{"id": "OPENVAS:880022", "type": "openvas", "bulletinFamily": "scanner", "title": "CentOS Update for seamonkey CESA-2008:0104 centos4 i386", "description": "Check for the Version of seamonkey", "published": "2009-02-27T00:00:00", "modified": "2017-07-10T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=880022", "reporter": "Copyright (C) 2009 Greenbone Networks GmbH", "references": ["http://lists.centos.org/pipermail/centos-announce/2008-February/014668.html", "2008:0104"], "cvelist": ["CVE-2008-0417", "CVE-2008-0412", "CVE-2008-0419", "CVE-2008-0593", "CVE-2008-0413", "CVE-2008-0418", "CVE-2008-0592", "CVE-2008-0415", "CVE-2008-0591"], "lastseen": "2017-07-25T10:56:04", "viewCount": 0, "enchantments": {"score": {"value": 6.7, "vector": "NONE", "modified": "2017-07-25T10:56:04", "rev": 2}, "dependencies": {"references": [{"type": "nessus", "idList": ["FEDORA_2008-1435.NASL", "SL_20080207_THUNDERBIRD_ON_SL4_X.NASL", "ORACLELINUX_ELSA-2008-0103.NASL", "REDHAT-RHSA-2008-0103.NASL", "FEDORA_2008-1669.NASL", "FEDORA_2008-1459.NASL", "SL_20080207_SEAMONKEY_ON_SL3_X.NASL", "SUSE_SEAMONKEY-5012.NASL", "DEBIAN_DSA-1506.NASL", "SL_20080207_FIREFOX_ON_SL4_X.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:880136", "OPENVAS:880157", "OPENVAS:1361412562310880157", "OPENVAS:1361412562310870039", "OPENVAS:1361412562310880131", "OPENVAS:880191", "OPENVAS:870023", "OPENVAS:1361412562310880054", "OPENVAS:880131", "OPENVAS:880036"]}, {"type": "fedora", "idList": ["FEDORA:M1D559RO005480", "FEDORA:M1D559RQ005480", "FEDORA:M1DFACWB003439", "FEDORA:M1D559HS005482", "FEDORA:M1D4QHXF004158", "FEDORA:M1D4PIXN003989", "FEDORA:M1D559HU005482", "FEDORA:M1D559HT005482", "FEDORA:M1D4PHXP003988", "FEDORA:M1D559RP005480"]}, {"type": "redhat", "idList": ["RHSA-2008:0104", "RHSA-2008:0103"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1506-2:54D82", "DEBIAN:DSA-1506-1:BBA3D"]}, {"type": "oraclelinux", "idList": ["ELSA-2008-0104", "ELSA-2008-0103"]}, {"type": "suse", "idList": ["SUSE-SA:2008:008"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:8648"]}, {"type": "cve", "idList": ["CVE-2008-0104"]}], "modified": "2017-07-25T10:56:04", "rev": 2}, "vulnersScore": 6.7}, "pluginID": "880022", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for seamonkey CESA-2008:0104 centos4 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"SeaMonkey is an open source Web browser, advanced email and newsgroup\n client, IRC chat client, and HTML editor.\n\n Several flaws were found in the way SeaMonkey processed certain malformed\n web content. A webpage containing malicious content could cause SeaMonkey\n to crash, or potentially execute arbitrary code as the user running\n SeaMonkey. (CVE-2008-0412, CVE-2008-0413, CVE-2008-0415, CVE-2008-0419)\n \n Several flaws were found in the way SeaMonkey displayed malformed web\n content. A webpage containing specially-crafted content could trick a user\n into surrendering sensitive information. (CVE-2008-0591, CVE-2008-0593)\n \n A flaw was found in the way SeaMonkey stored password data. If a user\n saves login information for a malicious website, it could be possible\n to corrupt the password database, preventing the user from properly\n accessing saved password data. (CVE-2008-0417)\n \n A flaw was found in the way SeaMonkey handles certain chrome URLs. If a\n user has certain extensions installed, it could allow a malicious website\n to steal sensitive session data. Note: this flaw does not affect a default\n installation of SeaMonkey. (CVE-2008-0418)\n \n A flaw was found in the way SeaMonkey saves certain text files. If a\n website offers a file of type "plain/text", rather than "text/plain",\n SeaMonkey will not show future "text/plain" content to the user in the\n browser, forcing them to save those files locally to view the content.\n (CVE-2008-0592)\n \n Users of SeaMonkey are advised to upgrade to these updated packages, which\n contain backported patches to resolve these issues.\";\n\ntag_affected = \"seamonkey on CentOS 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2008-February/014668.html\");\n script_id(880022);\n script_version(\"$Revision: 6651 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:45:21 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 08:36:45 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2008:0104\");\n script_cve_id(\"CVE-2008-0412\", \"CVE-2008-0413\", \"CVE-2008-0415\", \"CVE-2008-0417\", \"CVE-2008-0418\", \"CVE-2008-0419\", \"CVE-2008-0591\", \"CVE-2008-0592\", \"CVE-2008-0593\");\n script_name( \"CentOS Update for seamonkey CESA-2008:0104 centos4 i386\");\n\n script_summary(\"Check for the Version of seamonkey\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"seamonkey\", rpm:\"seamonkey~1.0.9~9.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-chat\", rpm:\"seamonkey-chat~1.0.9~9.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-devel\", rpm:\"seamonkey-devel~1.0.9~9.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-dom-inspector\", rpm:\"seamonkey-dom-inspector~1.0.9~9.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-js-debugger\", rpm:\"seamonkey-js-debugger~1.0.9~9.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-mail\", rpm:\"seamonkey-mail~1.0.9~9.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nspr\", rpm:\"seamonkey-nspr~1.0.9~9.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nspr-devel\", rpm:\"seamonkey-nspr-devel~1.0.9~9.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nss\", rpm:\"seamonkey-nss~1.0.9~9.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nss-devel\", rpm:\"seamonkey-nss-devel~1.0.9~9.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "naslFamily": "CentOS Local Security Checks"}

{"nessus": [{"lastseen": "2021-01-17T13:43:50", "description": "Several flaws were found in the way SeaMonkey processed certain\nmalformed web content. A webpage containing malicious content could\ncause SeaMonkey to crash, or potentially execute arbitrary code as the\nuser running SeaMonkey. (CVE-2008-0412, CVE-2008-0413, CVE-2008-0415,\nCVE-2008-0419)\n\nSeveral flaws were found in the way SeaMonkey displayed malformed web\ncontent. A webpage containing specially crafted content could trick a\nuser into surrendering sensitive information. (CVE-2008-0591,\nCVE-2008-0593)\n\nA flaw was found in the way SeaMonkey stored password data. If a user\nsaves login information for a malicious website, it could be possible\nto corrupt the password database, preventing the user from properly\naccessing saved password data. (CVE-2008-0417)\n\nA flaw was found in the way SeaMonkey handles certain chrome URLs. If\na user has certain extensions installed, it could allow a malicious\nwebsite to steal sensitive session data. Note: this flaw does not\naffect a default installation of SeaMonkey. (CVE-2008-0418)\n\nA flaw was found in the way SeaMonkey saves certain text files. If a\nwebsite offers a file of type 'plain/text', rather than 'text/plain',\nSeaMonkey will not show future 'text/plain' content to the user in the\nbrowser, forcing them to save those files locally to view the content.\n(CVE-2008-0592)", "edition": 26, "published": "2012-08-01T00:00:00", "title": "Scientific Linux Security Update : seamonkey on SL3.x, SL4.x i386/x86_64", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-0417", "CVE-2008-0412", "CVE-2008-0419", "CVE-2008-0593", "CVE-2008-0413", "CVE-2008-0418", "CVE-2008-0592", "CVE-2008-0415", "CVE-2008-0591"], "modified": "2012-08-01T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20080207_SEAMONKEY_ON_SL3_X.NASL", "href": "https://www.tenable.com/plugins/nessus/60356", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(60356);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-0412\", \"CVE-2008-0413\", \"CVE-2008-0415\", \"CVE-2008-0417\", \"CVE-2008-0418\", \"CVE-2008-0419\", \"CVE-2008-0591\", \"CVE-2008-0592\", \"CVE-2008-0593\");\n\n script_name(english:\"Scientific Linux Security Update : seamonkey on SL3.x, SL4.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several flaws were found in the way SeaMonkey processed certain\nmalformed web content. A webpage containing malicious content could\ncause SeaMonkey to crash, or potentially execute arbitrary code as the\nuser running SeaMonkey. (CVE-2008-0412, CVE-2008-0413, CVE-2008-0415,\nCVE-2008-0419)\n\nSeveral flaws were found in the way SeaMonkey displayed malformed web\ncontent. A webpage containing specially crafted content could trick a\nuser into surrendering sensitive information. (CVE-2008-0591,\nCVE-2008-0593)\n\nA flaw was found in the way SeaMonkey stored password data. If a user\nsaves login information for a malicious website, it could be possible\nto corrupt the password database, preventing the user from properly\naccessing saved password data. (CVE-2008-0417)\n\nA flaw was found in the way SeaMonkey handles certain chrome URLs. If\na user has certain extensions installed, it could allow a malicious\nwebsite to steal sensitive session data. Note: this flaw does not\naffect a default installation of SeaMonkey. (CVE-2008-0418)\n\nA flaw was found in the way SeaMonkey saves certain text files. If a\nwebsite offers a file of type 'plain/text', rather than 'text/plain',\nSeaMonkey will not show future 'text/plain' content to the user in the\nbrowser, forcing them to save those files locally to view the content.\n(CVE-2008-0592)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind0802&L=scientific-linux-errata&T=0&P=563\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6e2e0135\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(22, 79, 94, 200, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/02/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/02/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL3\", reference:\"seamonkey-1.0.9-0.9.el3\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"seamonkey-chat-1.0.9-0.9.el3\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"seamonkey-devel-1.0.9-0.9.el3\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"seamonkey-dom-inspector-1.0.9-0.9.el3\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"seamonkey-js-debugger-1.0.9-0.9.el3\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"seamonkey-mail-1.0.9-0.9.el3\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"seamonkey-nspr-1.0.9-0.9.el3\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"seamonkey-nspr-devel-1.0.9-0.9.el3\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"seamonkey-nss-1.0.9-0.9.el3\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"seamonkey-nss-devel-1.0.9-0.9.el3\")) flag++;\n\nif (rpm_check(release:\"SL4\", reference:\"seamonkey-1.0.9-9.el4\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"seamonkey-chat-1.0.9-9.el4\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"seamonkey-devel-1.0.9-9.el4\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"seamonkey-dom-inspector-1.0.9-9.el4\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"seamonkey-js-debugger-1.0.9-9.el4\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"seamonkey-mail-1.0.9-9.el4\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"seamonkey-nspr-1.0.9-9.el4\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"seamonkey-nspr-devel-1.0.9-9.el4\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"seamonkey-nss-1.0.9-9.el4\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"seamonkey-nss-devel-1.0.9-9.el4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T13:43:50", "description": "Several flaws were found in the way Firefox processed certain\nmalformed web content. A webpage containing malicious content could\ncause Firefox to crash, or potentially execute arbitrary code as the\nuser running Firefox. (CVE-2008-0412, CVE-2008-0413, CVE-2008-0415,\nCVE-2008-0419)\n\nSeveral flaws were found in the way Firefox displayed malformed web\ncontent. A webpage containing specially crafted content could trick a\nuser into surrendering sensitive information. (CVE-2008-0591,\nCVE-2008-0593)\n\nA flaw was found in the way Firefox stored password data. If a user\nsaves login information for a malicious website, it could be possible\nto corrupt the password database, preventing the user from properly\naccessing saved password data. (CVE-2008-0417)\n\nA flaw was found in the way Firefox handles certain chrome URLs. If a\nuser has certain extensions installed, it could allow a malicious\nwebsite to steal sensitive session data. Note: this flaw does not\naffect a default installation of Firefox. (CVE-2008-0418)\n\nA flaw was found in the way Firefox saves certain text files. If a\nwebsite offers a file of type 'plain/text', rather than 'text/plain',\nFirefox will not show future 'text/plain' content to the user in the\nbrowser, forcing them to save those files locally to view the content.\n(CVE-2008-0592)", "edition": 26, "published": "2012-08-01T00:00:00", "title": "Scientific Linux Security Update : firefox on SL4.x, SL5.x i386/x86_64", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-0417", "CVE-2008-0412", "CVE-2008-0419", "CVE-2008-0593", "CVE-2008-0413", "CVE-2008-0418", "CVE-2008-0592", "CVE-2008-0415", "CVE-2008-0591"], "modified": "2012-08-01T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20080207_FIREFOX_ON_SL4_X.NASL", "href": "https://www.tenable.com/plugins/nessus/60355", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(60355);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-0412\", \"CVE-2008-0413\", \"CVE-2008-0415\", \"CVE-2008-0417\", \"CVE-2008-0418\", \"CVE-2008-0419\", \"CVE-2008-0591\", \"CVE-2008-0592\", \"CVE-2008-0593\");\n\n script_name(english:\"Scientific Linux Security Update : firefox on SL4.x, SL5.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several flaws were found in the way Firefox processed certain\nmalformed web content. A webpage containing malicious content could\ncause Firefox to crash, or potentially execute arbitrary code as the\nuser running Firefox. (CVE-2008-0412, CVE-2008-0413, CVE-2008-0415,\nCVE-2008-0419)\n\nSeveral flaws were found in the way Firefox displayed malformed web\ncontent. A webpage containing specially crafted content could trick a\nuser into surrendering sensitive information. (CVE-2008-0591,\nCVE-2008-0593)\n\nA flaw was found in the way Firefox stored password data. If a user\nsaves login information for a malicious website, it could be possible\nto corrupt the password database, preventing the user from properly\naccessing saved password data. (CVE-2008-0417)\n\nA flaw was found in the way Firefox handles certain chrome URLs. If a\nuser has certain extensions installed, it could allow a malicious\nwebsite to steal sensitive session data. Note: this flaw does not\naffect a default installation of Firefox. (CVE-2008-0418)\n\nA flaw was found in the way Firefox saves certain text files. If a\nwebsite offers a file of type 'plain/text', rather than 'text/plain',\nFirefox will not show future 'text/plain' content to the user in the\nbrowser, forcing them to save those files locally to view the content.\n(CVE-2008-0592)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind0802&L=scientific-linux-errata&T=0&P=440\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f55ac814\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected firefox and / or firefox-devel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(22, 79, 94, 200, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/02/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/02/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL4\", reference:\"firefox-1.5.0.12-0.10.el4\")) flag++;\n\nif (rpm_check(release:\"SL5\", reference:\"firefox-1.5.0.12-9.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"firefox-devel-1.5.0.12-9.el5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T13:43:50", "description": "Several flaws were found in the way Thunderbird processed certain\nmalformed HTML mail content. A HTML mail message containing malicious\ncontent could cause Thunderbird to crash, or potentially execute\narbitrary code as the user running Thunderbird. (CVE-2008-0412,\nCVE-2008-0413, CVE-2008-0415, CVE-2008-0419)\n\nSeveral flaws were found in the way Thunderbird displayed malformed\nHTML mail content. A HTML mail message containing specially crafted\ncontent could trick a user into surrendering sensitive information.\n(CVE-2008-0591, CVE-2008-0593)\n\nA flaw was found in the way Thunderbird handles certain chrome URLs.\nIf a user has certain extensions installed, it could allow a malicious\nHTML mail message to steal sensitive session data. Note: this flaw\ndoes not affect a default installation of Thunderbird. (CVE-2008-0418)\n\nNote: JavaScript support is disabled by default in Thunderbird; the\nabove issues are not exploitable unless JavaScript is enabled.\n\nA flaw was found in the way Thunderbird saves certain text files. If a\nremote site offers a file of type 'plain/text', rather than\n'text/plain', Thunderbird will not show future 'text/plain' content to\nthe user, forcing them to save those files locally to view the\ncontent. (CVE-2008-0592)", "edition": 26, "published": "2012-08-01T00:00:00", "title": "Scientific Linux Security Update : thunderbird on SL4.x, SL5.x i386/x86_64", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-0412", "CVE-2008-0419", "CVE-2008-0593", "CVE-2008-0413", "CVE-2008-0418", "CVE-2008-0592", "CVE-2008-0415", "CVE-2008-0591"], "modified": "2012-08-01T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20080207_THUNDERBIRD_ON_SL4_X.NASL", "href": "https://www.tenable.com/plugins/nessus/60357", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(60357);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-0412\", \"CVE-2008-0413\", \"CVE-2008-0415\", \"CVE-2008-0418\", \"CVE-2008-0419\", \"CVE-2008-0591\", \"CVE-2008-0592\", \"CVE-2008-0593\");\n\n script_name(english:\"Scientific Linux Security Update : thunderbird on SL4.x, SL5.