a:mozilla:firefox:2.0.0.9", "cpe:/a:mozilla:thunderbird:3.0.6", "cpe:/a:mozilla:firefox:3.0.2", "cpe:/a:mozilla:firefox:3.5.6", "cpe:/a:mozilla:firefox:1.5.0.3", "cpe:/a:mozilla:thunderbird:3.0.2", "cpe:/a:mozilla:seamonkey:2.0.6", "cpe:/a:mozilla:seamonkey:2.0", "cpe:/a:mozilla:firefox:1.5.0.2", "cpe:/a:mozilla:firefox:2.0.0.14", "cpe:/a:mozilla:firefox:3.5.12", "cpe:/a:mozilla:seamonkey:2.0.7", "cpe:/a:mozilla:firefox:3.5.14", "cpe:/a:mozilla:firefox:2.0.0.18", "cpe:/a:mozilla:firefox:2.0.0.8", "cpe:/a:mozilla:thunderbird:3.1.11", "cpe:/a:mozilla:firefox:3.5.18", "cpe:/a:mozilla:thunderbird:3.0", "cpe:/a:mozilla:firefox:3.0.12", "cpe:/a:mozilla:firefox:1.5.1", "cpe:/a:mozilla:firefox:1.5.4", "cpe:/a:mozilla:firefox:2.0.0.13", "cpe:/a:mozilla:firefox:3.5.19", "cpe:/a:mozilla:seamonkey:2.0.3", "cpe:/a:mozilla:firefox:3.5.3", "cpe:/a:mozilla:firefox:2.0.0.3", "cpe:/a:mozilla:seamonkey:2.0.11", "cpe:/a:mozilla:thunderbird:3.1.6", "cpe:/a:mozilla:firefox:2.0.0.2", "cpe:/a:mozilla:firefox:1.5.0.1", "cpe:/a:mozilla:firefox:3.6.12", "cpe:/a:mozilla:firefox:3.6.7", "cpe:/a:mozilla:firefox:3.6.2", "cpe:/a:mozilla:firefox:2.0.0.12", "cpe:/a:mozilla:firefox:3.5.13", "cpe:/a:mozilla:thunderbird:3.0.7", "cpe:/a:mozilla:firefox:3.0.4", "cpe:/a:mozilla:firefox:3.6.17", "cpe:/a:mozilla:firefox:3.0.14", "cpe:/a:mozilla:firefox:3.6.4", "cpe:/a:mozilla:firefox:1.5.7", "cpe:/a:mozilla:firefox:3.6.19", "cpe:/a:mozilla:firefox:1.0.5", "cpe:/a:mozilla:firefox:2.0.0.17", "cpe:/a:mozilla:firefox:2.0", "cpe:/a:mozilla:thunderbird:3.0.10", "cpe:/a:mozilla:firefox:1.0", "cpe:/a:mozilla:firefox:2.0.0.20", "cpe:/a:mozilla:thunderbird:3.1", "cpe:/a:mozilla:firefox:1.0.3", "cpe:/a:mozilla:firefox:2.0.0.10", "cpe:/a:mozilla:firefox:1.5.0.5", "cpe:/a:mozilla:firefox:1.5.0.12", "cpe:/a:mozilla:firefox:3.5.5", "cpe:/a:mozilla:firefox:3.0.5", "cpe:/a:mozilla:firefox:3.6", "cpe:/a:mozilla:thunderbird:3.1.3", "cpe:/a:mozilla:firefox:1.5.6", "cpe:/a:mozilla:seamonkey:2.0.8", "cpe:/a:mozilla:firefox:1.0.4", "cpe:/a:mozilla:thunderbird:3.0.3", "cpe:/a:mozilla:firefox:2.0.0.7", "cpe:/a:mozilla:firefox:3.5.1", "cpe:/a:mozilla:firefox:3.5.7", "cpe:/a:mozilla:firefox:1.0.7", "cpe:/a:mozilla:firefox:1.0.6", "cpe:/a:mozilla:firefox:3.0.9", "cpe:/a:mozilla:firefox:3.6.8", "cpe:/a:mozilla:firefox:1.0.1", "cpe:/a:mozilla:thunderbird:3.0.8", "cpe:/a:mozilla:firefox:2.0.0.15", "cpe:/a:mozilla:seamonkey:2.0.4", "cpe:/a:mozilla:firefox:3.6.3", "cpe:/a:mozilla:thunderbird:3.1.1", "cpe:/a:mozilla:firefox:3.6.9", "cpe:/a:mozilla:firefox:3.5", "cpe:/a:mozilla:firefox:1.5.0.10", "cpe:/a:mozilla:firefox:3.5.16", "cpe:/a:mozilla:thunderbird:3.1.2", "cpe:/a:mozilla:seamonkey:2.0.14", "cpe:/a:mozilla:firefox:1.0.2", "cpe:/a:mozilla:firefox:3.0.16", "cpe:/a:mozilla:firefox:1.5.8", "cpe:/a:mozilla:seamonkey:2.0.2", "cpe:/a:mozilla:firefox:3.0.13", "cpe:/a:mozilla:seamonkey:2.0.13", "cpe:/a:mozilla:firefox:1.5.5", "cpe:/a:mozilla:firefox:3.0.11", "cpe:/a:mozilla:firefox:1.5.0.4", "cpe:/a:mozilla:firefox:2.0.0.1", "cpe:/a:mozilla:firefox:1.5.0.9", "cpe:/a:mozilla:firefox:1.5.2", "cpe:/a:mozilla:firefox:3.6.16", "cpe:/a:mozilla:thunderbird:3.0.4", "cpe:/a:mozilla:firefox:1.5.0.11", "cpe:/a:mozilla:firefox:3.0.3", "cpe:/a:mozilla:firefox:1.5.0.6", "cpe:/a:mozilla:firefox:2.0.0.6", "cpe:/a:mozilla:firefox:2.0.0.5", "cpe:/a:mozilla:firefox:1.5", "cpe:/a:mozilla:firefox:3.0.6", "cpe:/a:mozilla:firefox:1.5.0.7", "cpe:/a:mozilla:seamonkey:2.0.9", "cpe:/a:mozilla:firefox:3.5.17", "cpe:/a:mozilla:thunderbird:3.1.5", "cpe:/a:mozilla:seamonkey:2.0.5", "cpe:/a:mozilla:seamonkey:2.0.12", "cpe:/a:mozilla:firefox:3.5.8", "cpe:/a:mozilla:thunderbird:3.0.5", "cpe:/a:mozilla:firefox:3.0.15", "cpe:/a:mozilla:firefox:3.0.7", "cpe:/a:mozilla:thunderbird:3.1.8", "cpe:/a:mozilla:firefox:3.0", "cpe:/a:mozilla:firefox:3.6.15", "cpe:/a:mozilla:thunderbird:3.1.4", "cpe:/a:mozilla:firefox:1.5.3", "cpe:/a:mozilla:firefox:3.5.11", "cpe:/a:mozilla:thunderbird:3.1.10", "cpe:/a:mozilla:firefox:3.0.10", "cpe:/a:mozilla:firefox:3.6.11", "cpe:/a:mozilla:firefox:3.0.8", "cpe:/a:mozilla:firefox:1.0.8", "cpe:/a:mozilla:thunderbird:3.0.9", "cpe:/a:mozilla:firefox:1.5.0.8", "cpe:/a:mozilla:firefox:3.0.1", "cpe:/a:mozilla:firefox:3.5.15", "cpe:/a:mozilla:firefox:3.6.13", "cpe:/a:mozilla:firefox:3.5.4", "cpe:/a:mozilla:thunderbird:3.0.1", "cpe:/a:mozilla:seamonkey:2.0.10", "cpe:/a:mozilla:firefox:3.5.9", "cpe:/a:mozilla:firefox:3.6.10", "cpe:/a:mozilla:thunderbird:3.0.11", "cpe:/a:mozilla:firefox:3.5.2", "cpe:/a:mozilla:thunderbird:3.1.9", "cpe:/a:mozilla:firefox:2.0.0.16", "cpe:/a:mozilla:firefox:3.5.10", "cpe:/a:mozilla:firefox:3.6.6", "cpe:/a:mozilla:firefox:2.0.0.19", "cpe:/a:mozilla:firefox:3.0.17", "cpe:/a:mozilla:thunderbird:3.1.7", "cpe:/a:mozilla:firefox:2.0.0.11", "cpe:/a:mozilla:firefox:2.0.0.4", "cpe:/a:mozilla:seamonkey:2.0.1", "cpe:/a:mozilla:firefox:3.6.14", "cpe:/a:mozilla:firefox:3.6.18", "cpe:/a:mozilla:seamonkey:2.1"], "id": "CVE-2011-2981", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2981", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:mozilla:firefox:3.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.18:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:beta_2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.15:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:beta_1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.17:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.11:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.1.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.1.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.1:alpha1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.17:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.1.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:alpha_3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.19:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.1:alpha3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.15:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.17:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.19:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.18:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.14:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.12:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.16:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.11:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.1.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.16:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.13:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.1.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.1.11:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.17:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.19:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.1:alpha2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.20:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:alpha_1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:alpha_2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.18:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.0:preview_release:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.14:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.13:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.12:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.13:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T05:50:57", "description": "The SVGTextElement.getCharNumAtPosition function in Mozilla Firefox before 3.6.20, and 4.x through 5; Thunderbird 3.x before 3.1.12 and other versions before 6; SeaMonkey 2.x before 2.3; and possibly other products does not properly handle SVG text, which allows remote attackers to execute arbitrary code via unspecified vectors that lead to a \"dangling pointer.