CentOS Update for thunderbird CESA-2011:1438 centos5 x86_64
2012-07-30T00:00:00
ID OPENVAS:881378 Type openvas Reporter Copyright (c) 2012 Greenbone Networks GmbH Modified 2018-01-01T00:00:00
Description
Check for the Version of thunderbird
###############################################################################
# OpenVAS Vulnerability Test
#
# CentOS Update for thunderbird CESA-2011:1438 centos5 x86_64
#
# Authors:
# System Generated Check
#
# Copyright:
# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
include("revisions-lib.inc");
tag_insight = "Mozilla Thunderbird is a standalone mail and newsgroup client.
A cross-site scripting (XSS) flaw was found in the way Thunderbird handled
certain multibyte character sets. Malicious, remote content could cause
Thunderbird to run JavaScript code with the permissions of different remote
content. (CVE-2011-3648)
Note: This issue cannot be exploited by a specially-crafted HTML mail
message as JavaScript is disabled by default for mail messages. It could be
exploited another way in Thunderbird, for example, when viewing the full
remote content of an RSS feed.
All Thunderbird users should upgrade to this updated package, which
resolves this issue. All running instances of Thunderbird must be restarted
for the update to take effect.";
tag_affected = "thunderbird on CentOS 5";
tag_solution = "Please Install the Updated Packages.";
if(description)
{
script_xref(name : "URL" , value : "http://lists.centos.org/pipermail/centos-announce/2011-November/018190.html");
script_id(881378);
script_version("$Revision: 8265 $");
script_tag(name:"last_modification", value:"$Date: 2018-01-01 07:29:23 +0100 (Mon, 01 Jan 2018) $");
script_tag(name:"creation_date", value:"2012-07-30 17:37:41 +0530 (Mon, 30 Jul 2012)");
script_cve_id("CVE-2011-3648");
script_tag(name:"cvss_base", value:"4.3");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:N/I:P/A:N");
script_xref(name: "CESA", value: "2011:1438");
script_name("CentOS Update for thunderbird CESA-2011:1438 centos5 x86_64");
script_tag(name: "summary" , value: "Check for the Version of thunderbird");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (c) 2012 Greenbone Networks GmbH");
script_family("CentOS Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/centos", "ssh/login/rpms");
script_tag(name : "affected" , value : tag_affected);
script_tag(name : "solution" , value : tag_solution);
script_tag(name : "insight" , value : tag_insight);
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
include("pkg-lib-rpm.inc");
release = get_kb_item("ssh/login/release");
res = "";
if(release == NULL){
exit(0);
}
if(release == "CentOS5")
{
if ((res = isrpmvuln(pkg:"thunderbird", rpm:"thunderbird~2.0.0.24~27.el5.centos", rls:"CentOS5")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99); # Not vulnerable.
exit(0);
}
{"bulletinFamily": "scanner", "viewCount": 0, "naslFamily": "CentOS Local Security Checks", "reporter": "Copyright (c) 2012 Greenbone Networks GmbH", "references": ["http://lists.centos.org/pipermail/centos-announce/2011-November/018190.html", "2011:1438"], "description": "Check for the Version of thunderbird", "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cvelist", "hash": "2890e79b4a0af941367a38fd8bbad348"}, {"key": "cvss", "hash": "6e9bdd2021503689a2ad9254c9cdf2b3"}, {"key": "description", "hash": "a84f074c0278ce5cd1dcc6ef560341e6"}, {"key": "href", "hash": "c2a90d0974b9b7660ee26fff679feb0b"}, {"key": "modified", "hash": "c674c9e37d1c5d89439ad8b31faf82b3"}, {"key": "naslFamily", "hash": "8f8213e8b86855939d5beea715ce3045"}, {"key": "pluginID", "hash": "18a07e38f44019042304edc4ba19a109"}, {"key": "published", "hash": "6ea70a7d389257fd5f5b73e33ed85e78"}, {"key": "references", "hash": "77918e6f481f9364676c05185db999c2"}, {"key": "reporter", "hash": "a282f166ddc6c378940071a6b738e1a3"}, {"key": "sourceData", "hash": "0f3ae558750d0ad4cdcb3871844b5f6e"}, {"key": "title", "hash": "50a6d889bacaa211d2d2ebf623d0a296"}, {"key": "type", "hash": "47c1f692ea47a21f716dad07043ade01"}], "href": "http://plugins.openvas.org/nasl.php?oid=881378", "modified": "2018-01-01T00:00:00", "objectVersion": "1.3", "enchantments": {"score": {"value": 4.3, "vector": "NONE"}, "vulnersScore": 4.3}, "id": "OPENVAS:881378", "title": "CentOS Update for thunderbird CESA-2011:1438 centos5 x86_64", "hash": "af1e1278ceb3b99e7dd0d0b588e42edbb9222c868fadb95ae3d9b1cc8bd9a8d3", "edition": 3, "published": "2012-07-30T00:00:00", "type": "openvas", "history": [{"lastseen": "2017-07-25T10:51:20", "bulletin": {"hash": "349e426b91c9e0763d269846577b763cb2356a4642db8c56981768b78249af9f", "viewCount": 0, "reporter": "Copyright (c) 2012 Greenbone Networks GmbH", "references": ["http://lists.centos.org/pipermail/centos-announce/2011-November/018190.html", "2011:1438"], "description": "Check for the Version of thunderbird", "hashmap": [{"key": "title", "hash": "50a6d889bacaa211d2d2ebf623d0a296"}, {"key": "cvss", "hash": "6e9bdd2021503689a2ad9254c9cdf2b3"}, {"key": "sourceData", "hash": "9c93af07f60f07c402ce714a049dc22d"}, {"key": "description", "hash": "a84f074c0278ce5cd1dcc6ef560341e6"}, {"key": "naslFamily", "hash": "8f8213e8b86855939d5beea715ce3045"}, {"key": "cvelist", "hash": "2890e79b4a0af941367a38fd8bbad348"}, {"key": "references", "hash": "77918e6f481f9364676c05185db999c2"}, {"key": "type", "hash": "47c1f692ea47a21f716dad07043ade01"}, {"key": "href", "hash": "c2a90d0974b9b7660ee26fff679feb0b"}, {"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "reporter", "hash": "a282f166ddc6c378940071a6b738e1a3"}, {"key": "pluginID", "hash": "18a07e38f44019042304edc4ba19a109"}, {"key": "published", "hash": "6ea70a7d389257fd5f5b73e33ed85e78"}, {"key": "modified", "hash": "0d134bf170d66438eb1e01173ee0187f"}], "naslFamily": "CentOS