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Scientific Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several flaws were found in the way Thunderbird processed certain\nmalformed HTML mail content. A HTML mail message containing malicious\ncontent could cause Thunderbird to crash, or potentially execute\narbitrary code as the user running Thunderbird. (CVE-2008-0412,\nCVE-2008-0413, CVE-2008-0415, CVE-2008-0419)\n\nSeveral flaws were found in the way Thunderbird displayed malformed\nHTML mail content. A HTML mail message containing specially crafted\ncontent could trick a user into surrendering sensitive information.\n(CVE-2008-0591, CVE-2008-0593)\n\nA flaw was found in the way Thunderbird handles certain chrome URLs.\nIf a user has certain extensions installed, it could allow a malicious\nHTML mail message to steal sensitive session data. Note: this flaw\ndoes not affect a default installation of Thunderbird. (CVE-2008-0418)\n\nNote: JavaScript support is disabled by default in Thunderbird; the\nabove issues are not exploitable unless JavaScript is enabled.\n\nA flaw was found in the way Thunderbird saves certain text files. If a\nremote site offers a file of type 'plain/text', rather than\n'text/plain', Thunderbird will not show future 'text/plain' content to\nthe user, forcing them to save those files locally to view the\ncontent. (CVE-2008-0592)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind0802&L=scientific-linux-errata&T=0&P=313\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?cc1d9eb0\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected thunderbird package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(22, 79, 200, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/02/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL4\", reference:\"thunderbird-1.5.0.12-8.el4\")) flag++;\n\nif (rpm_check(release:\"SL5\", reference:\"thunderbird-1.5.0.12-8.el5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-12T10:06:24", "description": " - Fri Feb 8 2008 Kai Engert <kengert at redhat.com> -\n 1.1.8-1\n\n - SeaMonkey 1.1.8\n\n - Sun Dec 2 2007 Kai Engert <kengert at redhat.com> -\n 1.1.7-1\n\n - SeaMonkey 1.1.7\n\n - Mon Nov 5 2007 Kai Engert <kengert at redhat.com> -\n 1.1.6-1\n\n - SeaMonkey 1.1.6\n\n - Fri Oct 19 2007 Kai Engert <kengert at redhat.com> -\n 1.1.5-2\n\n - SeaMonkey 1.1.5\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 24, "published": "2008-02-14T00:00:00", "title": "Fedora 8 : seamonkey-1.1.8-1.fc8 (2008-1459)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-0417", "CVE-2008-0412", "CVE-2008-0419", "CVE-2008-0593", "CVE-2008-0413", "CVE-2008-0418", "CVE-2008-0592", "CVE-2008-0414", "CVE-2008-0415", "CVE-2008-0591"], "modified": "2008-02-14T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:8", "p-cpe:/a:fedoraproject:fedora:seamonkey"], "id": "FEDORA_2008-1459.NASL", "href": "https://www.tenable.com/plugins/nessus/31061", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2008-1459.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(31061);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2008-0412\", \"CVE-2008-0413\", \"CVE-2008-0414\", \"CVE-2008-0415\", \"CVE-2008-0417\", \"CVE-2008-0418\", \"CVE-2008-0419\", \"CVE-2008-0591\", \"CVE-2008-0592\", \"CVE-2008-0593\");\n script_xref(name:\"FEDORA\", value:\"2008-1459\");\n\n script_name(english:\"Fedora 8 : seamonkey-1.1.8-1.fc8 (2008-1459)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Fri Feb 8 2008 Kai Engert <kengert at redhat.com> -\n 1.1.8-1\n\n - SeaMonkey 1.1.8\n\n - Sun Dec 2 2007 Kai Engert <kengert at redhat.com> -\n 1.1.7-1\n\n - SeaMonkey 1.1.7\n\n - Mon Nov 5 2007 Kai Engert <kengert at redhat.com> -\n 1.1.6-1\n\n - SeaMonkey 1.1.6\n\n - Fri Oct 19 2007 Kai Engert <kengert at redhat.com> -\n 1.1.5-2\n\n - SeaMonkey 1.1.5\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=431732\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=431733\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=431739\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=431742\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=431748\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=431749\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=431751\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=431752\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=431756\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=432040\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-February/007690.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?822faf54\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected seamonkey package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(20, 22, 79, 94, 200, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:seamonkey\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:8\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/02/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/02/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/02/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 8.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC8\", reference:\"seamonkey-1.1.8-1.fc8\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"seamonkey\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-12T10:06:25", "description": " - Fri Feb 8 2008 Kai Engert <kengert at redhat.com> -\n 1.1.8-1\n\n - SeaMonkey 1.1.8\n\n - Sun Dec 2 2007 Kai Engert <kengert at redhat.com> -\n 1.1.7-1\n\n - SeaMonkey 1.1.7\n\n - Mon Nov 5 2007 Kai Engert <kengert at redhat.com> -\n 1.1.6-1\n\n - SeaMonkey 1.1.6\n\n - Fri Oct 19 2007 Kai Engert <kengert at redhat.com> -\n 1.1.5-1\n\n - SeaMonkey 1.1.5\n\n - Fri Jul 27 2007 Martin Stransky <stransky at\n redhat.com> - 1.1.3-2\n\n - added pango patches\n\n - Fri Jul 20 2007 Kai Engert <kengert at redhat.com> -\n 1.1.3-1\n\n - SeaMonkey 1.1.3\n\n - Thu May 31 2007 Kai Engert <kengert at redhat.com>\n 1.1.2-1\n\n - SeaMonkey 1.1.2\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 24, "published": "2008-02-14T00:00:00", "title": "Fedora 7 : seamonkey-1.1.8-1.fc7 (2008-1669)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-0417", "CVE-2008-0412", "CVE-2008-0419", "CVE-2008-0593", "CVE-2008-0413", "CVE-2008-0418", "CVE-2008-0592", "CVE-2008-0414", "CVE-2008-0415", "CVE-2008-0591"], "modified": "2008-02-14T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:7", "p-cpe:/a:fedoraproject:fedora:seamonkey"], "id": "FEDORA_2008-1669.NASL", "href": "https://www.tenable.com/plugins/nessus/31080", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2008-1669.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(31080);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2008-0412\", \"CVE-2008-0413\", \"CVE-2008-0414\", \"CVE-2008-0415\", \"CVE-2008-0417\", \"CVE-2008-0418\", \"CVE-2008-0419\", \"CVE-2008-0591\", \"CVE-2008-0592\", \"CVE-2008-0593\");\n script_xref(name:\"FEDORA\", value:\"2008-1669\");\n\n script_name(english:\"Fedora 7 : seamonkey-1.1.8-1.fc7 (2008-1669)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Fri Feb 8 2008 Kai Engert <kengert at redhat.com> -\n 1.1.8-1\n\n - SeaMonkey 1.1.8\n\n - Sun Dec 2 2007 Kai Engert <kengert at redhat.com> -\n 1.1.7-1\n\n - SeaMonkey 1.1.7\n\n - Mon Nov 5 2007 Kai Engert <kengert at redhat.com> -\n 1.1.6-1\n\n - SeaMonkey 1.1.6\n\n - Fri Oct 19 2007 Kai Engert <kengert at redhat.com> -\n 1.1.5-1\n\n - SeaMonkey 1.1.5\n\n - Fri Jul 27 2007 Martin Stransky <stransky at\n redhat.com> - 1.1.3-2\n\n - added pango patches\n\n - Fri Jul 20 2007 Kai Engert <kengert at redhat.com> -\n 1.1.3-1\n\n - SeaMonkey 1.1.3\n\n - Thu May 31 2007 Kai Engert <kengert at redhat.com>\n 1.1.2-1\n\n - SeaMonkey 1.1.2\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=431732\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=431733\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=431739\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=431742\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=431748\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=431749\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=431751\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=431752\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=431756\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=432040\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-February/007899.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?83497686\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected seamonkey package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(20, 22, 79, 94, 200, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:seamonkey\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:7\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/02/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/02/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 7.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC7\", reference:\"seamonkey-1.1.8-1.fc7\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"seamonkey\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T14:47:06", "description": "This update backports changes to Mozilla SeaMonkey to the level of the\nsecurity update version 1.8.1.12\n\nFollowing security problems were fixed :\n\n - MFSA 2008-11/CVE-2008-0594 Web forgery overwrite with\n div overlay\n\n - MFSA 2008-10/CVE-2008-0593 URL token stealing via\n stylesheet redirect\n\n - MFSA 2008-09/CVE-2008-0592 Mishandling of locally-saved\n plain text files\n\n - MFSA 2008-08/CVE-2008-0591 File action dialog tampering\n\n - MFSA 2008-06/CVE-2008-0419 Web browsing history and\n forward navigation stealing\n\n - MFSA 2008-05/CVE-2008-0418 Directory traversal via\n chrome: URI\n\n - MFSA 2008-04/CVE-2008-0417 Stored password corruption\n\n - MFSA 2008-03/CVE-2008-0415 Privilege escalation, XSS,\n Remote Code Execution\n\n - MFSA 2008-02/CVE-2008-0414 Multiple file input focus\n stealing vulnerabilities\n\n - MFSA 2008-01/CVE-2008-0412/CVE-2008-0413 Crashes with\n evidence of memory corruption (rv:1.8.1.12)", "edition": 25, "published": "2008-02-18T00:00:00", "title": "openSUSE 10 Security Update : seamonkey (seamonkey-5011)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-0417", "CVE-2008-0412", "CVE-2008-0419", "CVE-2008-0594", "CVE-2008-0593", "CVE-2008-0413", "CVE-2008-0418", "CVE-2008-0592", "CVE-2008-0414", "CVE-2008-0415", "CVE-2008-0591"], "modified": "2008-02-18T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:seamonkey-calendar", "p-cpe:/a:novell:opensuse:seamonkey-mail", "p-cpe:/a:novell:opensuse:seamonkey-dom-inspector", "p-cpe:/a:novell:opensuse:seamonkey-spellchecker", "p-cpe:/a:novell:opensuse:seamonkey-venkman", "cpe:/o:novell:opensuse:10.1", "p-cpe:/a:novell:opensuse:seamonkey-irc", "p-cpe:/a:novell:opensuse:seamonkey"], "id": "SUSE_SEAMONKEY-5011.NASL", "href": "https://www.tenable.com/plugins/nessus/31113", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update seamonkey-5011.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(31113);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-0412\", \"CVE-2008-0413\", \"CVE-2008-0414\", \"CVE-2008-0415\", \"CVE-2008-0417\", \"CVE-2008-0418\", \"CVE-2008-0419\", \"CVE-2008-0591\", \"CVE-2008-0592\", \"CVE-2008-0593\", \"CVE-2008-0594\");\n\n script_name(english:\"openSUSE 10 Security Update : seamonkey (seamonkey-5011)\");\n script_summary(english:\"Check for the seamonkey-5011 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update backports changes to Mozilla SeaMonkey to the level of the\nsecurity update version 1.8.1.12\n\nFollowing security problems were fixed :\n\n - MFSA 2008-11/CVE-2008-0594 Web forgery overwrite with\n div overlay\n\n - MFSA 2008-10/CVE-2008-0593 URL token stealing via\n stylesheet redirect\n\n - MFSA 2008-09/CVE-2008-0592 Mishandling of locally-saved\n plain text files\n\n - MFSA 2008-08/CVE-2008-0591 File action dialog tampering\n\n - MFSA 2008-06/CVE-2008-0419 Web browsing history and\n forward navigation stealing\n\n - MFSA 2008-05/CVE-2008-0418 Directory traversal via\n chrome: URI\n\n - MFSA 2008-04/CVE-2008-0417 Stored password corruption\n\n - MFSA 2008-03/CVE-2008-0415 Privilege escalation, XSS,\n Remote Code Execution\n\n - MFSA 2008-02/CVE-2008-0414 Multiple file input focus\n stealing vulnerabilities\n\n - MFSA 2008-01/CVE-2008-0412/CVE-2008-0413 Crashes with\n evidence of memory corruption (rv:1.8.1.12)\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected seamonkey packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(20, 22, 79, 94, 200, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-calendar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-dom-inspector\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-irc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-mail\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-spellchecker\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-venkman\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/02/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/02/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.1\", reference:\"seamonkey-1.0.9-1.10\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"seamonkey-calendar-1.0.9-1.10\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"seamonkey-dom-inspector-1.0.9-1.10\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"seamonkey-irc-1.0.9-1.10\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"seamonkey-mail-1.0.9-1.10\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"seamonkey-spellchecker-1.0.9-1.10\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"seamonkey-venkman-1.0.9-1.10\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"seamonkey\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T13:05:59", "description": "Updated firefox packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 4 and 5.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nMozilla Firefox is an open source Web browser.\n\nSeveral flaws were found in the way Firefox processed certain\nmalformed web content. A webpage containing malicious content could\ncause Firefox to crash, or potentially execute arbitrary code as the\nuser running Firefox. (CVE-2008-0412, CVE-2008-0413, CVE-2008-0415,\nCVE-2008-0419)\n\nSeveral flaws were found in the way Firefox displayed malformed web\ncontent. A webpage containing specially crafted content could trick a\nuser into surrendering sensitive information. (CVE-2008-0591,\nCVE-2008-0593)\n\nA flaw was found in the way Firefox stored password data. If a user\nsaves login information for a malicious website, it could be possible\nto corrupt the password database, preventing the user from properly\naccessing saved password data. (CVE-2008-0417)\n\nA flaw was found in the way Firefox handles certain chrome URLs. If a\nuser has certain extensions installed, it could allow a malicious\nwebsite to steal sensitive session data. Note: this flaw does not\naffect a default installation of Firefox. (CVE-2008-0418)\n\nA flaw was found in the way Firefox saves certain text files. If a\nwebsite offers a file of type 'plain/text', rather than 'text/plain',\nFirefox will not show future 'text/plain' content to the user in the\nbrowser, forcing them to save those files locally to view the content.\n(CVE-2008-0592)\n\nUsers of firefox are advised to upgrade to these updated packages,\nwhich contain backported patches to resolve these issues.", "edition": 28, "published": "2008-02-11T00:00:00", "title": "RHEL 4 / 5 : firefox (RHSA-2008:0103)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-0417", "CVE-2008-0412", "CVE-2008-0419", "CVE-2008-0593", "CVE-2008-0413", "CVE-2008-0418", "CVE-2008-0416", "CVE-2008-0592", "CVE-2008-0420", "CVE-2008-0415", "CVE-2008-0591"], "modified": "2008-02-11T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:4", "cpe:/o:redhat:enterprise_linux:5", "p-cpe:/a:redhat:enterprise_linux:firefox-devel", "p-cpe:/a:redhat:enterprise_linux:firefox", "cpe:/o:redhat:enterprise_linux:5.1", "cpe:/o:redhat:enterprise_linux:4.6"], "id": "REDHAT-RHSA-2008-0103.NASL", "href": "https://www.tenable.com/plugins/nessus/30245", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2008:0103. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(30245);\n script_version(\"1.27\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-0412\", \"CVE-2008-0413\", \"CVE-2008-0415\", \"CVE-2008-0416\", \"CVE-2008-0417\", \"CVE-2008-0418\", \"CVE-2008-0419\", \"CVE-2008-0420\", \"CVE-2008-0591\", \"CVE-2008-0592\", \"CVE-2008-0593\");\n script_bugtraq_id(24293, 27406, 27683);\n script_xref(name:\"RHSA\", value:\"2008:0103\");\n\n script_name(english:\"RHEL 4 / 5 : firefox (RHSA-2008:0103)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated firefox packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 4 and 5.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nMozilla Firefox is an open source Web browser.