\"", "edition": 6, "cvss3": {}, "published": "2011-08-18T18:55:00", "title": "CVE-2011-0084", "type": "cve", "cwe": ["CWE-94"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-0084"], "modified": "2017-09-19T01:31:00", "cpe": ["cpe:/a:mozilla:firefox:2.0.0.9", "cpe:/a:mozilla:thunderbird:3.0.6", "cpe:/a:mozilla:firefox:3.0.2", "cpe:/a:mozilla:firefox:3.5.6", "cpe:/a:mozilla:firefox:1.5.0.3", "cpe:/a:mozilla:thunderbird:3.0.2", "cpe:/a:mozilla:seamonkey:2.0.6", "cpe:/a:mozilla:seamonkey:2.0", "cpe:/a:mozilla:firefox:1.5.0.2", "cpe:/a:mozilla:firefox:2.0.0.14", "cpe:/a:mozilla:firefox:3.5.12", "cpe:/a:mozilla:seamonkey:2.0.7", "cpe:/a:mozilla:firefox:3.5.14", "cpe:/a:mozilla:firefox:2.0.0.18", "cpe:/a:mozilla:firefox:2.0.0.8", "cpe:/a:mozilla:thunderbird:3.1.11", "cpe:/a:mozilla:firefox:3.5.18", "cpe:/a:mozilla:thunderbird:3.0", "cpe:/a:mozilla:firefox:3.0.12", "cpe:/a:mozilla:firefox:1.5.1", "cpe:/a:mozilla:firefox:1.5.4", "cpe:/a:mozilla:firefox:2.0.0.13", "cpe:/a:mozilla:firefox:3.5.19", "cpe:/a:mozilla:seamonkey:2.0.3", "cpe:/a:mozilla:firefox:4.0.1", "cpe:/a:mozilla:firefox:3.5.3", "cpe:/a:mozilla:firefox:2.0.0.3", "cpe:/a:mozilla:seamonkey:2.0.11", "cpe:/a:mozilla:thunderbird:3.1.6", "cpe:/a:mozilla:firefox:2.0.0.2", "cpe:/a:mozilla:firefox:1.5.0.1", "cpe:/a:mozilla:firefox:3.6.12", "cpe:/a:mozilla:firefox:3.6.7", "cpe:/a:mozilla:firefox:3.6.2", "cpe:/a:mozilla:firefox:2.0.0.12", "cpe:/a:mozilla:firefox:3.5.13", "cpe:/a:mozilla:thunderbird:3.0.7", "cpe:/a:mozilla:firefox:3.0.4", "cpe:/a:mozilla:firefox:3.6.17", "cpe:/a:mozilla:firefox:3.0.14", "cpe:/a:mozilla:firefox:3.6.4", "cpe:/a:mozilla:firefox:1.5.7", "cpe:/a:mozilla:firefox:3.6.19", "cpe:/a:mozilla:firefox:1.0.5", "cpe:/a:mozilla:firefox:2.0.0.17", "cpe:/a:mozilla:firefox:2.0", "cpe:/a:mozilla:thunderbird:3.0.10", "cpe:/a:mozilla:firefox:1.0", "cpe:/a:mozilla:firefox:2.0.0.20", "cpe:/a:mozilla:thunderbird:3.1", "cpe:/a:mozilla:firefox:1.0.3", "cpe:/a:mozilla:firefox:2.0.0.10", "cpe:/a:mozilla:firefox:1.5.0.5", "cpe:/a:mozilla:firefox:1.5.0.12", "cpe:/a:mozilla:firefox:3.5.5", "cpe:/a:mozilla:firefox:3.0.5", "cpe:/a:mozilla:firefox:3.6", "cpe:/a:mozilla:thunderbird:3.1.3", "cpe:/a:mozilla:firefox:4.0", "cpe:/a:mozilla:firefox:1.5.6", "cpe:/a:mozilla:seamonkey:2.0.8", "cpe:/a:mozilla:firefox:1.0.4", "cpe:/a:mozilla:thunderbird:3.0.3", "cpe:/a:mozilla:firefox:2.0.0.7", "cpe:/a:mozilla:firefox:3.5.1", "cpe:/a:mozilla:firefox:3.5.7", "cpe:/a:mozilla:firefox:1.0.7", "cpe:/a:mozilla:firefox:1.0.6", "cpe:/a:mozilla:firefox:3.0.9", "cpe:/a:mozilla:firefox:3.6.8", "cpe:/a:mozilla:firefox:1.0.1", "cpe:/a:mozilla:thunderbird:3.0.8", "cpe:/a:mozilla:firefox:2.0.0.15", "cpe:/a:mozilla:seamonkey:2.0.4", "cpe:/a:mozilla:firefox:3.6.3", "cpe:/a:mozilla:thunderbird:3.1.1", "cpe:/a:mozilla:firefox:3.6.9", "cpe:/a:mozilla:firefox:3.5", "cpe:/a:mozilla:firefox:1.5.0.10", "cpe:/a:mozilla:firefox:3.5.16", "cpe:/a:mozilla:thunderbird:3.1.2", "cpe:/a:mozilla:seamonkey:2.0.14", "cpe:/a:mozilla:firefox:1.0.2", "cpe:/a:mozilla:firefox:3.0.16", "cpe:/a:mozilla:firefox:1.5.8", "cpe:/a:mozilla:seamonkey:2.0.2", "cpe:/a:mozilla:firefox:3.0.13", "cpe:/a:mozilla:seamonkey:2.0.13", "cpe:/a:mozilla:firefox:1.5.5", "cpe:/a:mozilla:firefox:3.0.11", "cpe:/a:mozilla:firefox:1.5.0.4", "cpe:/a:mozilla:firefox:2.0.0.1", "cpe:/a:mozilla:firefox:1.5.0.9", "cpe:/a:mozilla:firefox:1.5.2", "cpe:/a:mozilla:firefox:3.6.16", "cpe:/a:mozilla:thunderbird:3.0.4", "cpe:/a:mozilla:firefox:1.5.0.11", "cpe:/a:mozilla:firefox:3.0.3", "cpe:/a:mozilla:firefox:1.5.0.6", "cpe:/a:mozilla:firefox:2.0.0.6", "cpe:/a:mozilla:firefox:2.0.0.5", "cpe:/a:mozilla:firefox:1.5", "cpe:/a:mozilla:firefox:3.0.6", "cpe:/a:mozilla:firefox:1.5.0.7", "cpe:/a:mozilla:seamonkey:2.0.9", "cpe:/a:mozilla:firefox:3.5.17", "cpe:/a:mozilla:thunderbird:3.1.5", "cpe:/a:mozilla:seamonkey:2.0.5", "cpe:/a:mozilla:seamonkey:2.0.12", "