Local Security Checks", "modified": "2017-07-10T00:00:00", "objectVersion": "1.3", "href": "http://plugins.openvas.org/nasl.php?oid=881378", "published": "2012-07-30T00:00:00", "enchantments": {"score": {"value": 4.3, "modified": "2017-07-25T10:51:20"}}, "id": "OPENVAS:881378", "title": "CentOS Update for thunderbird CESA-2011:1438 centos5 x86_64", "bulletinFamily": "scanner", "edition": 2, "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for thunderbird CESA-2011:1438 centos5 x86_64\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Mozilla Thunderbird is a standalone mail and newsgroup client.\n\n A cross-site scripting (XSS) flaw was found in the way Thunderbird handled\n certain multibyte character sets. Malicious, remote content could cause\n Thunderbird to run JavaScript code with the permissions of different remote\n content. (CVE-2011-3648)\n \n Note: This issue cannot be exploited by a specially-crafted HTML mail\n message as JavaScript is disabled by default for mail messages. It could be\n exploited another way in Thunderbird, for example, when viewing the full\n remote content of an RSS feed.\n \n All Thunderbird users should upgrade to this updated package, which\n resolves this issue. All running instances of Thunderbird must be restarted\n for the update to take effect.\";\n\ntag_affected = \"thunderbird on CentOS 5\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2011-November/018190.html\");\n script_id(881378);\n script_version(\"$Revision: 6654 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:48:17 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 17:37:41 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2011-3648\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_xref(name: \"CESA\", value: \"2011:1438\");\n script_name(\"CentOS Update for thunderbird CESA-2011:1438 centos5 x86_64\");\n\n script_summary(\"Check for the Version of thunderbird\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"thunderbird\", rpm:\"thunderbird~2.0.0.24~27.el5.centos\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "type": "openvas", "history": [], "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "cvelist": ["CVE-2011-3648"], "lastseen": "2017-07-25T10:51:20", "pluginID": "881378"}, "differentElements": ["modified", "sourceData"], "edition": 2}, {"lastseen": "2017-07-02T21:10:55", "bulletin": {"hash": "c0012cbc1c464da97972e3fe4129f4b127720699bdd421387852556acc249d04", "viewCount": 0, "reporter": "Copyright (c) 2012 Greenbone Networks GmbH", "references": ["http://lists.centos.org/pipermail/centos-announce/2011-November/018190.html", "2011:1438"], "description": "Check for the Version of thunderbird", "hashmap": [{"key": "title", "hash": "50a6d889bacaa211d2d2ebf623d0a296"}, {"key": "cvss", "hash": "6e9bdd2021503689a2ad9254c9cdf2b3"}, {"key": "description", "hash": "a84f074c0278ce5cd1dcc6ef560341e6"}, {"key": "naslFamily", "hash": "8f8213e8b86855939d5beea715ce3045"}, {"key": "cvelist", "hash": "2890e79b4a0af941367a38fd8bbad348"}, {"key": "references", "hash": "77918e6f481f9364676c05185db999c2"}, {"key": "type", "hash": "47c1f692ea47a21f716dad07043ade01"}, {"key": "sourceData", "hash": "792b6e3888c536df0876268583c55124"}, {"key": "href", "hash": "c2a90d0974b9b7660ee26fff679feb0b"}, {"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "reporter", "hash": "a282f166ddc6c378940071a6b738e1a3"}, {"key": "pluginID", "hash": "18a07e38f44019042304edc4ba19a109"}, {"key": "published", "hash": "6ea70a7d389257fd5f5b73e33ed85e78"}, {"key": "modified", "hash": "4b12e77cf198e92cf370a790f8532543"}], "naslFamily": "CentOS Local Security Checks", "modified": "2016-04-07T00:00:00", "objectVersion": "1.3", "href": "http://plugins.openvas.org/nasl.php?oid=881378", "published": "2012-07-30T00:00:00", "enchantments": {}, "id": "OPENVAS:881378", "title": "CentOS Update for thunderbird CESA-2011:1438 centos5 x86_64", "bulletinFamily": "scanner", "edition": 1, "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for thunderbird CESA-2011:1438 centos5 x86_64\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Mozilla Thunderbird is a standalone mail and newsgroup client.\n\n A cross-site scripting (XSS) flaw was found in the way Thunderbird handled\n certain multibyte character sets. Malicious, remote content could cause\n Thunderbird to run JavaScript code with the permissions of different remote\n content. (CVE-2011-3648)\n \n Note: This issue cannot be exploited by a specially-crafted HTML mail\n message as JavaScript is disabled by default for mail messages. It could be\n exploited another way in Thunderbird, for example, when viewing the full\n remote content of an RSS feed.\n \n All Thunderbird users should upgrade to this updated package, which\n resolves this issue. All running instances of Thunderbird must be restarted\n for the update to take effect.