\n\nSeveral flaws were found in the way Firefox processed certain\nmalformed web content. A webpage containing malicious content could\ncause Firefox to crash, or potentially execute arbitrary code as the\nuser running Firefox. (CVE-2008-0412, CVE-2008-0413, CVE-2008-0415,\nCVE-2008-0419)\n\nSeveral flaws were found in the way Firefox displayed malformed web\ncontent. A webpage containing specially crafted content could trick a\nuser into surrendering sensitive information. (CVE-2008-0591,\nCVE-2008-0593)\n\nA flaw was found in the way Firefox stored password data. If a user\nsaves login information for a malicious website, it could be possible\nto corrupt the password database, preventing the user from properly\naccessing saved password data. (CVE-2008-0417)\n\nA flaw was found in the way Firefox handles certain chrome URLs. If a\nuser has certain extensions installed, it could allow a malicious\nwebsite to steal sensitive session data. Note: this flaw does not\naffect a default installation of Firefox. (CVE-2008-0418)\n\nA flaw was found in the way Firefox saves certain text files. If a\nwebsite offers a file of type 'plain/text', rather than 'text/plain',\nFirefox will not show future 'text/plain' content to the user in the\nbrowser, forcing them to save those files locally to view the content.\n(CVE-2008-0592)\n\nUsers of firefox are advised to upgrade to these updated packages,\nwhich contain backported patches to resolve these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-0412\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-0413\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-0415\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-0416\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-0417\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-0418\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-0419\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-0420\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-0591\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-0592\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-0593\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2008:0103\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected firefox and / or firefox-devel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(22, 79, 94, 200, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:firefox-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/02/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/02/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/02/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x / 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2008:0103\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL4\", reference:\"firefox-1.5.0.12-0.10.el4\")) flag++;\n\n\n if (rpm_check(release:\"RHEL5\", reference:\"firefox-1.5.0.12-9.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"firefox-devel-1.5.0.12-9.el5\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox / firefox-devel\");\n }\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T12:44:06", "description": "From Red Hat Security Advisory 2008:0103 :\n\nUpdated firefox packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 4 and 5.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nMozilla Firefox is an open source Web browser.\n\nSeveral flaws were found in the way Firefox processed certain\nmalformed web content. A webpage containing malicious content could\ncause Firefox to crash, or potentially execute arbitrary code as the\nuser running Firefox. (CVE-2008-0412, CVE-2008-0413, CVE-2008-0415,\nCVE-2008-0419)\n\nSeveral flaws were found in the way Firefox displayed malformed web\ncontent. A webpage containing specially crafted content could trick a\nuser into surrendering sensitive information. (CVE-2008-0591,\nCVE-2008-0593)\n\nA flaw was found in the way Firefox stored password data. If a user\nsaves login information for a malicious website, it could be possible\nto corrupt the password database, preventing the user from properly\naccessing saved password data. (CVE-2008-0417)\n\nA flaw was found in the way Firefox handles certain chrome URLs. If a\nuser has certain extensions installed, it could allow a malicious\nwebsite to steal sensitive session data. Note: this flaw does not\naffect a default installation of Firefox. (CVE-2008-0418)\n\nA flaw was found in the way Firefox saves certain text files. If a\nwebsite offers a file of type 'plain/text', rather than 'text/plain',\nFirefox will not show future 'text/plain' content to the user in the\nbrowser, forcing them to save those files locally to view the content.\n(CVE-2008-0592)\n\nUsers of firefox are advised to upgrade to these updated packages,\nwhich contain backported patches to resolve these issues.", "edition": 26, "published": "2013-07-12T00:00:00", "title": "Oracle Linux 4 / 5 : firefox (ELSA-2008-0103)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-0417", "CVE-2008-0412", "CVE-2008-0419", "CVE-2008-0593", "CVE-2008-0413", "CVE-2008-0418", "CVE-2008-0416", "CVE-2008-0592", "CVE-2008-0420", "CVE-2008-0415", "CVE-2008-0591"], "modified": "2013-07-12T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:firefox", "cpe:/o:oracle:linux:5", "p-cpe:/a:oracle:linux:firefox-devel", "cpe:/o:oracle:linux:4"], "id": "ORACLELINUX_ELSA-2008-0103.NASL", "href": "https://www.tenable.com/plugins/nessus/67647", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2008:0103 and \n# Oracle Linux Security Advisory ELSA-2008-0103 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(67647);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-0412\", \"CVE-2008-0413\", \"CVE-2008-0415\", \"CVE-2008-0416\", \"CVE-2008-0417\", \"CVE-2008-0418\", \"CVE-2008-0419\", \"CVE-2008-0420\", \"CVE-2008-0591\", \"CVE-2008-0592\", \"CVE-2008-0593\");\n script_bugtraq_id(24293, 27406, 27683);\n script_xref(name:\"RHSA\", value:\"2008:0103\");\n\n script_name(english:\"Oracle Linux 4 / 5 : firefox (ELSA-2008-0103)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2008:0103 :\n\nUpdated firefox packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 4 and 5.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nMozilla Firefox is an open source Web browser.\n\nSeveral flaws were found in the way Firefox processed certain\nmalformed web content. A webpage containing malicious content could\ncause Firefox to crash, or potentially execute arbitrary code as the\nuser running Firefox. (CVE-2008-0412, CVE-2008-0413, CVE-2008-0415,\nCVE-2008-0419)\n\nSeveral flaws were found in the way Firefox displayed malformed web\ncontent. A webpage containing specially crafted content could trick a\nuser into surrendering sensitive information. (CVE-2008-0591,\nCVE-2008-0593)\n\nA flaw was found in the way Firefox stored password data. If a user\nsaves login information for a malicious website, it could be possible\nto corrupt the password database, preventing the user from properly\naccessing saved password data. (CVE-2008-0417)\n\nA flaw was found in the way Firefox handles certain chrome URLs. If a\nuser has certain extensions installed, it could allow a malicious\nwebsite to steal sensitive session data. Note: this flaw does not\naffect a default installation of Firefox. (CVE-2008-0418)\n\nA flaw was found in the way Firefox saves certain text files. If a\nwebsite offers a file of type 'plain/text', rather than 'text/plain',\nFirefox will not show future 'text/plain' content to the user in the\nbrowser, forcing them to save those files locally to view the content.\n(CVE-2008-0592)\n\nUsers of firefox are advised to upgrade to these updated packages,\nwhich contain backported patches to resolve these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2008-February/000508.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2008-February/000509.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected firefox packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(22, 79, 94, 200, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:firefox-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/02/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/02/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 4 / 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"firefox-1.5.0.12-0.10.el4.0.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"firefox-1.5.0.12-0.10.el4.0.1\")) flag++;\n\nif (rpm_check(release:\"EL5\", reference:\"firefox-1.5.0.12-9.el5.0.1\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"firefox-devel-1.5.0.12-9.el5.0.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox / firefox-devel\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T14:47:06", "description": "This update brings Mozilla SeaMonkey to security update version\n1.8.1.12\n\nFollowing security problems were fixed :\n\n - MFSA 2008-11/CVE-2008-0594 Web forgery overwrite with\n div overlay\n\n - MFSA 2008-10/CVE-2008-0593 URL token stealing via\n stylesheet redirect\n\n - MFSA 2008-09/CVE-2008-0592 Mishandling of locally-saved\n plain text files\n\n - MFSA 2008-08/CVE-2008-0591 File action dialog tampering\n\n - MFSA 2008-06/CVE-2008-0419 Web browsing history and\n forward navigation stealing\n\n - MFSA 2008-05/CVE-2008-0418 Directory traversal via\n chrome: URI\n\n - MFSA 2008-04/CVE-2008-0417 Stored password corruption\n\n - MFSA 2008-03/CVE-2008-0415 Privilege escalation, XSS,\n Remote Code Execution\n\n - MFSA 2008-02/CVE-2008-0414 Multiple file input focus\n stealing vulnerabilities\n\n - MFSA 2008-01/CVE-2008-0412/CVE-2008-0413 Crashes with\n evidence of memory corruption (rv:1.8.1.12)", "edition": 24, "published": "2008-02-18T00:00:00", "title": "openSUSE 10 Security Update : seamonkey (seamonkey-5012)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-0417", "CVE-2008-0412", "CVE-2008-0419", "CVE-2008-0594", "CVE-2008-0593", "CVE-2008-0413", "CVE-2008-0418", "CVE-2008-0592", "CVE-2008-0414", "CVE-2008-0415", "CVE-2008-0591"], "modified": "2008-02-18T00:00:00", "cpe": ["cpe:/o:novell:opensuse:10.3", "cpe:/o:novell:opensuse:10.2", "p-cpe:/a:novell:opensuse:seamonkey-mail", "p-cpe:/a:novell:opensuse:seamonkey-dom-inspector", "p-cpe:/a:novell:opensuse:seamonkey-spellchecker", "p-cpe:/a:novell:opensuse:seamonkey-venkman", "p-cpe:/a:novell:opensuse:seamonkey-irc", "p-cpe:/a:novell:opensuse:seamonkey"], "id": "SUSE_SEAMONKEY-5012.NASL", "href": "https://www.tenable.com/plugins/nessus/31114", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update seamonkey-5012.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(31114);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-0412\", \"CVE-2008-0413\", \"CVE-2008-0414\", \"CVE-2008-0415\", \"CVE-2008-0417\", \"CVE-2008-0418\", \"CVE-2008-0419\", \"CVE-2008-0591\", \"CVE-2008-0592\", \"CVE-2008-0593\", \"CVE-2008-0594\");\n\n script_name(english:\"openSUSE 10 Security Update : seamonkey (seamonkey-5012)\");\n script_summary(english:\"Check for the seamonkey-5012 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update brings Mozilla SeaMonkey to security update version\n1.8.1.12\n\nFollowing security problems were fixed :\n\n - MFSA 2008-11/CVE-2008-0594 Web forgery overwrite with\n div overlay\n\n - MFSA 2008-10/CVE-2008-0593 URL token stealing via\n stylesheet redirect\n\n - MFSA 2008-09/CVE-2008-0592 Mishandling of locally-saved\n plain text files\n\n - MFSA 2008-08/CVE-2008-0591 File action dialog tampering\n\n - MFSA 2008-06/CVE-2008-0419 Web browsing history and\n forward navigation stealing\n\n - MFSA 2008-05/CVE-2008-0418 Directory traversal via\n chrome: URI\n\n - MFSA 2008-04/CVE-2008-0417 Stored password corruption\n\n - MFSA 2008-03/CVE-2008-0415 Privilege escalation, XSS,\n Remote Code Execution\n\n - MFSA 2008-02/CVE-2008-0414 Multiple file input focus\n stealing vulnerabilities\n\n - MFSA 2008-01/CVE-2008-0412/CVE-2008-0413 Crashes with\n evidence of memory corruption (rv:1.8.1.12)\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected seamonkey packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(20, 22, 79, 94, 200, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-dom-inspector\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-irc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-mail\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-spellchecker\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-venkman\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/02/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/02/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.2|SUSE10\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.2 / 10.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.2\", reference:\"seamonkey-1.1.8-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"seamonkey-dom-inspector-1.1.8-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"seamonkey-irc-1.1.8-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"seamonkey-mail-1.1.8-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"seamonkey-spellchecker-1.1.8-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"seamonkey-venkman-1.1.8-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"seamonkey-1.1.8-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"seamonkey-dom-inspector-1.1.8-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"seamonkey-irc-1.1.8-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"seamonkey-mail-1.1.8-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"seamonkey-spellchecker-1.1.8-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"seamonkey-venkman-1.1.8-0.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"seamonkey\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-12T10:06:24", "description": "Mozilla Firefox is an open source Web browser. Several flaws were\nfound in the way Firefox processed certain malformed web content. A\nweb page containing malicious content could cause Firefox to crash, or\npotentially execute arbitrary code as the user running Firefox.\n(CVE-2008-0412, CVE-2008-0413, CVE-2008-0415, CVE-2008-0419) Several\nflaws were found in the way Firefox displayed malformed web content. A\nweb page containing specially crafted content could trick a user into\nsurrendering sensitive information. (CVE-2008-0591, CVE-2008-0593) A\nflaw was found in the way Firefox stored password data. If a user\nsaves login information for a malicious website, it could be possible\nto corrupt the password database, preventing the user from properly\naccessing saved password data. (CVE-2008-0417) A flaw was found in the\nway Firefox handles certain chrome URLs. If a user has certain\nextensions installed, it could allow a malicious website to steal\nsensitive session data. Note: this flaw does not affect a default\ninstallation of Firefox. (CVE-2008-0418) A flaw was found in the way\nFirefox saves certain text files. If a website offers a file of type\n'plain/text', rather than 'text/plain', Firefox will not show future\n'text/plain' content to the user in the browser, forcing them to save\nthose files locally to view the content. (CVE-2008-0592) Users of\nfirefox are advised to upgrade to these updated packages, which\ncontain updated packages to resolve these issues.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 25, "published": "2008-02-14T00:00:00", "title": "Fedora 7 : Miro-1.1-3.fc7 / chmsee-1.0.0-1.28.fc7 / devhelp-0.13-13.fc7 / epiphany-2.18.3-6.fc7 / etc (2008-1435)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-0417", "CVE-2008-0412", "CVE-2008-0419", "CVE-2008-0594", "CVE-2008-0593", "CVE-2008-0413", "CVE-2008-0418", "CVE-2008-0592", "CVE-2008-0414", "CVE-2008-0415", "CVE-2008-0591"], "modified": "2008-02-14T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:firefox", "p-cpe:/a:fedoraproject:fedora:openvrml", "p-cpe:/a:fedoraproject:fedora:epiphany", "p-cpe:/a:fedoraproject:fedora:chmsee", "cpe:/o:fedoraproject:fedora:7", "p-cpe:/a:fedoraproject:fedora:ruby-gnome2", "p-cpe:/a:fedoraproject:fedora:kazehakase", "p-cpe:/a:fedoraproject:fedora:gnome-python2-extras", "p-cpe:/a:fedoraproject:fedora:epiphany-extensions", "p-cpe:/a:fedoraproject:fedora:galeon", "p-cpe:/a:fedoraproject:fedora:devhelp", "p-cpe:/a:fedoraproject:fedora:Miro", "p-cpe:/a:fedoraproject:fedora:liferea", "p-cpe:/a:fedoraproject:fedora:gtkmozembedmm", "p-cpe:/a:fedoraproject:fedora:yelp"], "id": "FEDORA_2008-1435.NASL", "href": "https://www.tenable.com/plugins/nessus/31060", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2008-1435.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(31060);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2008-0412\", \"CVE-2008-0413\", \"CVE-2008-0414\", \"CVE-2008-0415\", \"CVE-2008-0417\", \"CVE-2008-0418\", \"CVE-2008-0419\", \"CVE-2008-0591\", \"CVE-2008-0592\", \"CVE-2008-0593\", \"CVE-2008-0594\");\n script_xref(name:\"FEDORA\", value:\"2008-1435\");\n\n script_name(english:\"Fedora 7 : Miro-1.1-3.fc7 / chmsee-1.0.0-1.28.fc7 / devhelp-0.13-13.fc7 / epiphany-2.18.3-6.fc7 / etc (2008-1435)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Mozilla Firefox is an open source Web browser. Several flaws were\nfound in the way Firefox processed certain malformed web content. A\nweb page containing malicious content could cause Firefox to crash, or\npotentially execute arbitrary code as the user running Firefox.