cpe:/a:mozilla:firefox:3.5.8", "cpe:/a:mozilla:firefox:5.0", "cpe:/a:mozilla:thunderbird:3.0.5", "cpe:/a:mozilla:firefox:3.0.15", "cpe:/a:mozilla:firefox:3.0.7", "cpe:/a:mozilla:thunderbird:3.1.8", "cpe:/a:mozilla:firefox:3.0", "cpe:/a:mozilla:firefox:3.6.15", "cpe:/a:mozilla:thunderbird:3.1.4", "cpe:/a:mozilla:firefox:1.5.3", "cpe:/a:mozilla:firefox:3.5.11", "cpe:/a:mozilla:thunderbird:3.1.10", "cpe:/a:mozilla:firefox:3.0.10", "cpe:/a:mozilla:firefox:3.6.11", "cpe:/a:mozilla:firefox:3.0.8", "cpe:/a:mozilla:firefox:1.0.8", "cpe:/a:mozilla:thunderbird:3.0.9", "cpe:/a:mozilla:firefox:1.5.0.8", "cpe:/a:mozilla:firefox:3.0.1", "cpe:/a:mozilla:firefox:3.5.15", "cpe:/a:mozilla:firefox:3.6.13", "cpe:/a:mozilla:firefox:3.5.4", "cpe:/a:mozilla:thunderbird:3.0.1", "cpe:/a:mozilla:seamonkey:2.0.10", "cpe:/a:mozilla:firefox:3.5.9", "cpe:/a:mozilla:firefox:3.6.10", "cpe:/a:mozilla:thunderbird:3.0.11", "cpe:/a:mozilla:firefox:3.5.2", "cpe:/a:mozilla:thunderbird:3.1.9", "cpe:/a:mozilla:firefox:2.0.0.16", "cpe:/a:mozilla:firefox:3.5.10", "cpe:/a:mozilla:firefox:3.6.6", "cpe:/a:mozilla:firefox:2.0.0.19", "cpe:/a:mozilla:firefox:3.0.17", "cpe:/a:mozilla:thunderbird:3.1.7", "cpe:/a:mozilla:firefox:2.0.0.11", "cpe:/a:mozilla:firefox:2.0.0.4", "cpe:/a:mozilla:seamonkey:2.0.1", "cpe:/a:mozilla:firefox:3.6.14", "cpe:/a:mozilla:firefox:3.6.18", "cpe:/a:mozilla:seamonkey:2.1"], "id": "CVE-2011-0084", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0084", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:mozilla:firefox:3.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.18:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:beta_2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.15:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:beta_1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.17:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.11:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta7:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.1.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.1.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.1:alpha1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.17:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.1.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:alpha_3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.19:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.1:alpha3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.15:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.17:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.19:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.18:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta6:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.14:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.12:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.16:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:5.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta10:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.11:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.1.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta5:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.16:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.13:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.1.