\";\n\ntag_affected = \"thunderbird on CentOS 5\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2011-November/018190.html\");\n script_id(881378);\n script_version(\"$Revision: 3007 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-04-07 14:44:10 +0200 (Thu, 07 Apr 2016) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 17:37:41 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2011-3648\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_xref(name: \"CESA\", value: \"2011:1438\");\n script_name(\"CentOS Update for thunderbird CESA-2011:1438 centos5 x86_64\");\n\n script_summary(\"Check for the Version of thunderbird\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"HostDetails/OS/cpe:/o:centos:centos\", \"login/SSH/success\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"thunderbird\", rpm:\"thunderbird~2.0.0.24~27.el5.centos\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "type": "openvas", "history": [], "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "cvelist": ["CVE-2011-3648"], "lastseen": "2017-07-02T21:10:55", "pluginID": "881378"}, "differentElements": ["modified", "sourceData"], "edition": 1}], "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "cvelist": ["CVE-2011-3648"], "lastseen": "2018-01-02T10:58:17", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for thunderbird CESA-2011:1438 centos5 x86_64\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Mozilla Thunderbird is a standalone mail and newsgroup client.\n\n A cross-site scripting (XSS) flaw was found in the way Thunderbird handled\n certain multibyte character sets. Malicious, remote content could cause\n Thunderbird to run JavaScript code with the permissions of different remote\n content. (CVE-2011-3648)\n \n Note: This issue cannot be exploited by a specially-crafted HTML mail\n message as JavaScript is disabled by default for mail messages. It could be\n exploited another way in Thunderbird, for example, when viewing the full\n remote content of an RSS feed.\n \n All Thunderbird users should upgrade to this updated package, which\n resolves this issue. All running instances of Thunderbird must be restarted\n for the update to take effect.\";\n\ntag_affected = \"thunderbird on CentOS 5\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2011-November/018190.html\");\n script_id(881378);\n script_version(\"$Revision: 8265 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-01 07:29:23 +0100 (Mon, 01 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 17:37:41 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2011-3648\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_xref(name: \"CESA\", value: \"2011:1438\");\n script_name(\"CentOS Update for thunderbird CESA-2011:1438 centos5 x86_64\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of thunderbird\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"thunderbird\", rpm:\"thunderbird~2.0.0.24~27.el5.centos\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "pluginID": "881378"}
{"cve": [{"lastseen": "2017-09-19T13:37:55", "references": ["https://bugzilla.mozilla.org/show_bug.cgi?id=690225", "http://www.redhat.com/support/errata/RHSA-2011-1439.html", "http://www.mozilla.org/security/announce/2011/mfsa2011-47.html", "http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00020.html"], "description": "Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.6.24 and 4.x through 7.0 and Thunderbird before 3.1.6 and 5.0 through 7.0 allows remote attackers to inject arbitrary web script or HTML via crafted text with Shift JIS encoding.", "edition": 2, "reporter": "NVD", "published": "2011-11-09T06:55:03", "title": "CVE-2011-3648", "type": "cve", "enchantments": {"score": {"modified": "2017-09-19T13:37:55", "vector": "NONE", "value": 4.3}}, "assessment": {"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:14212", "href": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14212"}, "bulletinFamily": "NVD", "cvelist": ["CVE-2011-3648"], "scanner": [{"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:14212", "href": "http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:14212"}], "modified": "2017-09-18T21:34:01", "cpe": ["cpe:/a:mozilla:thunderbird:2.0.0.11", "cpe:/a:mozilla:firefox:2.0.0.9", "cpe:/a:mozilla:thunderbird:1.5.0.10", "cpe:/a:mozilla:thunderbird:3.0.6", "cpe:/a:mozilla:firefox:3.0.2", "cpe:/a:mozilla:firefox:4.0:beta7", "cpe:/a:mozilla:firefox:3.5.6", "cpe:/a:mozilla:firefox:1.5.0.3", "cpe:/a:mozilla:thunderbird:3.0.2", "cpe:/a:mozilla:thunderbird:1.5.0.3", "cpe:/a:mozilla:thunderbird:2.0.0.9", "cpe:/a:mozilla:firefox:1.5.0.2", "cpe:/a:mozilla:firefox:2.0.0.14", "cpe:/a:mozilla:firefox:3.5.12", "cpe:/a:mozilla:firefox:4.0:beta10", "cpe:/a:mozilla:firefox:3.5.14", "cpe:/a:mozilla:firefox:3.6.20", "cpe:/a:mozilla:firefox:2.0.0.18", "cpe:/a:mozilla:firefox:2.0.0.8", "cpe:/a:mozilla:thunderbird:0.7", "cpe:/a:mozilla:thunderbird:3.1.11", "cpe:/a:mozilla:thunderbird:3.0", "cpe:/a:mozilla:firefox:3.0.12", "cpe:/a:mozilla:firefox:0.4", "cpe:/a:mozilla:firefox:1.5.1", "cpe:/a:mozilla:firefox:1.5.4", "cpe:/a:mozilla:thunderbird:1.5:beta2", "cpe:/a:mozilla:firefox:2.0.0.13", "cpe:/a:mozilla:thunderbird:2.0.0.21", "cpe:/a:mozilla:thunderbird:7.0", "cpe:/a:mozilla:firefox:0.5", "cpe:/a:mozilla:firefox:4.0.1", "cpe:/a:mozilla:firefox:3.5.3", "cpe:/a:mozilla:firefox:2.0.0.3", "cpe:/a:mozilla:thunderbird:1.0.8", "cpe:/a:mozilla:firefox:2.0.0.2", "cpe:/a:mozilla:firefox:1.5.0.1", "cpe:/a:mozilla:firefox:3.6.12", "cpe:/a:mozilla:firefox:3.6.7", "cpe:/a:mozilla:firefox:3.6.2", "cpe:/a:mozilla:firefox:4.0:beta6", "cpe:/a:mozilla:firefox:2.0.0.12", "cpe:/a:mozilla:firefox:3.5.13", "cpe:/a:mozilla:thunderbird:3.0.7", "cpe:/a:mozilla:firefox:3.0.4", "cpe:/a:mozilla:firefox:3.6.17", "cpe:/a:mozilla:firefox:0.8", "cpe:/a:mozilla:firefox:5.0.1", "cpe:/a:mozilla:firefox:7.0", "cpe:/a:mozilla:firefox:3.0