\n(CVE-2008-0412, CVE-2008-0413, CVE-2008-0415, CVE-2008-0419) Several\nflaws were found in the way Firefox displayed malformed web content. A\nweb page containing specially crafted content could trick a user into\nsurrendering sensitive information. (CVE-2008-0591, CVE-2008-0593) A\nflaw was found in the way Firefox stored password data. If a user\nsaves login information for a malicious website, it could be possible\nto corrupt the password database, preventing the user from properly\naccessing saved password data. (CVE-2008-0417) A flaw was found in the\nway Firefox handles certain chrome URLs. If a user has certain\nextensions installed, it could allow a malicious website to steal\nsensitive session data. Note: this flaw does not affect a default\ninstallation of Firefox. (CVE-2008-0418) A flaw was found in the way\nFirefox saves certain text files. If a website offers a file of type\n'plain/text', rather than 'text/plain', Firefox will not show future\n'text/plain' content to the user in the browser, forcing them to save\nthose files locally to view the content. (CVE-2008-0592) Users of\nfirefox are advised to upgrade to these updated packages, which\ncontain updated packages to resolve these issues.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=431732\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=431733\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=431739\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=431742\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=431748\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=431749\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=431751\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=431752\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=431756\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=432036\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=432040\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-February/007653.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?63627475\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-February/007654.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4225307a\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-February/007655.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5f2dbb08\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-February/007656.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ded22244\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-February/007657.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f7f870dd\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-February/007658.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a24c3429\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-February/007659.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3bc6d673\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-February/007660.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d6e3b3b7\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-February/007661.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e9ddf257\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-February/007662.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?382378d6\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-February/007663.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?86d0cc5c\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-February/007664.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8fa9b38c\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-February/007665.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4d5c6865\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-February/007666.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e6df462e\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(20, 22, 79, 94, 200, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:Miro\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:chmsee\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:devhelp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:epiphany\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:epiphany-extensions\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:galeon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:gnome-python2-extras\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:gtkmozembedmm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kazehakase\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:liferea\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:openvrml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:ruby-gnome2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:yelp\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/02/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/02/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/02/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 7.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC7\", reference:\"Miro-1.1-3.fc7\")) flag++;\nif (rpm_check(release:\"FC7\", reference:\"chmsee-1.0.0-1.28.fc7\")) flag++;\nif (rpm_check(release:\"FC7\", reference:\"devhelp-0.13-13.fc7\")) flag++;\nif (rpm_check(release:\"FC7\", reference:\"epiphany-2.18.3-6.fc7\")) flag++;\nif (rpm_check(release:\"FC7\", reference:\"epiphany-extensions-2.18.3-7\")) flag++;\nif (rpm_check(release:\"FC7\", reference:\"firefox-2.0.0.12-1.fc7\")) flag++;\nif (rpm_check(release:\"FC7\", reference:\"galeon-2.0.3-15.fc7\")) flag++;\nif (rpm_check(release:\"FC7\", reference:\"gnome-python2-extras-2.14.3-8.fc7\")) flag++;\nif (rpm_check(release:\"FC7\", reference:\"gtkmozembedmm-1.4.2.cvs20060817-15.fc7\")) flag++;\nif (rpm_check(release:\"FC7\", reference:\"kazehakase-0.5.2-1.fc7.2\")) flag++;\nif (rpm_check(release:\"FC7\", reference:\"liferea-1.4.9-2.fc7\")) flag++;\nif (rpm_check(release:\"FC7\", reference:\"openvrml-0.16.7-3.fc7\")) flag++;\nif (rpm_check(release:\"FC7\", reference:\"ruby-gnome2-0.16.0-21.fc7\")) flag++;\nif (rpm_check(release:\"FC7\", reference:\"yelp-2.18.1-9.fc7\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Miro / chmsee / devhelp / epiphany / epiphany-extensions / firefox / etc\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2018-04-09T11:41:14", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-0417", "CVE-2008-0412", "CVE-2008-0419", "CVE-2008-0593", "CVE-2008-0413", "CVE-2008-0418", "CVE-2008-0592", "CVE-2008-0415", "CVE-2008-0591"], "description": "Check for the Version of firefox", "modified": "2018-04-06T00:00:00", "published": "2009-02-27T00:00:00", "id": "OPENVAS:1361412562310880191", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880191", "type": "openvas", "title": "CentOS Update for firefox CESA-2008:0103 centos4 i386", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for firefox CESA-2008:0103 centos4 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Mozilla Firefox is an open source Web browser.\n\n Several flaws were found in the way Firefox processed certain malformed web\n content. A webpage containing malicious content could cause Firefox to\n crash, or potentially execute arbitrary code as the user running Firefox.\n (CVE-2008-0412, CVE-2008-0413, CVE-2008-0415, CVE-2008-0419)\n \n Several flaws were found in the way Firefox displayed malformed web\n content. A webpage containing specially-crafted content could trick a user\n into surrendering sensitive information. (CVE-2008-0591, CVE-2008-0593)\n \n A flaw was found in the way Firefox stored password data. If a user saves\n login information for a malicious website, it could be possible to corrupt\n the password database, preventing the user from properly accessing saved\n password data. (CVE-2008-0417)\n \n A flaw was found in the way Firefox handles certain chrome URLs. If a user\n has certain extensions installed, it could allow a malicious website to\n steal sensitive session data. Note: this flaw does not affect a default\n installation of Firefox. (CVE-2008-0418)\n \n A flaw was found in the way Firefox saves certain text files. If a\n website offers a file of type &quot;plain/text&quot;, rather than &quot;text/plain&quot;,\n Firefox will not show future &quot;text/plain&quot; content to the user in the\n browser, forcing them to save those files locally to view the content.\n (CVE-2008-0592) \n \n Users of firefox are advised to upgrade to these updated packages, which\n contain backported patches to resolve these issues.\";\n\ntag_affected = \"firefox on CentOS 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2008-February/014664.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880191\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 08:36:45 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2008:0103\");\n script_cve_id(\"CVE-2008-0412\", \"CVE-2008-0413\", \"CVE-2008-0415\", \"CVE-2008-0417\", \"CVE-2008-0418\", \"CVE-2008-0419\", \"CVE-2008-0591\", \"CVE-2008-0592\", \"CVE-2008-0593\");\n script_name( \"CentOS Update for firefox CESA-2008:0103 centos4 i386\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of firefox\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~1.5.0.12~0.10.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:57:09", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-0417", "CVE-2008-0412", "CVE-2008-0419", "CVE-2008-0593", "CVE-2008-0413", "CVE-2008-0418", "CVE-2008-0592", "CVE-2008-0415", "CVE-2008-0591"], "description": "Check for the Version of firefox", "modified": "2017-07-10T00:00:00", "published": "2009-02-27T00:00:00", "id": "OPENVAS:880161", "href": "http://plugins.openvas.org/nasl.php?oid=880161", "type": "openvas", "title": "CentOS Update for firefox CESA-2008:0103 centos4 x86_64", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for firefox CESA-2008:0103 centos4 x86_64\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Mozilla Firefox is an open source Web browser.\n\n Several flaws were found in the way Firefox processed certain malformed web\n content. A webpage containing malicious content could cause Firefox to\n crash, or potentially execute arbitrary code as the user running Firefox.\n (CVE-2008-0412, CVE-2008-0413, CVE-2008-0415, CVE-2008-0419)\n \n Several flaws were found in the way Firefox displayed malformed web\n content. A webpage containing specially-crafted content could trick a user\n into surrendering sensitive information. (CVE-2008-0591, CVE-2008-0593)\n \n A flaw was found in the way Firefox stored password data. If a user saves\n login information for a malicious website, it could be possible to corrupt\n the password database, preventing the user from properly accessing saved\n password data. (CVE-2008-0417)\n \n A flaw was found in the way Firefox handles certain chrome URLs. If a user\n has certain extensions installed, it could allow a malicious website to\n steal sensitive session data. Note: this flaw does not affect a default\n installation of Firefox. (CVE-2008-0418)\n \n A flaw was found in the way Firefox saves certain text files. If a\n website offers a file of type &quot;plain/text&quot;, rather than &quot;text/plain&quot;,\n Firefox will not show future &quot;text/plain&quot; content to the user in the\n browser, forcing them to save those files locally to view the content.\n (CVE-2008-0592) \n \n Users of firefox are advised to upgrade to these updated packages, which\n contain backported patches to resolve these issues.\";\n\ntag_affected = \"firefox on CentOS 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2008-February/014663.html\");\n script_id(880161);\n script_version(\"$Revision: 6651 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:45:21 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 08:36:45 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2008:0103\");\n script_cve_id(\"CVE-2008-0412\", \"CVE-2008-0413\", \"CVE-2008-0415\", \"CVE-2008-0417\", \"CVE-2008-0418\", \"CVE-2008-0419\", \"CVE-2008-0591\", \"CVE-2008-0592\", \"CVE-2008-0593\");\n script_name( \"CentOS Update for firefox CESA-2008:0103 centos4 x86_64\");\n\n script_summary(\"Check for the Version of firefox\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~1.5.0.12~0.10.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:40:11", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-0417", "CVE-2008-0412", "CVE-2008-0419", "CVE-2008-0593", "CVE-2008-0413", "CVE-2008-0418", "CVE-2008-0592", "CVE-2008-0415", "CVE-2008-0591"], "description": "Check for the Version of seamonkey", "modified": "2018-04-06T00:00:00", "published": "2009-02-27T00:00:00", "id": "OPENVAS:1361412562310880131", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880131", "type": "openvas", "title": "CentOS Update for seamonkey CESA-2008:0104-01 centos2 i386", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for seamonkey CESA-2008:0104-01 centos2 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"SeaMonkey is an open source Web browser, advanced email and newsgroup\n client, IRC chat client, and HTML editor.\n\n Several flaws were found in the way SeaMonkey processed certain malformed\n web content. A webpage containing malicious content could cause SeaMonkey\n to crash, or potentially execute arbitrary code as the user running\n SeaMonkey. (CVE-2008-0412, CVE-2008-0413, CVE-2008-0415, CVE-2008-0419)\n \n Several flaws were found in the way SeaMonkey displayed malformed web\n content. A webpage containing specially-crafted content could trick a user\n into surrendering sensitive information. (CVE-2008-0591, CVE-2008-0593)\n \n A flaw was found in the way SeaMonkey stored password data. If a user\n saves login information for a malicious website, it could be possible\n to corrupt the password database, preventing the user from properly\n accessing saved password data. (CVE-2008-0417)\n \n A flaw was found in the way SeaMonkey handles certain chrome URLs. If a\n user has certain extensions installed, it could allow a malicious website\n to steal sensitive session data. Note: this flaw does not affect a default\n installation of SeaMonkey. (CVE-2008-0418)\n \n A flaw was found in the way SeaMonkey saves certain text files. If a\n website offers a file of type &quot;plain/text&quot;, rather than &quot;text/plain&quot;,\n SeaMonkey will not show future &quot;text/plain&quot; content to the user in the\n browser, forcing them to save those files locally to view the content.\n (CVE-2008-0592)\n \n Users of SeaMonkey are advised to upgrade to these updated packages, which\n contain backported patches to resolve these issues.\";\n\ntag_affected = \"seamonkey on CentOS 2\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2008-February/014682.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880131\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 08:36:45 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2008:0104-01\");\n script_cve_id(\"CVE-2008-0412\", \"CVE-2008-0413\", \"CVE-2008-0415\", \"CVE-2008-0417\", \"CVE-2008-0418\", \"CVE-2008-0419\", \"CVE-2008-0591\", \"CVE-2008-0592\", \"CVE-2008-0593\");\n script_name( \"CentOS Update for seamonkey CESA-2008:0104-01 centos2 i386\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of seamonkey\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS2\")\n{\n\n if ((res = isrpmvuln(pkg:\"seamonkey\", rpm:\"seamonkey~1.0.9~0.9.el2.c2.1\", rls:\"CentOS2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-chat\", rpm:\"seamonkey-chat~1.0.9~0.9.el2.c2.1\", rls:\"CentOS2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-devel\", rpm:\"seamonkey-devel~1.0.9~0.9.el2.c2.1\", rls:\"CentOS2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-dom-inspector\", rpm:\"seamonkey-dom-inspector~1.0.9~0.9.el2.c2.1\", rls:\"CentOS2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-js-debugger\", rpm:\"seamonkey-js-debugger~1.0.9~0.9.el2.c2.1\", rls:\"CentOS2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-mail\", rpm:\"seamonkey-mail~1.0.9~0.9.el2.c2.1\", rls:\"CentOS2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nspr\", rpm:\"seamonkey-nspr~1.0.9~0.9.el2.c2.1\", rls:\"CentOS2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nspr-devel\", rpm:\"seamonkey-nspr-devel~1.0.9~0.9.el2.c2.1\", rls:\"CentOS2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nss\", rpm:\"seamonkey-nss~1.0.9~0.9.el2.c2.1\", rls:\"CentOS2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nss-devel\", rpm:\"seamonkey-nss-devel~1.0.9~0.9.el2.c2.1\", rls:\"CentOS2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:56:03", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-0417", "CVE-2008-0412", "CVE-2008-0419", "CVE-2008-0593", "CVE-2008-0413", "CVE-2008-0418", "CVE-2008-0592", "CVE-2008-0415", "CVE-2008-0591"], "description": "Check for the Version of seamonkey", "modified": "2017-07-10T00:00:00", "published": "2009-02-27T00:00:00", "id": "OPENVAS:880017", "href": "http://plugins.openvas.org/nasl.php?oid=880017", "type": "openvas", "title": "CentOS Update for seamonkey CESA-2008:0104 centos4 x86_64", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for seamonkey CESA-2008:0104 centos4 x86_64\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"SeaMonkey is an open source Web browser, advanced email and newsgroup\n client, IRC chat client, and HTML editor.\n\n Several flaws were found in the way SeaMonkey processed certain malformed\n web content. A webpage containing malicious content could cause SeaMonkey\n to crash, or potentially execute arbitrary code as the user running\n SeaMonkey. (CVE-2008-0412, CVE-2008-0413, CVE-2008-0415, CVE-2008-0419)\n \n Several flaws were found in the way SeaMonkey displayed malformed web\n content. A webpage containing specially-crafted content could trick a user\n into surrendering sensitive information. (CVE-2008-0591, CVE-2008-0593)\n \n A flaw was found in the way SeaMonkey stored password data. If a user\n saves login information for a malicious website, it could be possible\n to corrupt the password database, preventing the user from properly\n accessing saved password data. (CVE-2008-0417)\n \n A flaw was found in the way SeaMonkey handles certain chrome URLs. If a\n user has certain extensions installed, it could allow a malicious website\n to steal sensitive session data. Note: this flaw does not affect a default\n installation of SeaMonkey. (CVE-2008-0418)\n \n A flaw was found in the way SeaMonkey saves certain text files. If a\n website offers a file of type &quot;plain/text&quot;, rather than &quot;text/plain&quot;,\n SeaMonkey will not show future &quot;text/plain&quot; content to the user in the\n browser, forcing them to save those files locally to view the content.