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.1.11:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta12:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta8:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.17:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.19:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.1:alpha2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta4:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.20:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta9:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:alpha_1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:alpha_2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.18:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta11:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.0:preview_release:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.14:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.13:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.12:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.13:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T05:51:04", "description": "Mozilla Firefox before 3.6.20, Thunderbird 2.x and 3.x before 3.1.12, SeaMonkey 1.x and 2.x, and possibly other products does not properly handle the RegExp.input property, which allows remote attackers to bypass the Same Origin Policy and read data from a different domain via a crafted web site, possibly related to a use-after-free.", "edition": 6, "cvss3": {}, "published": "2011-08-18T18:55:00", "title": "CVE-2011-2983", "type": "cve", "cwe": ["CWE-200"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2983"], "modified": "2017-09-19T01:33:00", "cpe": ["cpe:/a:mozilla:thunderbird:2.0.0.11", "cpe:/a:mozilla:seamonkey:1.0.8", "cpe:/a:mozilla:firefox:2.0.0.9", "cpe:/a:mozilla:thunderbird:3.0.6", "cpe:/a:mozilla:firefox:3.0.2", "cpe:/a:mozilla:firefox:3.5.6", "cpe:/a:mozilla:firefox:1.5.0.3", "cpe:/a:mozilla:thunderbird:3.0.2", "cpe:/a:mozilla:seamonkey:2.0.6", "cpe:/a:mozilla:seamonkey:2.0", "cpe:/a:mozilla:thunderbird:2.0.0.9", "cpe:/a:mozilla:firefox:1.5.0.2", "cpe:/a:mozilla:firefox:2.0.0.14", "cpe:/a:mozilla:firefox:3.5.12", "cpe:/a:mozilla:seamonkey:2.0.7", "cpe:/a:mozilla:seamonkey:2.7.1", "cpe:/a:mozilla:firefox:3.5.14", "cpe:/a:mozilla:firefox:2.0.0.18", "cpe:/a:mozilla:firefox:2.0.0.8", "cpe:/a:mozilla:thunderbird:3.1.11", "cpe:/a:mozilla:firefox:3.5.18", "cpe:/a:mozilla:thunderbird:3.0", "cpe:/a:mozilla:firefox:3.0.12", "cpe:/a:mozilla:firefox:1.5.1", "cpe:/a:mozilla:firefox:1.5.4", "cpe:/a:mozilla:seamonkey:1.1.17", "cpe:/a:mozilla:seamonkey:1.0.2", "cpe:/a:mozilla:seamonkey:1.1.2", "cpe:/a:mozilla:firefox:2.0.0.13", "cpe:/a:mozilla:firefox:3.5.19", "cpe:/a:mozilla:seamonkey:1.5.0.10", "cpe:/a:mozilla:seamonkey:1.1.18", "cpe:/a:mozilla:thunderbird:2.0.0.21", "cpe:/a:mozilla:seamonkey:2.0.3", "cpe:/a:mozilla:seamonkey:1.0", "cpe:/a:mozilla:firefox:3.5.3", "cpe:/a:mozilla:seamonkey:1.5.0.9", "cpe:/a:mozilla:firefox:2.0.0.3", "cpe:/a:mozilla:seamonkey:2.0.11", "cpe:/a:mozilla:thunderbird:3.1.6", "cpe:/a:mozilla:firefox:2.0.0.2", "cpe:/a:mozilla:firefox:1.5.0.1", "cpe:/a:mozilla:firefox:3.6.12", "cpe:/a:mozilla:firefox:3.6.7", "cpe:/a:mozilla:firefox:3.6.2", "cpe:/a:mozilla:seamonkey:2.3", "cpe:/a:mozilla:firefox:2.0.0.12", "cpe:/a:mozilla:firefox:3.5.13", "cpe:/a:mozilla:thunderbird:3.0.7", "cpe:/a:mozilla:firefox:3.0.4", "cpe:/a:mozilla:firefox:3.6.17", "cpe:/a:mozilla:seamonkey:1.0.9", "cpe:/a:mozilla:seamonkey:2.4.1", "cpe:/a:mozilla:seamonkey:2.8", "cpe:/a:mozilla:firefox:3.0.14", "cpe:/a:mozilla:firefox:3.6.4", "cpe:/a:mozilla:firefox:1.5.7", "cpe:/a:mozilla:firefox:3.6.19", "cpe:/a:mozilla:thunderbird:2.0.0.22", "cpe:/a:mozilla:firefox:1.0.5", "cpe:/a:mozilla:thunderbird:2.0.0.12", "cpe:/a:mozilla:firefox:2.0.0.17", "cpe:/a:mozilla:seamonkey:1.1.15", "cpe:/a:mozilla:seamonkey:2.7.2", "cpe:/a:mozilla:firefox:2.0", "cpe:/a:mozilla:thunderbird:3.0.10", "cpe:/a:mozilla:firefox:1.0", "cpe:/a:mozilla:firefox:2.0.0.20", "cpe:/a:mozilla:thunderbird:3.1", "cpe:/a:mozilla:firefox:1.0.3", "cpe:/a:mozilla:firefox:2.0.0.10", "cpe:/a:mozilla:seamonkey:1.1.9", "cpe:/a:mozilla:firefox:1.5.0.5", "cpe:/a:mozilla:firefox:1.5.0.12", "cpe:/a:mozilla:seamonkey:1.1.10", "cpe:/a:mozilla:firefox:3.5.5", "cpe:/a:mozilla:firefox:3.0.5", "cpe:/a:mozilla:seamonkey:1.1.12", "cpe:/a:mozilla:firefox:3.6", "cpe:/a:mozilla:thunderbird:3.1.3", "cpe:/a:mozilla:firefox:1.5.6", "cpe:/a:mozilla:seamonkey:2.0.8", "cpe:/a:mozilla:firefox:1.0.4", "cpe:/a:mozilla:seamonkey:1.1.6", "cpe:/a:mozilla:thunderbird:3.0.3", "cpe:/a:mozilla:firefox:2.0.0.7", "cpe:/a:mozilla:firefox:3.5.1", "cpe:/a:mozilla:firefox:3.5.7", "cpe:/a:mozilla:thunderbird:2.0.0.23", "cpe:/a:mozilla:firefox:1.0.7", "cpe:/a:mozilla:seamonkey:1.1.5", "cpe:/a:mozilla:firefox:1.0.6", "cpe:/a:mozilla:firefox:3.0.9", "cpe:/a:mozilla:firefox:3.6.8", "cpe:/a:mozilla:firefox:1.0.1", "cpe:/a:mozilla:seamonkey:2.4", "cpe:/a:mozilla:seamonkey:1.1.4", "cpe:/a:mozilla:thunderbird:2.0.0.19", "cpe:/a:mozilla:thunderbird:3.0.8", "cpe:/a:mozilla:seamonkey:2.6", "cpe:/a:mozilla:firefox:2.0.0.15", "cpe:/a:mozilla:seamonkey:2.0.4", "cpe:/a:mozilla:firefox:3.6.3", "cpe:/a:mozilla:thunderbird:2.0.0.7", "cpe:/a:mozilla:thunderbird:3.1.1", "cpe:/a:mozilla:firefox:3.6.9", "cpe:/a:mozilla:firefox:3.5", "cpe:/a:mozilla:firefox:1.5.0.10", "cpe:/a:mozilla:firefox:3.5.16", "cpe:/a:mozilla:thunderbird:3.1.2", "cpe:/a:mozilla:thunderbird:2.0.0.2", "cpe:/a:mozilla:seamonkey:2.0.14", "cpe:/a:mozilla:seamonkey:2.5", "cpe:/a:mozilla:firefox:1.0.2", "cpe:/a:mozilla:thunderbird:2.0.0.5", "cpe:/a:mozilla:seamonkey:1.0.6", "cpe:/a:mozilla:seamonkey:2.3.3", "cpe:/a:mozilla:firefox:3.0.16", "cpe:/a:mozilla:firefox:1.5.8", "cpe:/a:mozilla:thunderbird:2.0.0.13", "cpe:/a:mozilla:seamonkey:2.0.2", "cpe:/a:mozilla:firefox:3.0.13", "cpe:/a:mozilla:thunderbird:2.0.0.20", "cpe:/a:mozilla:seamonkey:2.9", "cpe:/a:mozilla:seamonkey:1.0.4", "cpe:/a:mozilla:seamonkey:2.0.13", "cpe:/a:mozilla:seamonkey:2.7", "cpe:/a:mozilla:seamonkey:1.0.5", "cpe:/a:mozilla:firefox:1.5.5", "cpe:/a:mozilla:firefox:3.0.11", "cpe:/a:mozilla:firefox:1.5.0.4", "cpe:/a:mozilla:firefox:2.0.0.1", "cpe:/a:mozilla:firefox:1.5.0.9", "cpe:/a:mozilla:seamonkey:1.0.7", "cpe:/a:mozilla:thunderbird:2.0.0.3", "cpe:/a:mozilla:firefox:1.5.2", "cpe:/a:mozilla:seamonkey:1.1.11", "cpe:/a:mozilla:firefox:3.6.16", "cpe:/a:mozilla:seamonkey:1.1.3", "cpe:/a:mozilla:thunderbird:3.0.4", "cpe:/a:mozilla:firefox:1.5.0.11", "cpe:/a:mozilla:firefox:3.0.3", "cpe:/a:mozilla:firefox:1.5.0.6", "cpe:/a:mozilla:thunderbird:2.0", "cpe:/a:mozilla:firefox:2.0.0.6", "cpe:/a:mozilla:thunderbird:2.0.0.1", "cpe:/a:mozilla:firefox:2.0.0.5", "cpe:/a:mozilla:firefox:1.5", "cpe:/a:mozilla:firefox:3.0.6", "cpe:/a:mozilla:seamonkey:1.1.1", "cpe:/a:mozilla:firefox:1.5.0.7", "cpe:/a:mozilla:seamonkey:1.1.7", "cpe:/a:mozilla:thunderbird:2.0.0.4", "cpe:/a:mozilla:seamonkey:2.0.9", "cpe:/a:mozilla:firefox:3.5.17", "cpe:/a:mozilla:thunderbird:3.1.5", "cpe:/a:mozilla:seamonkey:2.0.5", "cpe:/a:mozilla:seamonkey:2.0.12", "cpe:/a:mozilla:firefox:3.5.8", "cpe:/a:mozilla:seamonkey:1.5.0.8", "cpe:/a:mozilla:thunderbird:2.0.0.0", "cpe:/a:mozilla:thunderbird:3.0.5", "cpe:/a:mozilla:firefox:3.0.15", "cpe:/a:mozilla:firefox:3.0.7", "cpe:/a:mozilla:seamonkey:1.1.14", "cpe:/a:mozilla:thunderbird:3.1.8", "cpe:/a:mozilla:seamonkey:1.1.16", "cpe:/a:mozilla:firefox:3.0", "cpe:/a:mozilla:firefox:3.6.15", "cpe:/a:mozilla:thunderbird:3.1.4", "cpe:/a:mozilla:firefox:1.5.3", "cpe:/a:mozilla:firefox:3.5.11", "cpe:/a:mozilla:thunderbird:2.0.0.17", "cpe:/a:mozilla:thunderbird:3.1.10", "cpe:/a:mozilla:firefox:3.0.10", "cpe:/a:mozilla:firefox:3.6.11", "cpe:/a:mozilla:firefox:3.0.8", "cpe:/a:mozilla:firefox:1.0.8", "cpe:/a:mozilla:thunderbird:3.0.9", "cpe:/a:mozilla:firefox:1.5.0.8", "cpe:/a:mozilla:firefox:3.0.1", "cpe:/a:mozilla:seamonkey:2.2", "cpe:/a:mozilla:seamonkey:1.0.1", "cpe:/a:mozilla:firefox:3.5.15", "cpe:/a:mozilla:firefox:3.6.13", "cpe:/a:mozilla:firefox:3.5.4", "cpe:/a:mozilla:thunderbird:3.0.1", "cpe:/a:mozilla:seamonkey:1.0.3", "cpe:/a:mozilla:seamonkey:2.0.10", "cpe:/a:mozilla:firefox:3.5.9", "cpe:/a:mozilla:firefox:3.6.10", "cpe:/a:mozilla:seamonkey:1.1", "cpe:/a:mozilla:seamonkey:2.3.1", "cpe:/a:mozilla:thunderbird:3.0.11", "cpe:/a:mozilla:seamonkey:2.3.2", "cpe:/a:mozilla:firefox:3.5.2", "cpe:/a:mozilla:thunderbird:3.1.9", "cpe:/a:mozilla:firefox:2.0.0.16", "cpe:/a:mozilla:firefox:3.5.10", "cpe:/a:mozilla:firefox:3.6.6", "cpe:/a:mozilla:seamonkey:1.1.19", "cpe:/a:mozilla:thunderbird:2.0.0.16", "cpe:/a:mozilla:firefox:2.0.0.19", "cpe:/a:mozilla:firefox:3.0.17", "cpe:/a:mozilla:thunderbird:3.1.7", "cpe:/a:mozilla:seamonkey:2.6.1", "cpe:/a:mozilla:firefox:2.0.0.11", "cpe:/a:mozilla:thunderbird:2.0.0.14", "cpe:/a:mozilla:firefox:2.0.0.4", "cpe:/a:mozilla:seamonkey:2.0.1", "cpe:/a:mozilla:thunderbird:2.0.0.15", "cpe:/a:mozilla:thunderbird:2.0.0.8", "cpe:/a:mozilla:firefox:3.6.14", "cpe:/a:mozilla:thunderbird:2.0.0.18", "cpe:/a:mozilla:seamonkey:1.1.8", "cpe:/a:mozilla:thunderbird:2.0.0.6", "cpe:/a:mozilla:firefox:3.6.18", "cpe:/a:mozilla:seamonkey:2.1", "cpe:/a:mozilla:seamonkey:1.1.13"], "id": "CVE-2011-2983", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2983", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:mozilla:firefox:3.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.18:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.5:beta3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:beta_2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.15:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:2.0.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:beta_1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.7:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.17:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.11:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.2:beta3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.5:beta4:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:2.0.0.23:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:2.0.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.6:beta3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.9:beta3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:2.0.0.19:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.1.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.17:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.1.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.2:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.8:beta6:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.1:alpha1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.1:rc2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.17:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:2.0.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.8:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.14:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.1.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:alpha_3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.19:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:2.0.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:2.0.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1:beta:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.1:alpha3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.5.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:2.0.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.6:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.7:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.1:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:2.0.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.8:beta3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.9:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.18:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.6:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.15:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.16:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.15:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.8:beta4:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.9:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1:alpha:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.12:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.17:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.19:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:2.0.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.18:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.5:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:2.0.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.14:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.12:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0:beta:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.19:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.16:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:2.0.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:2.0.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:2.0.0.17:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.5.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.8:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.11:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.7:beta3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.3:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.4:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.11:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.1.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.4:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.5:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.7.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.8:beta5:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.7:beta5:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:2.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.7:beta4:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.16:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.13:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.1.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.1.11:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:2.0.0.21:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:2.0.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.2:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.6:beta4:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:2.0.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.17:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.19:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.1:alpha2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.3:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0:alpha:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:2.0.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:2.0.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.20:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.1:rc1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.3:beta3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:alpha_1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:alpha_2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:2.0.0.20:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.1:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:2.0.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.18:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.5.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:2.0.0.18:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.0:preview_release:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.14:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:2.0.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.13:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.12:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.1:beta3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.4:beta3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.13:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.13:*:*:*:*:*:*:*"]}]}