.14", "cpe:/a:mozilla:firefox:3.6.4", "cpe:/a:mozilla:firefox:1.5.7", "cpe:/a:mozilla:thunderbird:1.0.4", "cpe:/a:mozilla:firefox:3.6.19", "cpe:/a:mozilla:thunderbird:2.0.0.22", "cpe:/a:mozilla:firefox:1.0.5", "cpe:/a:mozilla:thunderbird:2.0.0.12", "cpe:/a:mozilla:thunderbird:1.5.0.2", "cpe:/a:mozilla:thunderbird:1.7.1", "cpe:/a:mozilla:firefox:2.0.0.17", "cpe:/a:mozilla:thunderbird:1.5.0.9", "cpe:/a:mozilla:firefox:0.10.1", "cpe:/a:mozilla:firefox:2.0", "cpe:/a:mozilla:firefox:4.0:beta12", "cpe:/a:mozilla:thunderbird:1.5.0.4", "cpe:/a:mozilla:firefox:1.0:preview_release", "cpe:/a:mozilla:thunderbird:3.0.10", "cpe:/a:mozilla:firefox:1.0", "cpe:/a:mozilla:firefox:6.0.1", "cpe:/a:mozilla:firefox:2.0.0.20", "cpe:/a:mozilla:thunderbird:3.1", "cpe:/a:mozilla:firefox:1.5:beta1", "cpe:/a:mozilla:firefox:4.0:beta4", "cpe:/a:mozilla:firefox:1.0.3", "cpe:/a:mozilla:firefox:2.0.0.10", "cpe:/a:mozilla:thunderbird:1.5.0.6", "cpe:/a:mozilla:firefox:4.0:beta8", "cpe:/a:mozilla:thunderbird:1.0", "cpe:/a:mozilla:firefox:1.8", "cpe:/a:mozilla:firefox:1.5.0.5", "cpe:/a:mozilla:firefox:1.5.0.12", "cpe:/a:mozilla:thunderbird:1.0.1", "cpe:/a:mozilla:firefox:3.5.5", "cpe:/a:mozilla:firefox:3.0.5", "cpe:/a:mozilla:thunderbird:1.5.2", "cpe:/a:mozilla:firefox:3.6", "cpe:/a:mozilla:thunderbird:3.1.3", "cpe:/a:mozilla:firefox:4.0", "cpe:/a:mozilla:thunderbird:1.5.0.1", "cpe:/a:mozilla:firefox:0.9.2", "cpe:/a:mozilla:thunderbird:6.0.2", "cpe:/a:mozilla:firefox:1.5.6", "cpe:/a:mozilla:firefox:1.5:beta2", "cpe:/a:mozilla:firefox:1.0.4", "cpe:/a:mozilla:thunderbird:3.0.3", "cpe:/a:mozilla:thunderbird:0.4", "cpe:/a:mozilla:firefox:2.0.0.7", "cpe:/a:mozilla:firefox:3.5.1", "cpe:/a:mozilla:firefox:3.5.7", "cpe:/a:mozilla:thunderbird:2.0.0.23", "cpe:/a:mozilla:firefox:1.0.7", "cpe:/a:mozilla:firefox:1.0.6", "cpe:/a:mozilla:thunderbird:0.7.2", "cpe:/a:mozilla:firefox:3.0.9", "cpe:/a:mozilla:firefox:3.6.8", "cpe:/a:mozilla:firefox:1.0.1", "cpe:/a:mozilla:thunderbird:2.0.0.19", "cpe:/a:mozilla:thunderbird:3.0.8", "cpe:/a:mozilla:thunderbird:0.6", "cpe:/a:mozilla:firefox:2.0.0.15", "cpe:/a:mozilla:firefox:3.6.3", "cpe:/a:mozilla:firefox:3.6.23", "cpe:/a:mozilla:thunderbird:2.0.0.7", "cpe:/a:mozilla:thunderbird:3.1.1", "cpe:/a:mozilla:firefox:3.6.9", "cpe:/a:mozilla:firefox:3.5", "cpe:/a:mozilla:firefox:1.5.0.10", "cpe:/a:mozilla:thunderbird:3.1.2", "cpe:/a:mozilla:thunderbird:2.0.0.2", "cpe:/a:mozilla:thunderbird:1.5.0.13", "cpe:/a:mozilla:thunderbird:0.8", "cpe:/a:mozilla:firefox:1.0.2", "cpe:/a:mozilla:thunderbird:2.0.0.5", "cpe:/a:mozilla:firefox:3.0.16", "cpe:/a:mozilla:firefox:1.5.8", "cpe:/a:mozilla:firefox:4.0:beta5", "cpe:/a:mozilla:firefox:6.0.2", "cpe:/a:mozilla:thunderbird:2.0.0.13", "cpe:/a:mozilla:thunderbird:6.0", "cpe:/a:mozilla:firefox:3.0.13", "cpe:/a:mozilla:thunderbird:2.0.0.20", "cpe:/a:mozilla:firefox:0.10", "cpe:/a:mozilla:firefox:0.9.1", "cpe:/a:mozilla:firefox:0.6", "cpe:/a:mozilla:thunderbird:0.7.1", "cpe:/a:mozilla:firefox:3.6.22", "cpe:/a:mozilla:firefox:4.0:beta2", "cpe:/a:mozilla:firefox:1.5.5", "cpe:/a:mozilla:thunderbird:1.0.5:beta", "cpe:/a:mozilla:firefox:3.0.11", "cpe:/a:mozilla:firefox:1.5.0.4", "cpe:/a:mozilla:thunderbird:1.5.0.12", "cpe:/a:mozilla:firefox:2.0.0.1", "cpe:/a:mozilla:firefox:1.5.0.9", "cpe:/a:mozilla:thunderbird:2.0.0.3", "cpe:/a:mozilla:firefox:1.5.2", "cpe:/a:mozilla:firefox:3.6.16", "cpe:/a:mozilla:thunderbird:3.0.4", "cpe:/a:mozilla:thunderbird:0.7.3", "cpe:/a:mozilla:firefox:1.5.0.11", "cpe:/a:mozilla:thunderbird:1.0.5", "cpe:/a:mozilla:firefox:4.0:beta11", "cpe:/a:mozilla:thunderbird:1.0.6", "cpe:/a:mozilla:thunderbird:1.5.0.8", "cpe:/a:mozilla:thunderbird:6.0.1", "cpe:/a:mozilla:firefox:3.0.3", "cpe:/a:mozilla:firefox:1.5.0.6", "cpe:/a:mozilla:thunderbird:2.0", "cpe:/a:mozilla:firefox:4.0:beta3", "cpe:/a:mozilla:firefox:2.0.0.6", "cpe:/a:mozilla:thunderbird:2.0.0.1", "cpe:/a:mozilla:firefox:2.0.0.5", "cpe:/a:mozilla:firefox:1.5", "cpe:/a:mozilla:firefox:3.0.6", "cpe:/a:mozilla:firefox:1.5.0.7", "cpe:/a:mozilla:thunderbird:1.5.0.14", "cpe:/a:mozilla:thunderbird:2.0.0.4", "cpe:/a:mozilla:thunderbird:1.5", "cpe:/a:mozilla:firefox:6.0", "cpe:/a:mozilla:firefox:3.6.21", "cpe:/a:mozilla:thunderbird:3.1.5", "cpe:/a:mozilla:firefox:3.5.8", "cpe:/a:mozilla:firefox:0.9:rc", "cpe:/a:mozilla:firefox:5.0", "cpe:/a:mozilla:thunderbird:2.0.0.0", "cpe:/a:mozilla:thunderbird:3.0.5", "cpe:/a:mozilla:firefox:3.0.15", "cpe:/a:mozilla:firefox:3.0.7", "cpe:/a:mozilla:firefox:0.1", "cpe:/a:mozilla:firefox:3.0", "cpe:/a:mozilla:firefox:3.6.15", "cpe:/a:mozilla:thunderbird:3.1.4", "cpe:/a:mozilla:firefox:1.5.3", "cpe:/a:mozilla:firefox:3.5.11", "cpe:/a:mozilla:thunderbird:2.0.0.17", "cpe:/a:mozilla:thunderbird:1.0.2", "cpe:/a:mozilla:thunderbird:5.0", "cpe:/a:mozilla:thunderbird:3.1.10", "cpe:/a:mozilla:firefox:3.0.10", "cpe:/a:mozilla:thunderbird:0.5", "cpe:/a:mozilla:firefox:3.6.11", "cpe:/a:mozilla:firefox:3.0.8", "cpe:/a:mozilla:firefox:4.0:beta9", "cpe:/a:mozilla:firefox:1.0.8", "cpe:/a:mozilla:thunderbird:3.0.9", "cpe:/a:mozilla:firefox:1.5.0.8", "cpe:/a:mozilla:firefox:3.0.1", "cpe:/a:mozilla:firefox:0.9", "cpe:/a:mozilla:firefox:3.5.15", "cpe:/a:mozilla:firefox:3.6.13", "cpe:/a:mozilla:firefox:3.5.4", "cpe:/a:mozilla:thunderbird:3.0.1", "cpe:/a:mozilla:thunderbird:1.5.1", "cpe:/a:mozilla:firefox:3.5.9", "cpe:/a:mozilla:firefox:3.6.10", "cpe:/a:mozilla:thunderbird:1.0.7", "cpe:/a:mozilla:thunderbird:3.0.11", "cpe:/a:mozilla:firefox:3.5.2", "cpe:/a:mozilla:firefox:2.0.0.16", "cpe:/a:mozilla:thunderbird:0.2", "cpe:/a:mozilla:thunderbird:1.5.0.5", "cpe:/a:mozilla:firefox:3.5.10", "cpe:/a:mozilla:firefox:0.2", "cpe:/a:mozilla:firefox:0.7", "cpe:/a:mozilla:firefox:3.6.6", "cpe:/a:mozilla:firefox:1.4.1", "cpe:/a:mozilla:thunderbird:2.0.0.16", "cpe:/a:mozilla:firefox:2.0.0.19", "cpe:/a:mozilla:firefox:3.0.17", "cpe:/a:mozilla:firefox:0.7.1", "cpe:/a:mozilla:thunderbird:1.5.0.11", "cpe:/a:mozilla:thunderbird:0.1", "cpe:/a:mozilla:firefox:2.0.0.11", "cpe:/a:mozilla:thunderbird:2.0.0.14", "cpe:/a:mozilla:firefox:2.0.0.4", "cpe:/a:mozilla:thunderbird:1.5.0.7", "cpe:/a:mozilla:firefox:0.6.1", "cpe:/a:mozilla:thunderbird:0.9", "cpe:/a:mozilla:firefox:0.9.3", "cpe:/a:mozilla:thunderbird:2.0.0.15", "cpe:/a:mozilla:thunderbird:2.0.0.8", "cpe:/a:mozilla:thunderbird:1.7.3", "cpe:/a:mozilla:firefox:3.6.14", "cpe:/a:mozilla:thunderbird:1.0.3", "cpe:/a:mozilla:firefox:0.3", "cpe:/a:mozilla:thunderbird:2.0.0.18", "cpe:/a:mozilla:thunderbird:0.3", "cpe:/a:mozilla:thunderbird:2.0.0.6", "cpe:/a:mozilla:firefox:3.6.18", "cpe:/a:mozilla:firefox:4.0:beta1"], "id": "CVE-2011-3648", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3648", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "centos": [{"lastseen": "2017-10-03T18:25:12", "references": ["https://rhn.redhat.com/errata/RHSA-2011-1440.html"], "affectedPackage": [{"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.0.9-77.el4.centos", "arch": "x86_64", "packageName": "seamonkey-js-debugger", "packageFilename": "seamonkey-js-debugger-1.0.9-77.el4.centos.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.0.9-77.el4.centos", "arch": "i386", "packageName": "seamonkey-chat", "packageFilename": "seamonkey-chat-1.0.9-77.el4.centos.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.0.9-77.el4.centos", "arch": "i686", "packageName": "seamonkey-devel", "packageFilename": "seamonkey-devel-1.0.9-77.el4.centos.i686.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.0.9-77.el4.centos", "arch": "x86_64", "packageName": "seamonkey-devel", "packageFilename": "seamonkey-devel-1.0.9-77.el4.centos.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.0.9-77.el4.centos", "arch": "i386", "packageName": "seamonkey-js-debugger", "packageFilename": "seamonkey-js-debugger-1.0.9-77.el4.centos.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.0.9-77.el4.centos", "arch": "x86_64", "packageName": "seamonkey-chat", "packageFilename": "seamonkey-chat-1.0.9-77.el4.centos.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.0.9-77.el4.centos", "arch": "x86_64", "packageName": "seamonkey-dom-inspector", "packageFilename": "seamonkey-dom-inspector-1.0.9-77.el4.centos.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.0.9-77.el4.centos", "arch": "i386", "packageName": "seamonkey-devel", "packageFilename": "seamonkey-devel-1.0.9-77.el4.centos.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.0.9-77.el4.centos", "arch": "i686", "packageName": "seamonkey", "packageFilename": "seamonkey-1.0.9-77.el4.centos.i686.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.0.9-77.el4.centos", "arch": "any", "packageName": "seamonkey", "packageFilename": "seamonkey-1.0.9-77.el4.centos.src.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.0.9-77.el4.centos", "arch": "any", "packageName": "seamonkey", "packageFilename": "seamonkey-1.0.9-77.el4.centos.src.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.0.9-77.el4.centos", "arch": "x86_64", "packageName": "seamonkey-mail", "packageFilename": "seamonkey-mail-1.0.9-77.el4.centos.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.0.9-77.el4.centos", "arch": "i686", "packageName": "seamonkey-dom-inspector", "packageFilename": "seamonkey-dom-inspector-1.0.9-77.el4.centos.i686.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.0.9-77.el4.centos", "arch": "i386", "packageName": "seamonkey-mail", "packageFilename": "seamonkey-mail-1.0.9-77.el4.centos.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.0.9-77.el4.centos", "arch": "x86_64", "packageName": "seamonkey", "packageFilename": "seamonkey-1.0.9-77.el4.centos.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.0.9-77.el4.centos", "arch": "i386", "packageName": "seamonkey", "packageFilename": "seamonkey-1.0.9-77.el4.centos.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.0.9-77.el4.centos", "arch": "i386", "packageName": "seamonkey-dom-inspector", "packageFilename": "seamonkey-dom-inspector-1.0.9-77.el4.centos.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.0.9-77.el4.centos", "arch": "i686", "packageName": "seamonkey-js-debugger", "packageFilename": "seamonkey-js-debugger-1.0.9-77.el4.centos.i686.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.0.9-77.el4.centos", "arch": "i686", "packageName": "seamonkey-mail", "packageFilename": "seamonkey-mail-1.0.9-77.el4.centos.i686.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.0.9-77.el4.centos", "arch": "i686", "packageName": "seamonkey-chat", "packageFilename": "seamonkey-chat-1.0.9-77.el4.centos.i686.rpm", "operator": "lt"}], "description": "**CentOS Errata and Security Advisory** CESA-2011:1440\n\n\nSeaMonkey is an open source web browser, email and newsgroup client, IRC\nchat client, and HTML editor.