\n (CVE-2008-0592)\n \n Users of SeaMonkey are advised to upgrade to these updated packages, which\n contain backported patches to resolve these issues.\";\n\ntag_affected = \"seamonkey on CentOS 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2008-February/014667.html\");\n script_id(880017);\n script_version(\"$Revision: 6651 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:45:21 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 08:36:45 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2008:0104\");\n script_cve_id(\"CVE-2008-0412\", \"CVE-2008-0413\", \"CVE-2008-0415\", \"CVE-2008-0417\", \"CVE-2008-0418\", \"CVE-2008-0419\", \"CVE-2008-0591\", \"CVE-2008-0592\", \"CVE-2008-0593\");\n script_name( \"CentOS Update for seamonkey CESA-2008:0104 centos4 x86_64\");\n\n script_summary(\"Check for the Version of seamonkey\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"seamonkey\", rpm:\"seamonkey~1.0.9~9.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-chat\", rpm:\"seamonkey-chat~1.0.9~9.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-devel\", rpm:\"seamonkey-devel~1.0.9~9.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-dom-inspector\", rpm:\"seamonkey-dom-inspector~1.0.9~9.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-js-debugger\", rpm:\"seamonkey-js-debugger~1.0.9~9.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-mail\", rpm:\"seamonkey-mail~1.0.9~9.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nspr\", rpm:\"seamonkey-nspr~1.0.9~9.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nspr-devel\", rpm:\"seamonkey-nspr-devel~1.0.9~9.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nss\", rpm:\"seamonkey-nss~1.0.9~9.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nss-devel\", rpm:\"seamonkey-nss-devel~1.0.9~9.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:38:38", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-0417", "CVE-2008-0412", "CVE-2008-0419", "CVE-2008-0593", "CVE-2008-0413", "CVE-2008-0418", "CVE-2008-0592", "CVE-2008-0415", "CVE-2008-0591"], "description": "Check for the Version of seamonkey", "modified": "2018-04-06T00:00:00", "published": "2009-02-27T00:00:00", "id": "OPENVAS:1361412562310880022", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880022", "type": "openvas", "title": "CentOS Update for seamonkey CESA-2008:0104 centos4 i386", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for seamonkey CESA-2008:0104 centos4 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"SeaMonkey is an open source Web browser, advanced email and newsgroup\n client, IRC chat client, and HTML editor.\n\n Several flaws were found in the way SeaMonkey processed certain malformed\n web content. A webpage containing malicious content could cause SeaMonkey\n to crash, or potentially execute arbitrary code as the user running\n SeaMonkey. (CVE-2008-0412, CVE-2008-0413, CVE-2008-0415, CVE-2008-0419)\n \n Several flaws were found in the way SeaMonkey displayed malformed web\n content. A webpage containing specially-crafted content could trick a user\n into surrendering sensitive information. (CVE-2008-0591, CVE-2008-0593)\n \n A flaw was found in the way SeaMonkey stored password data. If a user\n saves login information for a malicious website, it could be possible\n to corrupt the password database, preventing the user from properly\n accessing saved password data. (CVE-2008-0417)\n \n A flaw was found in the way SeaMonkey handles certain chrome URLs. If a\n user has certain extensions installed, it could allow a malicious website\n to steal sensitive session data. Note: this flaw does not affect a default\n installation of SeaMonkey. (CVE-2008-0418)\n \n A flaw was found in the way SeaMonkey saves certain text files. If a\n website offers a file of type &quot;plain/text&quot;, rather than &quot;text/plain&quot;,\n SeaMonkey will not show future &quot;text/plain&quot; content to the user in the\n browser, forcing them to save those files locally to view the content.\n (CVE-2008-0592)\n \n Users of SeaMonkey are advised to upgrade to these updated packages, which\n contain backported patches to resolve these issues.\";\n\ntag_affected = \"seamonkey on CentOS 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2008-February/014668.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880022\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 08:36:45 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2008:0104\");\n script_cve_id(\"CVE-2008-0412\", \"CVE-2008-0413\", \"CVE-2008-0415\", \"CVE-2008-0417\", \"CVE-2008-0418\", \"CVE-2008-0419\", \"CVE-2008-0591\", \"CVE-2008-0592\", \"CVE-2008-0593\");\n script_name( \"CentOS Update for seamonkey CESA-2008:0104 centos4 i386\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of seamonkey\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"seamonkey\", rpm:\"seamonkey~1.0.9~9.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-chat\", rpm:\"seamonkey-chat~1.0.9~9.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-devel\", rpm:\"seamonkey-devel~1.0.9~9.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-dom-inspector\", rpm:\"seamonkey-dom-inspector~1.0.9~9.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-js-debugger\", rpm:\"seamonkey-js-debugger~1.0.9~9.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-mail\", rpm:\"seamonkey-mail~1.0.9~9.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nspr\", rpm:\"seamonkey-nspr~1.0.9~9.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nspr-devel\", rpm:\"seamonkey-nspr-devel~1.0.9~9.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nss\", rpm:\"seamonkey-nss~1.0.9~9.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nss-devel\", rpm:\"seamonkey-nss-devel~1.0.9~9.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:56:45", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-0417", "CVE-2008-0412", "CVE-2008-0419", "CVE-2008-0593", "CVE-2008-0413", "CVE-2008-0418", "CVE-2008-0592", "CVE-2008-0415", "CVE-2008-0591"], "description": "Check for the Version of firefox", "modified": "2017-07-10T00:00:00", "published": "2009-02-27T00:00:00", "id": "OPENVAS:880157", "href": "http://plugins.openvas.org/nasl.php?oid=880157", "type": "openvas", "title": "CentOS Update for firefox CESA-2008:0103 centos5 x86_64", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for firefox CESA-2008:0103 centos5 x86_64\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Mozilla Firefox is an open source Web browser.\n\n Several flaws were found in the way Firefox processed certain malformed web\n content. A webpage containing malicious content could cause Firefox to\n crash, or potentially execute arbitrary code as the user running Firefox.\n (CVE-2008-0412, CVE-2008-0413, CVE-2008-0415, CVE-2008-0419)\n \n Several flaws were found in the way Firefox displayed malformed web\n content. A webpage containing specially-crafted content could trick a user\n into surrendering sensitive information. (CVE-2008-0591, CVE-2008-0593)\n \n A flaw was found in the way Firefox stored password data. If a user saves\n login information for a malicious website, it could be possible to corrupt\n the password database, preventing the user from properly accessing saved\n password data. (CVE-2008-0417)\n \n A flaw was found in the way Firefox handles certain chrome URLs. If a user\n has certain extensions installed, it could allow a malicious website to\n steal sensitive session data. Note: this flaw does not affect a default\n installation of Firefox. (CVE-2008-0418)\n \n A flaw was found in the way Firefox saves certain text files. If a\n website offers a file of type &quot;plain/text&quot;, rather than &quot;text/plain&quot;,\n Firefox will not show future &quot;text/plain&quot; content to the user in the\n browser, forcing them to save those files locally to view the content.\n (CVE-2008-0592) \n \n Users of firefox are advised to upgrade to these updated packages, which\n contain backported patches to resolve these issues.\";\n\ntag_affected = \"firefox on CentOS 5\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2008-February/014669.html\");\n script_id(880157);\n script_version(\"$Revision: 6651 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:45:21 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 08:36:45 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2008:0103\");\n script_cve_id(\"CVE-2008-0412\", \"CVE-2008-0413\", \"CVE-2008-0415\", \"CVE-2008-0417\", \"CVE-2008-0418\", \"CVE-2008-0419\", \"CVE-2008-0591\", \"CVE-2008-0592\", \"CVE-2008-0593\");\n script_name( \"CentOS Update for firefox CESA-2008:0103 centos5 x86_64\");\n\n script_summary(\"Check for the Version of firefox\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~1.5.0.12~9.el5.centos\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-devel\", rpm:\"firefox-devel~1.5.0.12~9.el5.centos\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:40:17", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-0417", "CVE-2008-0412", "CVE-2008-0419", "CVE-2008-0593", "CVE-2008-0413", "CVE-2008-0418", "CVE-2008-0592", "CVE-2008-0415", "CVE-2008-0591"], "description": "Check for the Version of firefox", "modified": "2018-04-06T00:00:00", "published": "2009-02-27T00:00:00", "id": "OPENVAS:1361412562310880164", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880164", "type": "openvas", "title": "CentOS Update for firefox CESA-2008:0103 centos3 x86_64", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for firefox CESA-2008:0103 centos3 x86_64\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Mozilla Firefox is an open source Web browser.\n\n Several flaws were found in the way Firefox processed certain malformed web\n content. A webpage containing malicious content could cause Firefox to\n crash, or potentially execute arbitrary code as the user running Firefox.\n (CVE-2008-0412, CVE-2008-0413, CVE-2008-0415, CVE-2008-0419)\n \n Several flaws were found in the way Firefox displayed malformed web\n content. A webpage containing specially-crafted content could trick a user\n into surrendering sensitive information. (CVE-2008-0591, CVE-2008-0593)\n \n A flaw was found in the way Firefox stored password data. If a user saves\n login information for a malicious website, it could be possible to corrupt\n the password database, preventing the user from properly accessing saved\n password data. (CVE-2008-0417)\n \n A flaw was found in the way Firefox handles certain chrome URLs. If a user\n has certain extensions installed, it could allow a malicious website to\n steal sensitive session data. Note: this flaw does not affect a default\n installation of Firefox. (CVE-2008-0418)\n \n A flaw was found in the way Firefox saves certain text files. If a\n website offers a file of type &quot;plain/text&quot;, rather than &quot;text/plain&quot;,\n Firefox will not show future &quot;text/plain&quot; content to the user in the\n browser, forcing them to save those files locally to view the content.\n (CVE-2008-0592) \n \n Users of firefox are advised to upgrade to these updated packages, which\n contain backported patches to resolve these issues.\";\n\ntag_affected = \"firefox on CentOS 3\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2008-February/014678.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880164\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 08:36:45 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2008:0103\");\n script_cve_id(\"CVE-2008-0412\", \"CVE-2008-0413\", \"CVE-2008-0415\", \"CVE-2008-0417\", \"CVE-2008-0418\", \"CVE-2008-0419\", \"CVE-2008-0591\", \"CVE-2008-0592\", \"CVE-2008-0593\");\n script_name( \"CentOS Update for firefox CESA-2008:0103 centos3 x86_64\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of firefox\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS3\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~1.5.0.12~0.10.el4.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:56:52", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-0417", "CVE-2008-0412", "CVE-2008-0419", "CVE-2008-0593", "CVE-2008-0413", "CVE-2008-0418", "CVE-2008-0592", "CVE-2008-0415", "CVE-2008-0591"], "description": "Check for the Version of seamonkey", "modified": "2017-07-10T00:00:00", "published": "2009-02-27T00:00:00", "id": "OPENVAS:880036", "href": "http://plugins.openvas.org/nasl.php?oid=880036", "type": "openvas", "title": "CentOS Update for seamonkey CESA-2008:0104 centos3 i386", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for seamonkey CESA-2008:0104 centos3 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"SeaMonkey is an open source Web browser, advanced email and newsgroup\n client, IRC chat client, and HTML editor.\n\n Several flaws were found in the way SeaMonkey processed certain malformed\n web content. A webpage containing malicious content could cause SeaMonkey\n to crash, or potentially execute arbitrary code as the user running\n SeaMonkey. (CVE-2008-0412, CVE-2008-0413, CVE-2008-0415, CVE-2008-0419)\n \n Several flaws were found in the way SeaMonkey displayed malformed web\n content. A webpage containing specially-crafted content could trick a user\n into surrendering sensitive information. (CVE-2008-0591, CVE-2008-0593)\n \n A flaw was found in the way SeaMonkey stored password data. If a user\n saves login information for a malicious website, it could be possible\n to corrupt the password database, preventing the user from properly\n accessing saved password data. (CVE-2008-0417)\n \n A flaw was found in the way SeaMonkey handles certain chrome URLs. If a\n user has certain extensions installed, it could allow a malicious website\n to steal sensitive session data. Note: this flaw does not affect a default\n installation of SeaMonkey. (CVE-2008-0418)\n \n A flaw was found in the way SeaMonkey saves certain text files. If a\n website offers a file of type &quot;plain/text&quot;, rather than &quot;text/plain&quot;,\n SeaMonkey will not show future &quot;text/plain&quot; content to the user in the\n browser, forcing them to save those files locally to view the content.\n (CVE-2008-0592)\n \n Users of SeaMonkey are advised to upgrade to these updated packages, which\n contain backported patches to resolve these issues.\";\n\ntag_affected = \"seamonkey on CentOS 3\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2008-February/014661.html\");\n script_id(880036);\n script_version(\"$Revision: 6651 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:45:21 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 08:36:45 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2008:0104\");\n script_cve_id(\"CVE-2008-0412\", \"CVE-2008-0413\", \"CVE-2008-0415\", \"CVE-2008-0417\", \"CVE-2008-0418\", \"CVE-2008-0419\", \"CVE-2008-0591\", \"CVE-2008-0592\", \"CVE-2008-0593\");\n script_name( \"CentOS Update for seamonkey CESA-2008:0104 centos3 i386\");\n\n script_summary(\"Check for the Version of seamonkey\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS3\")\n{\n\n if ((res = isrpmvuln(pkg:\"seamonkey\", rpm:\"seamonkey~1.0.9~0.9.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-chat\", rpm:\"seamonkey-chat~1.0.9~0.9.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-devel\", rpm:\"seamonkey-devel~1.0.9~0.9.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-dom-inspector\", rpm:\"seamonkey-dom-inspector~1.0.9~0.9.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-js-debugger\", rpm:\"seamonkey-js-debugger~1.0.9~0.9.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-mail\", rpm:\"seamonkey-mail~1.0.9~0.9.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nspr\", rpm:\"seamonkey-nspr~1.0.9~0.9.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nspr-devel\", rpm:\"seamonkey-nspr-devel~1.0.9~0.9.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nss\", rpm:\"seamonkey-nss~1.0.9~0.9.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nss-devel\", rpm:\"seamonkey-nss-devel~1.0.9~0.9.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:40:30", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-0417", "CVE-2008-0412", "CVE-2008-0419", "CVE-2008-0593", "CVE-2008-0413", "CVE-2008-0418", "CVE-2008-0592", "CVE-2008-0415", "CVE-2008-0591"], "description": "Check for the Version of firefox", "modified": "2018-04-06T00:00:00", "published": "2009-02-27T00:00:00", "id": "OPENVAS:1361412562310880157", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880157", "type": "openvas", "title": "CentOS Update for firefox CESA-2008:0103 centos5 x86_64", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for firefox CESA-2008:0103 centos5 x86_64\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Mozilla Firefox is an open source Web browser.\n\n Several flaws were found in the way Firefox processed certain malformed web\n content. A webpage containing malicious content could cause Firefox to\n crash, or potentially execute arbitrary code as the user running Firefox.\n (CVE-2008-0412, CVE-2008-0413, CVE-2008-0415, CVE-2008-0419)\n \n Several flaws were found in the way Firefox displayed malformed web\n content. A webpage containing specially-crafted content could trick a user\n into surrendering sensitive information. (CVE-2008-0591, CVE-2008-0593)\n \n A flaw was found in the way Firefox stored password data. If a user saves\n login information for a malicious website, it could be possible to corrupt\n the password database, preventing the user from properly accessing saved\n password data. (CVE-2008-0417)\n \n A flaw was found in the way Firefox handles certain chrome URLs. If a user\n has certain extensions installed, it could allow a malicious website to\n steal sensitive session data. Note: this flaw does not affect a default\n installation of Firefox. (CVE-2008-0418)\n \n A flaw was found in the way Firefox saves certain text files. If a\n website offers a file of type &quot;plain/text&quot;, rather than &quot;text/plain&quot;,\n Firefox will not show future &quot;text/plain&quot; content to the user in the\n browser, forcing them to save those files locally to view the content.\n (CVE-2008-0592) \n \n Users of firefox are advised to upgrade to these updated packages, which\n contain backported patches to resolve these issues.\";\n\ntag_affected = \"firefox on CentOS 5\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2008-February/014669.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880157\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 08:36:45 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2008:0103\");\n script_cve_id(\"CVE-2008-0412\", \"CVE-2008-0413\", \"CVE-2008-0415\", \"CVE-2008-0417\", \"CVE-2008-0418\", \"CVE-2008-0419\", \"CVE-2008-0591\", \"CVE-2008-0592\", \"CVE-2008-0593\");\n script_name( \"CentOS Update for firefox CESA-2008:0103 centos5 x86_64\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of firefox\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~1.5.0.12~9.el5.centos\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-devel\", rpm:\"firefox-devel~1.5.0.12~9.el5.centos\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:56:37", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-0417", "CVE-2008-0412", "CVE-2008-0419", "CVE-2008-0593", "CVE-2008-0413", "CVE-2008-0418", "CVE-2008-0592", "CVE-2008-0415", "CVE-2008-0591"], "description": "Check for the Version of seamonkey", "modified": "2017-07-10T00:00:00", "published": "2009-02-27T00:00:00", "id": "OPENVAS:880131", "href": "http://plugins.openvas.org/nasl.php?oid=880131", "type": "openvas", "title": "CentOS Update for seamonkey CESA-2008:0104-01 centos2 i386", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for seamonkey CESA-2008:0104-01 centos2 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"SeaMonkey is an open source Web browser, advanced email and newsgroup\n client, IRC chat client, and HTML editor.\n\n Several flaws were found in the way SeaMonkey processed certain malformed\n web content. A webpage containing malicious content could cause SeaMonkey\n to crash, or potentially execute arbitrary code as the user running\n SeaMonkey. (CVE-2008-0412, CVE-2008-0413, CVE-2008-0415, CVE-2008-0419)\n \n Several flaws were found in the way SeaMonkey displayed malformed web\n content. A webpage containing specially-crafted content could trick a user\n into surrendering sensitive information. (CVE-2008-0591, CVE-2008-0593)\n \n A flaw was found in the way SeaMonkey stored password data. If a user\n saves login information for a malicious website, it could be possible\n to corrupt the password database, preventing the user from properly\n accessing saved password data. (CVE-2008-0417)\n \n A flaw was found in the way SeaMonkey handles certain chrome URLs. If a\n user has certain extensions installed, it could allow a malicious website\n to steal sensitive session data. Note: this flaw does not affect a default\n installation of SeaMonkey. (CVE-2008-0418)\n \n A flaw was found in the way SeaMonkey saves certain text files. If a\n website offers a file of type &quot;plain/text&quot;, rather than &quot;text/plain&quot;,\n SeaMonkey will not show future &quot;text/plain&quot; content to the user in the\n browser, forcing them to save those files locally to view the content.\n (CVE-2008-0592)\n \n Users of SeaMonkey are advised to upgrade to these updated packages, which\n contain backported patches to resolve these issues.\";\n\ntag_affected = \"seamonkey on CentOS 2\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2008-February/014682.html\");\n script_id(880131);\n script_version(\"$Revision: 6651 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:45:21 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 08:36:45 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2008:0104-01\");\n script_cve_id(\"CVE-2008-0412\", \"CVE-2008-0413\", \"CVE-2008-0415\", \"CVE-2008-0417\", \"CVE-2008-0418\", \"CVE-2008-0419\", \"CVE-2008-0591\", \"CVE-2008-0592\", \"CVE-2008-0593\");\n script_name( \"CentOS Update for seamonkey CESA-2008:0104-01 centos2 i386\");\n\n script_summary(\"Check for the Version of seamonkey\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS2\")\n{\n\n if ((res = isrpmvuln(pkg:\"seamonkey\", rpm:\"seamonkey~1.0.9~0.9.el2.c2.1\", rls:\"CentOS2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-chat\", rpm:\"seamonkey-chat~1.0.9~0.9.el2.c2.1\", rls:\"CentOS2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-devel\", rpm:\"seamonkey-devel~1.0.9~0.9.el2.c2.1\", rls:\"CentOS2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-dom-inspector\", rpm:\"seamonkey-dom-inspector~1.0.9~0.9.el2.c2.1\", rls:\"CentOS2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-js-debugger\", rpm:\"seamonkey-js-debugger~1.0.9~0.9.el2.c2.1\", rls:\"CentOS2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-mail\", rpm:\"seamonkey-mail~1.0.9~0.9.el2.c2.1\", rls:\"CentOS2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nspr\", rpm:\"seamonkey-nspr~1.0.9~0.9.el2.c2.1\", rls:\"CentOS2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nspr-devel\", rpm:\"seamonkey-nspr-devel~1.0.9~0.9.el2.c2.1\", rls:\"CentOS2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nss\", rpm:\"seamonkey-nss~1.0.9~0.9.el2.c2.1\", rls:\"CentOS2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nss-devel\", rpm:\"seamonkey-nss-devel~1.0.9~0.9.el2.c2.1\", rls:\"CentOS2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "fedora": [{"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2008-0412", "CVE-2008-0413", "CVE-2008-0414", "CVE-2008-0415", "CVE-2008-0417", "CVE-2008-0418", "CVE-2008-0419", "CVE-2008-0591", "CVE-2008-0592", "CVE-2008-0593"], "description": "SeaMonkey is an all-in-one Internet application suite. It includes a browser, mail/news client, IRC client, JavaScript debugger, and a tool to inspect the DOM for web pages. It is derived from the application formerly known as Mozilla Application Suite. ", "modified": "2008-02-13T15:10:50", "published": "2008-02-13T15:10:50", "id": "FEDORA:M1DFACWB003439", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 7 Update: seamonkey-1.1.8-1.fc7", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2008-0412", "CVE-2008-0413", "CVE-2008-0414", "CVE-2008-0415", "CVE-2008-0417", "CVE-2008-0418", "CVE-2008-0419", "CVE-2008-0591", "CVE-2008-0592", "CVE-2008-0593"], "description": "SeaMonkey is an all-in-one Internet application suite. It includes a browser, mail/news client, IRC client, JavaScript debugger, and a tool to inspect the DOM for web pages. It is derived from the application formerly known as Mozilla Application Suite. ", "modified": "2008-02-13T04:53:43", "published": "2008-02-13T04:53:43", "id": "FEDORA:M1D4QHXF004158", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 8 Update: seamonkey-1.1.8-1.fc8", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2008-0412", "CVE-2008-0413", "CVE-2008-0414", "CVE-2008-0415", "CVE-2008-0417", "CVE-2008-0418", "CVE-2008-0419", "CVE-2008-0591", "CVE-2008-0592", "CVE-2008-0593", "CVE-2008-0594"], "description": "Epiphany Extensions is a collection of extensions for Epiphany, the GNOME web browser. ", "modified": "2008-02-13T04:51:06", "published": "2008-02-13T04:51:06", "id": "FEDORA:M1D4PHXN003988", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 7 Update: epiphany-extensions-2.18.3-7", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2008-0412", "CVE-2008-0413", "CVE-2008-0414", "CVE-2008-0415", "CVE-2008-0417", "CVE-2008-0418", "CVE-2008-0419", "CVE-2008-0591", "CVE-2008-0592", "CVE-2008-0593", "CVE-2008-0594"], "description": "The gnome-python-extra package contains the source packages for additional Python bindings for GNOME. It should be used together with gnome-python. ", "modified": "2008-02-13T05:04:58", "published": "2008-02-13T05:04:58", "id": "FEDORA:M1D559RQ005480", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 8 Update: gnome-python2-extras-2.19.1-12.fc8", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2008-0412", "CVE-2008-0413", "CVE-2008-0414", "CVE-2008-0415", "CVE-2008-0417", "CVE-2008-0418", "CVE-2008-0419", "CVE-2008-0591", "CVE-2008-0592", "CVE-2008-0593", "CVE-2008-0594"], "description": "gnome-web-photo contains a thumbnailer that will be used by GNOME applicati ons, including the file manager, to generate screenshots of web pages. ", "modified": "2008-02-13T05:04:58", "published": "2008-02-13T05:04:58", "id": "FEDORA:M1D559HV005482", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 8 Update: gnome-web-photo-0.3-8.fc8", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2008-0412", "CVE-2008-0413", "CVE-2008-0414", "CVE-2008-0415", "CVE-2008-0417", "CVE-2008-0418", "CVE-2008-0419", "CVE-2008-0591", "CVE-2008-0592", "CVE-2008-0593", "CVE-2008-0594"], "description": "Miro is a free application that turns your computer into an internet TV video player. This release is still a beta version, which means that there are some bugs, but we're moving quickly to fix them and will be releasing bug fixes on a regular basis. ", "modified": "2008-02-13T04:51:06", "published": "2008-02-13T04:51:06", "id": "FEDORA:M1D4PHXT003988", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 7 Update: Miro-1.1-3.fc7", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2008-0412", "CVE-2008-0413", "CVE-2008-0414", "CVE-2008-0415", "CVE-2008-0417", "CVE-2008-0418", "CVE-2008-0419", "CVE-2008-0591", "CVE-2008-0592", "CVE-2008-0593", "CVE-2008-0594"], "description": "Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability. ", "modified": "2008-02-13T04:51:06", "published": "2008-02-13T04:51:06", "id": "FEDORA:M1D4PHXO003988", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 7 Update: firefox-2.0.0.12-1.fc7", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2008-0412", "CVE-2008-0413", "CVE-2008-0414", "CVE-2008-0415", "CVE-2008-0417", "CVE-2008-0418", "CVE-2008-0419", "CVE-2008-0591", "CVE-2008-0592", "CVE-2008-0593", "CVE-2008-0594"], "description": "An API document browser for GNOME 2. ", "modified": "2008-02-13T05:04:58", "published": "2008-02-13T05:04:58", "id": "FEDORA:M1D559RN005480", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 8 Update: devhelp-0.16.1-5.fc8", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2008-0412", "CVE-2008-0413", "CVE-2008-0414", "CVE-2008-0415", "CVE-2008-0417", "CVE-2008-0418", "CVE-2008-0419", "CVE-2008-0591", "CVE-2008-0592", "CVE-2008-0593", "CVE-2008-0594"], "description": "This package provides a C++/gtkmm wrapper for GtkMozEmbed from Mozilla 1.4.x to 1.7.x. The wrapper provides a convenient interface for C++ programmers to use the Gtkmozembed HTML-rendering widget inside their software. ", "modified": "2008-02-13T04:51:06", "published": "2008-02-13T04:51:06", "id": "FEDORA:M1D4PHXP003988", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 7 Update: gtkmozembedmm-1.4.2.cvs20060817-15.fc7", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2008-0412", "CVE-2008-0413", "CVE-2008-0414", "CVE-2008-0415", "CVE-2008-0417", "CVE-2008-0418", "CVE-2008-0419", "CVE-2008-0591", "CVE-2008-0592", "CVE-2008-0593", "CVE-2008-0594"], "description": "epiphany is a simple GNOME web browser based on the Mozilla rendering engine. ", "modified": "2008-02-13T05:04:58", "published": "2008-02-13T05:04:58", "id": "FEDORA:M1D559RO005480", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 8 Update: epiphany-2.20.2-3.fc8", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "redhat": [{"lastseen": "2019-12-11T13:32:12", "bulletinFamily": "unix", "cvelist": ["CVE-2008-0412", "CVE-2008-0413", "CVE-2008-0415", "CVE-2008-0416", "CVE-2008-0417", "CVE-2008-0418", "CVE-2008-0419", "CVE-2008-0420", "CVE-2008-0591", "CVE-2008-0592", "CVE-2008-0593"], "description": "Mozilla Firefox is an open source Web browser.\r\n\r\nSeveral flaws were found in the way Firefox processed certain malformed web\r\ncontent. A webpage containing malicious content could cause Firefox to\r\ncrash, or potentially execute arbitrary code as the user running Firefox.\r\n(CVE-2008-0412, CVE-2008-0413, CVE-2008-0415, CVE-2008-0419)\r\n\r\nSeveral flaws were found in the way Firefox displayed malformed web\r\ncontent. A webpage containing specially-crafted content could trick a user\r\ninto surrendering sensitive information. (CVE-2008-0591, CVE-2008-0593)\r\n\r\nA flaw was found in the way Firefox stored password data. If a user saves\r\nlogin information for a malicious website, it could be possible to corrupt\r\nthe password database, preventing the user from properly accessing saved\r\npassword data. (CVE-2008-0417)\r\n\r\nA flaw was found in the way Firefox handles certain chrome URLs. If a user\r\nhas certain extensions installed, it could allow a malicious website to\r\nsteal sensitive session data. Note: this flaw does not affect a default\r\ninstallation of Firefox. (CVE-2008-0418)\r\n\r\nA flaw was found in the way Firefox saves certain text files. If a\r\nwebsite offers a file of type \"plain/text\", rather than \"text/plain\",\r\nFirefox will not show future \"text/plain\" content to the user in the\r\nbrowser, forcing them to save those files locally to view the content.\r\n(CVE-2008-0592) \r\n\r\nUsers of firefox are advised to upgrade to these updated packages, which\r\ncontain backported patches to resolve these issues.", "modified": "2017-09-08T11:53:52", "published": "2008-02-07T05:00:00", "id": "RHSA-2008:0103", "href": "https://access.redhat.com/errata/RHSA-2008:0103", "type": "redhat", "title": "(RHSA-2008:0103) Critical: firefox security update", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:28", "bulletinFamily": "software", "cvelist": ["CVE-2008-0417", "CVE-2008-0412", "CVE-2008-0419", "CVE-2008-0594", "CVE-2008-0593", "CVE-2008-0413", "CVE-2008-0418", "CVE-2008-0592", "CVE-2008-0414", "CVE-2008-0415", "CVE-2008-0591"], "description": "Multiple memory corruptions, input focus stealing, code execution, stored information corruption, directory traversal, information leaks, dialog spoffing.", "edition": 1, "modified": "2008-02-11T00:00:00", "published": "2008-02-11T00:00:00", "id": "SECURITYVULNS:VULN:8648", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:8648", "title": "Mozilla Firefox / Thunderbird / Seamonkey multiple security vulonerabilities", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:35:19", "bulletinFamily": "unix", "cvelist": ["CVE-2008-0417", "CVE-2008-0412", "CVE-2008-0419", "CVE-2008-0593", "CVE-2008-0413", "CVE-2008-0418", "CVE-2008-0416", "CVE-2008-0592", "CVE-2008-0420", "CVE-2008-0415", "CVE-2008-0591"], "description": " [1.5.0.12-9.0.1]\n - Added Oracle specific links into default bookmarks\n \n [1.5.0.12-9]\n - Update to latest snapshot of Mozilla 1.8.0 branch\n - Added a patch with backported fixes from 1.8.1.12 ", "edition": 4, "modified": "2008-02-08T00:00:00", "published": "2008-02-08T00:00:00", "id": "ELSA-2008-0103", "href": "http://linux.oracle.com/errata/ELSA-2008-0103.html", "title": "Critical: firefox security update ", "type": "oraclelinux", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "suse": [{"lastseen": "2016-09-04T12:16:12", "bulletinFamily": "unix", "cvelist": ["CVE-2008-0417", "CVE-2008-0412", "CVE-2008-0419", "CVE-2008-0594", "CVE-2008-0593", "CVE-2008-0413", "CVE-2008-0418", "CVE-2008-0592", "CVE-2008-0414", "CVE-2008-0415", "CVE-2008-0591"], "description": "The web browser Mozilla Firefox has been brought to security update version 2.0.0.12.\n#### Solution\nThere is no known workaround, please install the update packages.", "edition": 1, "modified": "2008-02-15T17:07:07", "published": "2008-02-15T17:07:07", "id": "SUSE-SA:2008:008", "href": "http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00006.html", "title": "remote code execution in MozillaFirefox,seamonkey", "type": "suse", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "centos": [{"lastseen": "2020-07-17T03:28:33", "bulletinFamily": "unix", "cvelist": ["CVE-2008-0417", "CVE-2008-0412", "CVE-2008-0419", "CVE-2008-0593", "CVE-2008-0413", "CVE-2008-0418", "CVE-2008-0416", "CVE-2008-0592", "CVE-2008-0420", "CVE-2008-0415", "CVE-2008-0591"], "description": "**CentOS Errata and Security Advisory** CESA-2008:0103\n\n\nMozilla Firefox is an open source Web browser.\r\n\r\nSeveral flaws were found in the way Firefox processed certain malformed web\r\ncontent. A webpage containing malicious content could cause Firefox to\r\ncrash, or potentially execute arbitrary code as the user running Firefox.\r\n(CVE-2008-0412, CVE-2008-0413, CVE-2008-0415, CVE-2008-0419)\r\n\r\nSeveral flaws were found in the way Firefox displayed malformed web\r\ncontent. A webpage containing specially-crafted content could trick a user\r\ninto surrendering sensitive information. (CVE-2008-0591, CVE-2008-0593)\r\n\r\nA flaw was found in the way Firefox stored password data. If a user saves\r\nlogin information for a malicious website, it could be possible to corrupt\r\nthe password database, preventing the user from properly accessing saved\r\npassword data. (CVE-2008-0417)\r\n\r\nA flaw was found in the way Firefox handles certain chrome URLs. If a user\r\nhas certain extensions installed, it could allow a malicious website to\r\nsteal sensitive session data. Note: this flaw does not affect a default\r\ninstallation of Firefox. (CVE-2008-0418)\r\n\r\nA flaw was found in the way Firefox saves certain text files. If a\r\nwebsite offers a file of type \"plain/text\", rather than \"text/plain\",\r\nFirefox will not show future \"text/plain\" content to the user in the\r\nbrowser, forcing them to save those files locally to view the content.\r\n(CVE-2008-0592) \r\n\r\nUsers of firefox are advised to upgrade to these updated packages, which\r\ncontain backported patches to resolve these issues.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2008-February/026701.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-February/026702.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-February/026707.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-February/026708.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-February/026713.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-February/026715.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-February/026716.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-February/026719.html\n\n**Affected packages:**\nfirefox\nfirefox-devel\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2008-0103.html", "edition": 7, "modified": "2008-02-10T16:37:51", "published": "2008-02-08T19:18:05", "href": "http://lists.centos.org/pipermail/centos-announce/2008-February/026701.html", "id": "CESA-2008:0103", "title": "firefox security update", "type": "centos", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "debian": [{"lastseen": "2020-11-11T13:11:48", "bulletinFamily": "unix", "cvelist": ["CVE-2008-0417", "CVE-2008-0412", "CVE-2008-0419", "CVE-2008-0594", "CVE-2008-0593", "CVE-2008-0413", "CVE-2008-0418", "CVE-2008-0592", "CVE-2008-0414", "CVE-2008-0415", "CVE-2008-0591"], "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-1506-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nFebruary 24, 2008 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : iceape\nVulnerability : several\nProblem-Type : remote\nDebian-specific: no\nCVE ID : CVE-2008-0412 CVE-2008-0413 CVE-2008-0414 CVE-2008-0415\n CVE-2008-0417 CVE-2008-0418 CVE-2008-0419 CVE-2008-0591\n CVE-2008-0592 CVE-2008-0593 CVE-2008-0594\n\nSeveral remote vulnerabilities have been discovered in the Iceape internet\nsuite, an unbranded version of the Seamonkey Internet Suite. The Common\nVulnerabilities and Exposures project identifies the following problems:\n\nCVE-2008-0412\n\n Jesse Ruderman, Kai Engert, Martijn Wargers, Mats Palmgren and Paul\n Nickerson discovered crashes in the layout engine, which might allow\n the execution of arbitrary code.\n\nCVE-2008-0413\n\n Carsten Book, Wesley Garland, Igor Bukanov, &quot;moz_bug_r_a4&quot;, &quot;shutdown&quot;,\n Philip Taylor and &quot;tgirmann&quot; discovered crashes in the Javascript\n engine, which might allow the execution of arbitrary code.\n\nCVE-2008-0414\n\n &quot;hong&quot; and Gregory Fleisher discovered that file input focus\n vulnerabilities in the file upload control could allow information\n disclosure of local files.\n\nCVE-2008-0415\n\n &quot;moz_bug_r_a4&quot; and Boris Zbarsky discovered discovered several\n vulnerabilities in Javascript handling, which could allow\n privilege escalation.\n\nCVE-2008-0417\n\n Justin Dolske discovered that the password storage machanism could\n be abused by malicious web sites to corrupt existing saved passwords.\n\nCVE-2008-0418\n\n Gerry Eisenhaur and &quot;moz_bug_r_a4&quot; discovered that a directory\n traversal vulnerability in chrome: URI handling could lead to\n information disclosure.\n\nCVE-2008-0419\n\n David Bloom discovered a race condition in the image handling of\n designMode elements, which can lead to information disclosure or\n potentially the execution of arbitrary code.\n\nCVE-2008-0591\n\n Michal Zalewski discovered that timers protecting security-sensitive\n dialogs (which disable dialog elements until a timeout is reached)\n could be bypassed by window focus changes through Javascript.\n\nCVE-2008-0592\n\n It was discovered that malformed content declarations of saved\n attachments could prevent a user in the opening local files\n with a &quot;.txt&quot; file name, resulting in minor denial of service.\n\nCVE-2008-0593\n\n Martin Straka discovered that insecure stylesheet handling during\n redirects could lead to information disclosure.\n\nCVE-2008-0594\n\n Emil Ljungdahl and Lars-Olof Moilanen discovered that phishing\n protections could be bypassed with &lt;div&gt; elements.\n\nFor the stable distribution (etch), these problems have been fixed in\nversion 1.0.12~pre080131b-0etch1.\n\nThe Mozilla releases from the old stable distribution (sarge) are no\nlonger supported with security updates.\n\nWe recommend that you upgrade your iceape packages.\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian 4.0 (stable)\n- -------------------\n\nStable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/i/iceape/iceape_1.0.12~pre080131b.orig.tar.gz\n Size/MD5 checksum: 43535826 39071cd311888d73254336b782109776\n http://security.debian.org/pool/updates/main/i/iceape/iceape_1.0.12~pre080131b-0etch1.dsc\n Size/MD5 checksum: 1439 eaee68845cb7d4660609f6c47ac01666\n http://security.debian.org/pool/updates/main/i/iceape/iceape_1.0.12~pre080131b-0etch1.diff.gz\n Size/MD5 checksum: 269895 fb6e3c3d3bc4a94773c1b4921fdb42d6\n\nArchitecture independent packages:\n\n http://security.debian.org/pool/updates/main/i/iceape/mozilla_1.8+1.0.12~pre080131b-0etch1_all.deb\n Size/MD5 checksum: 27208 91bbb99fad75c41e2df1170749014288\n http://security.debian.org/pool/updates/main/i/iceape/mozilla-calendar_1.8+1.0.12~pre080131b-0etch1_all.deb\n Size/MD5 checksum: 27210 0233d457074aa58542b8662c2a54c48a\n http://security.debian.org/pool/updates/main/i/iceape/mozilla-js-debugger_1.8+1.0.12~pre080131b-0etch1_all.deb\n Size/MD5 checksum: 27244 51f7e38462c1f39e0c662e4b58eca43a\n http://security.debian.org/pool/updates/main/i/iceape/iceape-chatzilla_1.0.12~pre080131b-0etch1_all.deb\n Size/MD5 checksum: 281870 1e8faf69c0bbf186f1a6c1d199646ce6\n http://security.debian.org/pool/updates/main/i/iceape/iceape-dev_1.0.12~pre080131b-0etch1_all.deb\n Size/MD5 checksum: 3927248 df30ff32e825d5ceb1630025a7d0ef88\n http://security.debian.org/pool/updates/main/i/iceape/mozilla-dom-inspector_1.8+1.0.12~pre080131b-0etch1_all.deb\n Size/MD5 checksum: 27248 2b1e9711c1e80b9651b88e3dc19d4b76\n http://security.debian.org/pool/updates/main/i/iceape/iceape_1.0.12~pre080131b-0etch1_all.deb\n Size/MD5 checksum: 28614 20c852fc8104981654bd6227a0602375\n http://security.debian.org/pool/updates/main/i/iceape/mozilla-chatzilla_1.8+1.0.12~pre080131b-0etch1_all.deb\n Size/MD5 checksum: 27232 97c0a7e4b71cc083c711086dd160322a\n http://security.debian.org/pool/updates/main/i/iceape/mozilla-dev_1.8+1.0.12~pre080131b-0etch1_all.deb\n Size/MD5 checksum: 27348 ad7233b5d98e1557cdc190d9cf6746df\n http://security.debian.org/pool/updates/main/i/iceape/mozilla-mailnews_1.8+1.0.12~pre080131b-0etch1_all.deb\n Size/MD5 checksum: 27236 8ae02d5d250866771250e19e5bb967bb\n http://security.debian.org/pool/updates/main/i/iceape/mozilla-psm_1.8+1.0.12~pre080131b-0etch1_all.deb\n Size/MD5 checksum: 27220 6035bbc507f4fc30a0564aa18c5a3a98\n http://security.debian.org/pool/updates/main/i/iceape/mozilla-browser_1.8+1.0.12~pre080131b-0etch1_all.deb\n Size/MD5 checksum: 28186 4997ba36f2c9aacf25eb9c41bf104d6f\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.12~pre080131b-0etch1_alpha.deb\n Size/MD5 checksum: 197832 c2be45e20e6834b19969e125925622a1\n http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.12~pre080131b-0etch1_alpha.deb\n Size/MD5 checksum: 60612536 5fbbf1f26498f361c0aadc0535bdee92\n http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.12~pre080131b-0etch1_alpha.deb\n Size/MD5 checksum: 53952 ef80eea66f161134bc52d0cdbf985f51\n http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.12~pre080131b-0etch1_alpha.deb\n Size/MD5 checksum: 626136 542e77b2a6ad52a40d29ecafa76c15a7\n http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.12~pre080131b-0etch1_alpha.deb\n Size/MD5 checksum: 2282858 e915238d369b469d5911e10d92be0e99\n http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.12~pre080131b-0etch1_alpha.deb\n Size/MD5 checksum: 12884578 9b5912dc643b38e5d3120d34d8685f16\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.12~pre080131b-0etch1_amd64.deb\n Size/MD5 checksum: 59608524 146775d1bd21250e027006f9dbf90d6f\n http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.12~pre080131b-0etch1_amd64.deb\n Size/MD5 checksum: 613832 6cb81b62325770fd1e2590908d0afda7\n http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.12~pre080131b-0etch1_amd64.deb\n Size/MD5 checksum: 195048 2ccb3800e4edcd8510d707a9ac4a5d7e\n http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.12~pre080131b-0etch1_amd64.deb\n Size/MD5 checksum: 11687282 2fc3db14be5dd03b082497ab6f9ffc36\n http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.12~pre080131b-0etch1_amd64.deb\n Size/MD5 checksum: 53366 8789d8dd06e30ce580ab37e94ec1d44b\n http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.12~pre080131b-0etch1_amd64.deb\n Size/MD5 checksum: 2099654 99aef23fe234563ce99f3d8ce89b02d2\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.12~pre080131b-0etch1_arm.deb\n Size/MD5 checksum: 1916734 bdda1babe619d6f11429f1fb813fc347\n http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.12~pre080131b-0etch1_arm.deb\n Size/MD5 checksum: 10421094 4cf350729bfeff5f0a6edba041e72be7\n http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.12~pre080131b-0etch1_arm.deb\n Size/MD5 checksum: 58769074 99504f3ad7121ed31583e3c77c3086e2\n http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.12~pre080131b-0etch1_arm.deb\n Size/MD5 checksum: 586096 4c1e372a14bcbe1ec4b3046be24ced89\n http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.12~pre080131b-0etch1_arm.deb\n Size/MD5 checksum: 186930 33820091037a0e30e4271e8c8c462ff9\n http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.12~pre080131b-0etch1_arm.deb\n Size/MD5 checksum: 47526 5244fa8a247df56a3f14c364107dc5b8\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.12~pre080131b-0etch1_hppa.deb\n Size/MD5 checksum: 60480238 50ee40317fd63bd0c7d04022e21f8f76\n http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.12~pre080131b-0etch1_hppa.deb\n Size/MD5 checksum: 2340460 70af4c1cfbd089e6a2ad548d1553093b\n http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.12~pre080131b-0etch1_hppa.deb\n Size/MD5 checksum: 12958476 f2acc587b4c985c6ea939ed1bba53de9\n http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.12~pre080131b-0etch1_hppa.deb\n Size/MD5 checksum: 615240 7e3158df6d488c6b0bfe7827cfce37ed\n http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.12~pre080131b-0etch1_hppa.deb\n Size/MD5 checksum: 54444 c7ddb1f77645cd60689dbb7a5c4b2768\n http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.12~pre080131b-0etch1_hppa.deb\n Size/MD5 checksum: 198108 967170dcf4a4a1d6687d2d0b55edaec8\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.12~pre080131b-0etch1_i386.deb\n Size/MD5 checksum: 1891212 ba923a32b2a34a9299cb4d5a8bad2d77\n http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.12~pre080131b-0etch1_i386.deb\n Size/MD5 checksum: 10469782 994f4b0fd8e4bd9af76fe013c7123bdc\n http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.12~pre080131b-0etch1_i386.deb\n Size/MD5 checksum: 588886 5856c66a12bf5a984668743b8b366cee\n http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.12~pre080131b-0etch1_i386.deb\n Size/MD5 checksum: 189766 ee9064d51a33a035b7a46de44d80249d\n http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.12~pre080131b-0etch1_i386.deb\n Size/MD5 checksum: 58697388 299a8786d15d0abb99d7fc6fe4b87b7f\n http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.12~pre080131b-0etch1_i386.deb\n Size/MD5 checksum: 48438 de1f808e760ee3ca502efb8276875fbf\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.12~pre080131b-0etch1_ia64.deb\n Size/MD5 checksum: 661876 a673cbf8efb0be476d2cd23dc514704a\n http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.12~pre080131b-0etch1_ia64.deb\n Size/MD5 checksum: 61898 cccd1556f5ee674a2c2f6ddf71522b39\n http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.12~pre080131b-0etch1_ia64.deb\n Size/MD5 checksum: 59883340 f6ee758cb0b235682f20e2e22edd870a\n http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.12~pre080131b-0etch1_ia64.deb\n Size/MD5 checksum: 2817080 c0adbe387222eedf4d5cf7eff91a4657\n http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.12~pre080131b-0etch1_ia64.deb\n Size/MD5 checksum: 204694 8aa8c681d136482bd2cda6563eacbfb9\n http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.12~pre080131b-0etch1_ia64.deb\n Size/MD5 checksum: 15783590 960303c76c2be69aad2e4b7bfe4f542e\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.12~pre080131b-0etch1_mips.deb\n Size/MD5 checksum: 61481346 66bc2a72517409d5334bc0ba40be51fd\n http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.12~pre080131b-0etch1_mips.deb\n Size/MD5 checksum: 599404 ff50ca675b598da75eb7f3ab08d34ee6\n http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.12~pre080131b-0etch1_mips.deb\n Size/MD5 checksum: 11154048 bd1cb7c5bc7136fd644eb9c87e7181b7\n http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.12~pre080131b-0etch1_mips.deb\n Size/MD5 checksum: 1959202 7eb50924f7400d84008edffd0e9d6413\n http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.12~pre080131b-0etch1_mips.deb\n Size/MD5 checksum: 49884 80c1be2a4afb6ce7bf9fc785901704dd\n http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.12~pre080131b-0etch1_mips.deb\n Size/MD5 checksum: 190950 006169fb68cb210f51fe52090be5050e\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.12~pre080131b-0etch1_mipsel.deb\n Size/MD5 checksum: 49768 42593decc9887241317c87567f8223b1\n http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.12~pre080131b-0etch1_mipsel.deb\n Size/MD5 checksum: 191194 78f3b008208527bf214ed516e85b13f3\n http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.12~pre080131b-0etch1_mipsel.deb\n Size/MD5 checksum: 59840612 0118b96a4f8d82286b8d5ccc946b6c0d\n http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.12~pre080131b-0etch1_mipsel.deb\n Size/MD5 checksum: 10905670 9874cc963f87d284d927d467eafc8c2f\n http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.12~pre080131b-0etch1_mipsel.deb\n Size/MD5 checksum: 595920 3024870501878bf13254165af3ac9686\n http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.12~pre080131b-0etch1_mipsel.deb\n Size/MD5 checksum: 1942002 130b8ab791ae8591e22d9635362bf202\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.12~pre080131b-0etch1_powerpc.deb\n Size/MD5 checksum: 49232 e526eb3de3861503a826593f582f2932\n http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.12~pre080131b-0etch1_powerpc.deb\n Size/MD5 checksum: 596206 da0aa1d500d126ef390da42e3b3bc973\n http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.12~pre080131b-0etch1_powerpc.deb\n Size/MD5 checksum: 192018 6278d2517e0d32b3e5c42aa2f0010aef\n http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.12~pre080131b-0etch1_powerpc.deb\n Size/MD5 checksum: 61613310 b6b25ed7a498f98c3908efb7bd185e0a\n http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.12~pre080131b-0etch1_powerpc.deb\n Size/MD5 checksum: 2006468 3253d618628235a609417783309079aa\n http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.12~pre080131b-0etch1_powerpc.deb\n Size/MD5 checksum: 11304736 186491b14177328e4cdcc2c0599bee48\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.12~pre080131b-0etch1_s390.deb\n Size/MD5 checksum: 53962 937cb4b85e25812c189fde886a9ae8b8\n http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.12~pre080131b-0etch1_s390.deb\n Size/MD5 checksum: 196854 e838b4c9820b202ba25da00adca529e8\n http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.12~pre080131b-0etch1_s390.deb\n Size/MD5 checksum: 12282708 04c09a3bbbe96035301ffa3fa427d2e2\n http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.12~pre080131b-0etch1_s390.deb\n Size/MD5 checksum: 60369160 80e463d3e1abe4c6f2e44084c0af1cc6\n http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.12~pre080131b-0etch1_s390.deb\n Size/MD5 checksum: 611658 d51e50f35fa7f644e68719bd3c3e1cde\n http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.12~pre080131b-0etch1_s390.deb\n Size/MD5 checksum: 2185818 4b702edba4ac2c7e85a22f499250fd40\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.12~pre080131b-0etch1_sparc.deb\n Size/MD5 checksum: 1895872 2eb1f20b00c11d4f4330016aaa827d55\n http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.12~pre080131b-0etch1_sparc.deb\n Size/MD5 checksum: 10652974 8ea3ab5df7323a302c0b9441222fb407\n http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.12~pre080131b-0etch1_sparc.deb\n Size/MD5 checksum: 58513948 a455a4a30f354129f5ab3441fcb422af\n http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.12~pre080131b-0etch1_sparc.deb\n Size/MD5 checksum: 585296 a57295461949681a7628c2c0aa603ccb\n http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.12~pre080131b-0etch1_sparc.deb\n Size/MD5 checksum: 48038 5cba2cf78058d6dd4609cb895961298d\n http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.12~pre080131b-0etch1_sparc.deb\n Size/MD5 checksum: 189644 bdc3c7725fed05757a888de08a4fa959\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show &lt;pkg&gt;&#x27; and http://packages.debian.org/&lt;pkg&gt;\n", "edition": 3, "modified": "2008-02-24T12:30:57", "published": "2008-02-24T12:30:57", "id": "DEBIAN:DSA-1506-1:BBA3D", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2008/msg00070.html", "title": "[SECURITY] [DSA 1506-1] New iceape packages fix several vulnerabilities", "type": "debian", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-11-11T13:30:53", "bulletinFamily": "unix", "cvelist": ["CVE-2008-0417", "CVE-2008-0412", "CVE-2008-0419", "CVE-2008-0594", "CVE-2008-0593", "CVE-2008-0413", "CVE-2008-0418", "CVE-2008-0592", "CVE-2008-0414", "CVE-2008-0415", "CVE-2008-0591"], "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-1506-2 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nMarch 20, 2008 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : iceape\nVulnerability : several\nProblem-Type : remote\nDebian-specific: no\nCVE ID : CVE-2008-0412 CVE-2008-0413 CVE-2008-0414 CVE-2008-0415\n CVE-2008-0417 CVE-2008-0418 CVE-2008-0419 CVE-2008-0591\n CVE-2008-0592 CVE-2008-0593 CVE-2008-0594\n\nA regression has been fixed in iceape&#x27;s frame handling code. For\nreference you can find the original update below:\n\nSeveral remote vulnerabilities have been discovered in the Iceape internet\nsuite, an unbranded version of the Seamonkey Internet Suite. The Common\nVulnerabilities and Exposures project identifies the following problems:\n\nCVE-2008-0412\n\n Jesse Ruderman, Kai Engert, Martijn Wargers, Mats Palmgren and Paul\n Nickerson discovered crashes in the layout engine, which might allow\n the execution of arbitrary code.\n\nCVE-2008-0413\n\n Carsten Book, Wesley Garland, Igor Bukanov, &quot;moz_bug_r_a4&quot;, &quot;shutdown&quot;,\n Philip Taylor and &quot;tgirmann&quot; discovered crashes in the Javascript\n engine, which might allow the execution of arbitrary code.\n\nCVE-2008-0414\n\n &quot;hong&quot; and Gregory Fleisher discovered that file input focus\n vulnerabilities in the file upload control could allow information\n disclosure of local files.\n\nCVE-2008-0415\n\n &quot;moz_bug_r_a4&quot; and Boris Zbarsky discovered discovered several\n vulnerabilities in Javascript handling, which could allow\n privilege escalation.\n\nCVE-2008-0417\n\n Justin Dolske discovered that the password storage machanism could\n be abused by malicious web sites to corrupt existing saved passwords.\n\nCVE-2008-0418\n\n Gerry Eisenhaur and &quot;moz_bug_r_a4&quot; discovered that a directory\n traversal vulnerability in chrome: URI handling could lead to\n information disclosure.\n\nCVE-2008-0419\n\n David Bloom discovered a race condition in the image handling of\n designMode elements, which can lead to information disclosure or\n potentially the execution of arbitrary code.\n\nCVE-2008-0591\n\n Michal Zalewski discovered that timers protecting security-sensitive\n dialogs (which disable dialog elements until a timeout is reached)\n could be bypassed by window focus changes through Javascript.\n\nCVE-2008-0592\n\n It was discovered that malformed content declarations of saved\n attachments could prevent a user in the opening local files\n with a &quot;.txt&quot; file name, resulting in minor denial of service.\n\nCVE-2008-0593\n\n Martin Straka discovered that insecure stylesheet handling during\n redirects could lead to information disclosure.\n\nCVE-2008-0594\n\n Emil Ljungdahl and Lars-Olof Moilanen discovered that phishing\n protections could be bypassed with &lt;div&gt; elements.\n\nFor the stable distribution (etch), these problems have been fixed in\nversion 1.0.12~pre080131b-0etch2.\n\nThe Mozilla releases from the old stable distribution (sarge) are no\nlonger supported with security updates.\n\nWe recommend that you upgrade your iceape packages.\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian 4.0 (stable)\n- -------------------\n\nStable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/i/iceape/iceape_1.0.12~pre080131b-0etch2.diff.gz\n Size/MD5 checksum: 270995 2a621606e7f50a736f0d071ade4fd52f\n http://security.debian.org/pool/updates/main/i/iceape/iceape_1.0.12~pre080131b.orig.tar.gz\n Size/MD5 checksum: 43535826 39071cd311888d73254336b782109776\n http://security.debian.org/pool/updates/main/i/iceape/iceape_1.0.12~pre080131b-0etch2.dsc\n Size/MD5 checksum: 1439 9763d1c74ce4301f14acbefbd9f5f49b\n\nArchitecture independent packages:\n\n http://security.debian.org/pool/updates/main/i/iceape/iceape-dev_1.0.12~pre080131b-0etch2_all.deb\n Size/MD5 checksum: 3927430 ecd67a579a7de22c58812f101a3f8798\n http://security.debian.org/pool/updates/main/i/iceape/mozilla-psm_1.8+1.0.12~pre080131b-0etch2_all.deb\n Size/MD5 checksum: 27352 cebcf83eac35b663e96d742a8ce0e22d\n http://security.debian.org/pool/updates/main/i/iceape/mozilla-js-debugger_1.8+1.0.12~pre080131b-0etch2_all.deb\n Size/MD5 checksum: 27380 f7e68700518fe223b0a7847250065c8a\n http://security.debian.org/pool/updates/main/i/iceape/mozilla-dom-inspector_1.8+1.0.12~pre080131b-0etch2_all.deb\n Size/MD5 checksum: 27392 852ff0430f7dda87f29ebf6115142c00\n http://security.debian.org/pool/updates/main/i/iceape/mozilla-browser_1.8+1.0.12~pre080131b-0etch2_all.deb\n Size/MD5 checksum: 28318 c365320890c3a5ed1d9b8229092b3261\n http://security.debian.org/pool/updates/main/i/iceape/mozilla-dev_1.8+1.0.12~pre080131b-0etch2_all.deb\n Size/MD5 checksum: 27482 48d6bd50aabed44772e41da31e2659e7\n http://security.debian.org/pool/updates/main/i/iceape/mozilla_1.8+1.0.12~pre080131b-0etch2_all.deb\n Size/MD5 checksum: 27344 27da10e92c699333d85a40f9b8b82677\n http://security.debian.org/pool/updates/main/i/iceape/mozilla-mailnews_1.8+1.0.12~pre080131b-0etch2_all.deb\n Size/MD5 checksum: 27370 d4385a93519282c9c23df59a2d96961f\n http://security.debian.org/pool/updates/main/i/iceape/mozilla-calendar_1.8+1.0.12~pre080131b-0etch2_all.deb\n Size/MD5 checksum: 27350 4ad38b881319986efeb536575e113294\n http://security.debian.org/pool/updates/main/i/iceape/iceape-chatzilla_1.0.12~pre080131b-0etch2_all.deb\n Size/MD5 checksum: 282046 df765c828f73a254837fe2ac4a26990c\n http://security.debian.org/pool/updates/main/i/iceape/mozilla-chatzilla_1.8+1.0.12~pre080131b-0etch2_all.deb\n Size/MD5 checksum: 27364 6e76df8b5fc4f1a26da126f67b991c32\n http://security.debian.org/pool/updates/main/i/iceape/iceape_1.0.12~pre080131b-0etch2_all.deb\n Size/MD5 checksum: 28756 f008166db261ee31e99c280268c0c97f\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.12~pre080131b-0etch2_alpha.deb\n Size/MD5 checksum: 626242 119f2bb9ea10019aaf93a6da91af9f6f\n http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.12~pre080131b-0etch2_alpha.deb\n Size/MD5 checksum: 60612096 57fec5b1481c06363aab65970f501e39\n http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.12~pre080131b-0etch2_alpha.deb\n Size/MD5 checksum: 2282966 722ade6b1062b8f1282a7bad0be58f5c\n http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.12~pre080131b-0etch2_alpha.deb\n Size/MD5 checksum: 54116 25799cb038e973b0adef00131aa1dd6d\n http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.12~pre080131b-0etch2_alpha.deb\n Size/MD5 checksum: 12885116 fd8028f357f5c12623854ca10df81f43\n http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.12~pre080131b-0etch2_alpha.deb\n Size/MD5 checksum: 197954 5fd16ec58f64705c38b4cf8a908d11e5\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.12~pre080131b-0etch2_amd64.deb\n Size/MD5 checksum: 195202 08c6a3b849b7181400bf3638079f3442\n http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.12~pre080131b-0etch2_amd64.deb\n Size/MD5 checksum: 59609120 56bffd191157a8f8e4b0bbd3d143d571\n http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.12~pre080131b-0etch2_amd64.deb\n Size/MD5 checksum: 11687018 8a1f2af506bfeaad0b10fe66dd7dfd33\n http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.12~pre080131b-0etch2_amd64.deb\n Size/MD5 checksum: 613980 5f0bf1273ca35408b524463a20235592\n http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.12~pre080131b-0etch2_amd64.deb\n Size/MD5 checksum: 2099746 544fda8f60b6914b81be215008b87da7\n http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.12~pre080131b-0etch2_amd64.deb\n Size/MD5 checksum: 53516 5f9e6648023ee92e9a4de1c4b75be2e2\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.12~pre080131b-0etch2_arm.deb\n Size/MD5 checksum: 186994 2e6fe57a3b3651304afd19e7824d3f5c\n http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.12~pre080131b-0etch2_arm.deb\n Size/MD5 checksum: 10421172 40ff90ee1fbaa2fc4d1fbab6072485b4\n http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.12~pre080131b-0etch2_arm.deb\n Size/MD5 checksum: 58769568 b5f93f47e50fcd0fcdef16ceae742d13\n http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.12~pre080131b-0etch2_arm.deb\n Size/MD5 checksum: 1916830 39c250546337814cafb6b99376688fca\n http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.12~pre080131b-0etch2_arm.deb\n Size/MD5 checksum: 586310 b67e34b1919b7effb4c307ccbeab942e\n http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.12~pre080131b-0etch2_arm.deb\n Size/MD5 checksum: 47628 ebed30f79a3601c7daef49660661ad82\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.12~pre080131b-0etch2_hppa.deb\n Size/MD5 checksum: 54578 1f3439b60f505b153b13c297747419eb\n http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.12~pre080131b-0etch2_hppa.deb\n Size/MD5 checksum: 2340648 3ab9d1562c560c7b9df184a38f9a6a11\n http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.12~pre080131b-0etch2_hppa.deb\n Size/MD5 checksum: 615328 f023c06e4cff0f8d76b41d0096469d3a\n http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.12~pre080131b-0etch2_hppa.deb\n Size/MD5 checksum: 198252 a3a83f5be255320f2020d80df098dca9\n http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.12~pre080131b-0etch2_hppa.deb\n Size/MD5 checksum: 12958594 f88a9c7c2f21c7d8ab6c01419f0cea7f\n http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.12~pre080131b-0etch2_hppa.deb\n Size/MD5 checksum: 60479784 4c74b76cbf9032ffccb5294a93c17641\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.12~pre080131b-0etch2_i386.deb\n Size/MD5 checksum: 48572 cb473d812b961898fef36d16bab876ff\n http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.12~pre080131b-0etch2_i386.deb\n Size/MD5 checksum: 589088 5d671f8a6419358536a20b8d88c38ddf\n http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.12~pre080131b-0etch2_i386.deb\n Size/MD5 checksum: 10470634 83a3b24130b0300c6c05ebc9dbb3844c\n http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.12~pre080131b-0etch2_i386.deb\n Size/MD5 checksum: 189910 6f6659128de512017cf29ca9c30a166a\n http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.12~pre080131b-0etch2_i386.deb\n Size/MD5 checksum: 58697514 16d427016239a37293ed07e6ac26cc50\n http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.12~pre080131b-0etch2_i386.deb\n Size/MD5 checksum: 1891518 875b689733c2d8fe806ba836e29eb324\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.12~pre080131b-0etch2_ia64.deb\n Size/MD5 checksum: 2817188 76070b2545ca8cab7d49bfa31375c587\n http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.12~pre080131b-0etch2_ia64.deb\n Size/MD5 checksum: 15784184 cfba69a4ce574d82ecf5f3242d1f58dc\n http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.12~pre080131b-0etch2_ia64.deb\n Size/MD5 checksum: 661962 446e3cb79b36ca09e887a9e0ceb3a855\n http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.12~pre080131b-0etch2_ia64.deb\n Size/MD5 checksum: 62036 f619b963fbf6647837e31f7b1b4adbc4\n http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.12~pre080131b-0etch2_ia64.deb\n Size/MD5 checksum: 204852 8ce30a3bcdd7c8344771ea5c9e333a1b\n http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.12~pre080131b-0etch2_ia64.deb\n Size/MD5 checksum: 59883636 95627f56e1033f33150f1f9d376003ef\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.12~pre080131b-0etch2_mips.deb\n Size/MD5 checksum: 191112 5906efb6ca3dbe054e906f7b22f08437\n http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.12~pre080131b-0etch2_mips.deb\n Size/MD5 checksum: 61481162 3fd870051ce1abb7d9f4f21795ed26f3\n http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.12~pre080131b-0etch2_mips.deb\n Size/MD5 checksum: 11153962 ff7b7663327bee5dc0047e1e19e86144\n http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.12~pre080131b-0etch2_mips.deb\n Size/MD5 checksum: 1959382 907240b378aa04bc7303b86920dc0ad0\n http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.12~pre080131b-0etch2_mips.deb\n Size/MD5 checksum: 599576 fd0e3eaf3a9c2f0a8bccf9f0d86c9ec8\n http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.12~pre080131b-0etch2_mips.deb\n Size/MD5 checksum: 50040 3aca9ae6ee5a6ae8f1aa84c5db300c88\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.12~pre080131b-0etch2_mipsel.deb\n Size/MD5 checksum: 191354 7eaf6aacbafbd0a4fdf44e7236c0938a\n http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.12~pre080131b-0etch2_mipsel.deb\n Size/MD5 checksum: 49888 b292f596100550bebfa995d5257d9b94\n http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.12~pre080131b-0etch2_mipsel.deb\n Size/MD5 checksum: 59840188 850f4ce08b0844e113e9484d45599f4b\n http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.12~pre080131b-0etch2_mipsel.deb\n Size/MD5 checksum: 1942296 f0debfbf60133383ac7cd6283651981a\n http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.12~pre080131b-0etch2_mipsel.deb\n Size/MD5 checksum: 596036 6a83b253c357e53c2328d21465b0d86c\n http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.12~pre080131b-0etch2_mipsel.deb\n Size/MD5 checksum: 10906082 2283d8b033adae277eb068df1bb04934\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.12~pre080131b-0etch2_powerpc.deb\n Size/MD5 checksum: 2006544 e50dbd0672c095d1e17441eff098da90\n http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.12~pre080131b-0etch2_powerpc.deb\n Size/MD5 checksum: 61612928 d68c54f558206a0494b7e9120ddd66fb\n http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.12~pre080131b-0etch2_powerpc.deb\n Size/MD5 checksum: 49364 6589fb88dcdc36db56fcc558682353ce\n http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.12~pre080131b-0etch2_powerpc.deb\n Size/MD5 checksum: 11304980 7fb0499168a1507a9a137fc45ae57ba1\n http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.12~pre080131b-0etch2_powerpc.deb\n Size/MD5 checksum: 596288 143f9b6509e38ae9c7a70d3450b6c962\n http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.12~pre080131b-0etch2_powerpc.deb\n Size/MD5 checksum: 192164 3f981a2dc64f14c66ee30e4178df2da1\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.12~pre080131b-0etch2_s390.deb\n Size/MD5 checksum: 60369514 fa3b32d386daf6fb0ce1f7d0b20840c7\n http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.12~pre080131b-0etch2_s390.deb\n Size/MD5 checksum: 2185920 820309b77fcf5ac32c157e3708e6b5e2\n http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.12~pre080131b-0etch2_s390.deb\n Size/MD5 checksum: 611780 d7e128a4914cf2a65a84e742b106ff24\n http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.12~pre080131b-0etch2_s390.deb\n Size/MD5 checksum: 54086 b3a90c69d912cea90c1478e3448f4616\n http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.12~pre080131b-0etch2_s390.deb\n Size/MD5 checksum: 197022 4613b8a9f393a8d6e950c6b2a0ecd1e6\n http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.12~pre080131b-0etch2_s390.deb\n Size/MD5 checksum: 12282472 96018b365bde6cb21ce2b822e8d68c9a\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.12~pre080131b-0etch2_sparc.deb\n Size/MD5 checksum: 585406 1205a79d265d0851ab47c422cf6fd9e6\n http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.12~pre080131b-0etch2_sparc.deb\n Size/MD5 checksum: 58513920 c86edaca6caf4c2313d602e0f5bacbc9\n http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.12~pre080131b-0etch2_sparc.deb\n Size/MD5 checksum: 189800 2eee769a043e3e8ab62ea64558982ee5\n http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.12~pre080131b-0etch2_sparc.deb\n Size/MD5 checksum: 10653162 7672a64a0aded3237d111ddefcc16030\n http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.12~pre080131b-0etch2_sparc.deb\n Size/MD5 checksum: 48158 1c3dbec97e1a32319e37a6fdcd1272ab\n http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.12~pre080131b-0etch2_sparc.deb\n Size/MD5 checksum: 1896086 775e67f07235627084efa3f7a1850327\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show &lt;pkg&gt;&#x27; and http://packages.debian.org/&lt;pkg&gt;\n", "edition": 3, "modified": "2008-03-20T01:41:27", "published": "2008-03-20T01:41:27", "id": "DEBIAN:DSA-1506-2:54D82", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2008/msg00092.html", "title": "[SECURITY] [DSA 1506-2] New iceape packages fix regression", "type": "debian", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}]}