\n\nA cross-site scripting (XSS) flaw was found in the way SeaMonkey handled\ncertain multibyte character sets. A web page containing malicious content\ncould cause SeaMonkey to run JavaScript code with the permissions of a\ndifferent website. (CVE-2011-3648)\n \nAll SeaMonkey users should upgrade to these updated packages, which correct\nthis issue. After installing the update, SeaMonkey must be restarted for\nthe changes to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2011-November/018181.html\nhttp://lists.centos.org/pipermail/centos-announce/2011-November/018182.html\n\n**Affected packages:**\nseamonkey\nseamonkey-chat\nseamonkey-devel\nseamonkey-dom-inspector\nseamonkey-js-debugger\nseamonkey-mail\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2011-1440.html", "edition": 1, "reporter": "CentOS Project", "published": "2011-11-09T15:48:43", "title": "seamonkey security update", "type": "centos", "enchantments": {"score": {"vector": "NONE", "value": 4.3}}, "bulletinFamily": "unix", "cvelist": ["CVE-2011-3648"], "modified": "2011-11-09T15:48:43", "href": "http://lists.centos.org/pipermail/centos-announce/2011-November/018181.html", "id": "CESA-2011:1440", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-10-03T18:25:07", "references": ["https://rhn.redhat.com/errata/RHSA-2011-1438.html"], "affectedPackage": [{"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.5.0.12-45.el4.centos", "arch": "i386", "packageName": "thunderbird", "packageFilename": "thunderbird-1.5.0.12-45.el4.centos.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.0.0.24-27.el5.centos", "arch": "i386", "packageName": "thunderbird", "packageFilename": "thunderbird-2.0.0.24-27.el5.centos.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.5.0.12-45.el4.centos", "arch": "any", "packageName": "thunderbird", "packageFilename": "thunderbird-1.5.0.12-45.el4.centos.src.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.5.0.12-45.el4.centos", "arch": "any", "packageName": "thunderbird", "packageFilename": "thunderbird-1.5.0.12-45.el4.centos.src.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.5.0.12-45.el4.centos", "arch": "x86_64", "packageName": "thunderbird", "packageFilename": "thunderbird-1.5.0.12-45.el4.centos.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.0.0.24-27.el5.centos", "arch": "x86_64", "packageName": "thunderbird", "packageFilename": "thunderbird-2.0.0.24-27.el5.centos.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.0.0.24-27.el5.centos", "arch": "any", "packageName": "thunderbird", "packageFilename": "thunderbird-2.0.0.24-27.el5.centos.src.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.0.0.24-27.el5.centos", "arch": "any", "packageName": "thunderbird", "packageFilename": "thunderbird-2.0.0.24-27.el5.centos.src.rpm", "operator": "lt"}], "description": "**CentOS Errata and Security Advisory** CESA-2011:1438\n\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nA cross-site scripting (XSS) flaw was found in the way Thunderbird handled\ncertain multibyte character sets. Malicious, remote content could cause\nThunderbird to run JavaScript code with the permissions of different remote\ncontent. (CVE-2011-3648)\n\nNote: This issue cannot be exploited by a specially-crafted HTML mail\nmessage as JavaScript is disabled by default for mail messages. It could be\nexploited another way in Thunderbird, for example, when viewing the full\nremote content of an RSS feed.\n\nAll Thunderbird users should upgrade to this updated package, which\nresolves this issue. All running instances of Thunderbird must be restarted\nfor the update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2011-November/018183.html\nhttp://lists.centos.org/pipermail/centos-announce/2011-November/018184.html\nhttp://lists.centos.org/pipermail/centos-announce/2011-November/018189.html\nhttp://lists.centos.org/pipermail/centos-announce/2011-November/018190.html\n\n**Affected packages:**\nthunderbird\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2011-1438.html", "edition": 1, "reporter": "CentOS Project", "published": "2011-11-09T15:49:13", "title": "thunderbird security update", "type": "centos", "enchantments": {"score": {"vector": "NONE", "value": 4.3}}, "bulletinFamily": "unix", "cvelist": ["CVE-2011-3648"], "modified": "2011-11-09T16:07:21", "href": "http://lists.centos.org/pipermail/centos-announce/2011-November/018183.html", "id": "CESA-2011:1438", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-10-03T18:24:32", "references": ["https://rhn.redhat.com/errata/RHSA-2011-1437.html"], "affectedPackage": [{"OS": "CentOS", "OSVersion": "4", "packageVersion": "3.6.24-3.el4.centos", "packageFilename": "firefox-3.6.24-3.el4.centos.src.rpm", "packageName": "firefox", "arch": "any", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "3.6.24-3.el4.centos", "packageFilename": "firefox-3.6.24-3.el4.centos.src.rpm", "packageName": "firefox", "arch": "any", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "3.6.24-3.el5.centos", "packageFilename": "firefox-3.6.24-3.el5.centos.src.rpm", "packageName": "firefox", "arch": "any", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "3.6.24-3.el5.centos", "packageFilename": "firefox-3.6.24-3.el5.centos.src.rpm", "packageName": "firefox", "arch": "any", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "3.6.24-3.el4.centos", "packageFilename": "firefox-3.6.24-3.el4.centos.x86_64.rpm", "packageName": "firefox", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "3.6.24-3.el5.centos", "packageFilename": "firefox-3.6.24-3.el5.centos.x86_64.rpm", "packageName": "firefox", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.9.2.24-2.el5_7", "packageFilename": "xulrunner-1.9.2.24-2.el5_7.i386.rpm", "packageName": "xulrunner", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.9.2.24-2.el5_7", "packageFilename": "xulrunner-1.9.2.24-2.el5_7.i386.rpm", "packageName": "xulrunner", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "3.6.24-3.el5.centos", "packageFilename": "firefox-3.6.24-3.el5.centos.i386.rpm", "packageName": "firefox", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "3.6.24-3.el5.centos", "packageFilename": "firefox-3.6.24-3.el5.centos.i386.rpm", "packageName": "firefox", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "3.6.24-3.el4.centos", "packageFilename": "firefox-3.6.24-3.el4.centos.i386.rpm", "packageName": "firefox", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.9.2.24-2.el5_7", "packageFilename": "xulrunner-1.9.2.24-2.el5_7.x86_64.rpm", "packageName": "xulrunner", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.9.2.24-2.el5_7", "packageFilename": "xulrunner-devel-1.9.2.24-2.el5_7.i386.rpm", "packageName": "xulrunner-devel", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.9.2.24-2.el5_7", "packageFilename": "xulrunner-devel-1.9.2.24-2.el5_7.i386.rpm", "packageName": "xulrunner-devel", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.9.2.24-2.el5_7", "packageFilename": "xulrunner-devel-1.9.2.24-2.el5_7.x86_64.rpm", "packageName": "xulrunner-devel", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.9.2.24-2.el5_7", "packageFilename": "xulrunner-1.9.2.24-2.el5_7.src.rpm", "packageName": "xulrunner", "arch": "any", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.9.2.24-2.el5_7", "packageFilename": "xulrunner-1.9.2.24-2.el5_7.src.rpm", "packageName": "xulrunner", "arch": "any", "operator": "lt"}], "description": "**CentOS Errata and Security Advisory** CESA-2011:1437\n\n\nMozilla Firefox is an open source web browser. XULRunner provides the XUL\nRuntime environment for Mozilla Firefox.\n\nA flaw was found in the way Firefox handled certain add-ons. A web page\ncontaining malicious content could cause an add-on to grant itself full\nbrowser privileges, which could lead to arbitrary code execution with the\nprivileges of the user running Firefox. (CVE-2011-3647)\n\nA cross-site scripting (XSS) flaw was found in the way Firefox handled\ncertain multibyte character sets. A web page containing malicious content\ncould cause Firefox to run JavaScript code with the permissions of a\ndifferent website. (CVE-2011-3648)\n\nA flaw was found in the way Firefox handled large JavaScript scripts. A web\npage containing malicious JavaScript could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nFirefox. (CVE-2011-3650)\n\nFor technical details regarding these flaws, refer to the Mozilla security\nadvisories for Firefox 3.6.24. You can find a link to the Mozilla\nadvisories in the References section of this erratum.\n\nAll Firefox users should upgrade to these updated packages, which contain\nFirefox version 3.6.24, which corrects these issues. After installing the\nupdate, Firefox must be restarted for the changes to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2011-November/018179.html\nhttp://lists.centos.org/pipermail/centos-announce/2011-November/018180.html\nhttp://lists.centos.org/pipermail/centos-announce/2011-November/018187.html\nhttp://lists.centos.org/pipermail/centos-announce/2011-November/018188.html\n\n**Affected packages:**\nfirefox\nxulrunner\nxulrunner-devel\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2011-1437.html", "edition": 1, "reporter": "CentOS Project", "published": "2011-11-09T15:48:22", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "title": "firefox, xulrunner security update", "type": "centos", "bulletinFamily": "unix", "cvelist": ["CVE-2011-3648", "CVE-2011-3650", "CVE-2011-3647"], "modified": "2011-11-09T16:06:53", "href": "http://lists.centos.org/pipermail/centos-announce/2011-November/018179.html", "id": "CESA-2011:1437", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "oraclelinux": [{"lastseen": "2018-08-31T01:40:05", "references": [], "affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.0.9-77.0.1.el4", "arch": "i386", "packageFilename": "seamonkey-devel-1.0.9-77.0.1.el4.i386.rpm", "packageName": "seamonkey-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.0.9-77.0.1.el4", "arch": "ia64", "packageFilename": "seamonkey-1.0.9-77.0.1.el4.ia64.rpm", "packageName": "seamonkey", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.0.9-77.0.1.el4", "arch": "i386", "packageFilename": "seamonkey-chat-1.0.9-77.0.1.el4.i386.rpm", "packageName": "seamonkey-chat", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.0.9-77.0.1.el4", "arch": "ia64", "packageFilename": "seamonkey-dom-inspector-1.0.9-77.0.1.el4.ia64.rpm", "packageName": "seamonkey-dom-inspector", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.0.9-77.0.1.el4", "arch": "i386", "packageFilename": "seamonkey-js-debugger-1.0.9-77.0.1.el4.i386.rpm", "packageName": "seamonkey-js-debugger", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.0.9-77.0.1.el4", "arch": "i386", "packageFilename": "seamonkey-1.0.9-77.0.1.el4.i386.rpm", "packageName": "seamonkey", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.0.9-77.0.1.el4", "arch": "i386", "packageFilename": "seamonkey-mail-1.0.9-77.0.1.el4.i386.rpm", "packageName": "seamonkey-mail", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.0.9-77.0.1.el4", "arch": "x86_64", "packageFilename": "seamonkey-chat-1.0.9-77.0.1.el4.x86_64.rpm", "packageName": "seamonkey-chat", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.0.9-77.0.1.el4", "arch": "x86_64", "packageFilename": "seamonkey-dom-inspector-1.0.9-77.0.1.el4.x86_64.rpm", "packageName": "seamonkey-dom-inspector", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.0.9-77.0.1.el4", "arch": "x86_64", "packageFilename": "seamonkey-mail-1.0.9-77.0.1.el4.x86_64.rpm", "packageName": "seamonkey-mail", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.0.9-77.0.1.el4", "arch": "x86_64", "packageFilename": "seamonkey-js-debugger-1.0.9-77.0.1.el4.x86_64.rpm", "packageName": "seamonkey-js-debugger", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.0.9-77.0.1.el4", "arch": "ia64", "packageFilename": "seamonkey-devel-1.0.9-77.0.1.el4.ia64.rpm", "packageName": "seamonkey-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.0.9-77.0.1.el4", "arch": "src", "packageFilename": "seamonkey-1.0.9-77.0.1.el4.src.rpm", "packageName": "seamonkey", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.0.9-77.0.1.el4", "arch": "src", "packageFilename": "seamonkey-1.0.9-77.0.1.el4.src.rpm", "packageName": "seamonkey", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.0.9-77.0.1.el4", "arch": "src", "packageFilename": "seamonkey-1.0.9-77.0.1.el4.src.rpm", "packageName": "seamonkey", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.0.9-77.0.1.el4", "arch": "ia64", "packageFilename": "seamonkey-js-debugger-1.0.9-77.0.1.el4.ia64.rpm", "packageName": "seamonkey-js-debugger", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.0.9-77.0.1.el4", "arch": "ia64", "packageFilename": "seamonkey-chat-1.0.9-77.0.1.el4.ia64.rpm", "packageName": "seamonkey-chat", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.0.9-77.0.1.el4", "arch": "ia64", "packageFilename": "seamonkey-mail-1.0.9-77.0.1.el4.ia64.rpm", "packageName": "seamonkey-mail", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.0.9-77.0.1.el4", "arch": "x86_64", "packageFilename": "seamonkey-1.0.9-77.0.1.el4.x86_64.rpm", "packageName": "seamonkey", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.0.9-77.0.1.el4", "arch": "i386", "packageFilename": "seamonkey-dom-inspector-1.0.9-77.0.1.el4.i386.rpm", "packageName": "seamonkey-dom-inspector", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.0.9-77.0.1.el4", "arch": "x86_64", "packageFilename": "seamonkey-devel-1.0.9-77.0.1.el4.x86_64.rpm", "packageName": "seamonkey-devel", "operator": "lt"}], "description": "[1.0.9-77.0.1.el4]\n- Add mozilla-oracle-default-prefs.js and mozilla-oracle-default-bookmarks.html\n and remove corresponding RedHat ones\n[1.0.9-77.el4]\n- Added fixes from 1.9.2.24", "edition": 3, "reporter": "Oracle", "published": "2011-11-09T00:00:00", "title": "seamonkey security update", "type": "oraclelinux", "enchantments": {"score": {"vector": "NONE", "value": 10.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2011-3648"], "modified": "2011-11-09T00:00:00", "id": "ELSA-2011-1440", "href": "http://linux.oracle.com/errata/ELSA-2011-1440.html", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-08-31T01:44:10", "references": [], "affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.5.0.12-45.0.1.el4", "arch": "ia64", "packageFilename": "thunderbird-1.5.0.12-45.0.1.el4.ia64.rpm", "packageName": "thunderbird", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.5.0.12-45.0.1.el4", "arch": "src", "packageFilename": "thunderbird-1.5.0.12-45.0.1.el4.src.rpm", "packageName": "thunderbird", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.5.0.12-45.0.1.el4", "arch": "src", "packageFilename": "thunderbird-1.5.0.12-45.0.1.el4.src.rpm", "packageName": "thunderbird", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.5.0.12-45.0.1.el4", "arch": "src", "packageFilename": "thunderbird-1.5.0.12-45.0.1.el4.src.rpm", "packageName": "thunderbird", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.5.0.12-45.0.1.el4", "arch": "i386", "packageFilename": "thunderbird-1.5.0.12-45.0.1.el4.i386.rpm", "packageName": "thunderbird", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.5.0.12-45.0.1.el4", "arch": "x86_64", "packageFilename": "thunderbird-1.5.0.12-45.0.1.el4.x86_64.rpm", "packageName": "thunderbird", "operator": "lt"}], "description": "[1.5.0.12-45.0.1.el4]\n- Add thunderbird-oracle-default-prefs.js for errata rebuild and\n remove thunderbird-redhat-default-prefs.js\n- Replaced clean.gif in tarball\n[1.5.0.12-45]\n- Added fixes from 1.9.2.24", "edition": 3, "reporter": "Oracle", "published": "2011-11-09T00:00:00", "title": "thunderbird security update", "type": "oraclelinux", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2011-3648"], "modified": "2011-11-09T00:00:00", "id": "ELSA-2011-1438", "href": "http://linux.oracle.com/errata/ELSA-2011-1438.html", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-08-31T01:44:18", "references": [], "affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "3.1.16-2.0.1.el6_1", "arch": "x86_64", "packageFilename": "thunderbird-3.1.16-2.0.1.el6_1.x86_64.rpm", "packageName": "thunderbird", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "3.1.16-2.0.1.el6_1", "arch": "src", "packageFilename": "thunderbird-3.1.16-2.0.1.el6_1.src.rpm", "packageName": "thunderbird", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "3.1.16-2.0.1.el6_1", "arch": "src", "packageFilename": "thunderbird-3.1.16-2.0.1.el6_1.src.rpm", "packageName": "thunderbird", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "3.1.16-2.0.1.el6_1", "arch": "i686", "packageFilename": "thunderbird-3.1.16-2.0.1.el6_1.i686.rpm", "packageName": "thunderbird", "operator": "lt"}], "description": "[3.1.16-2.0.1.el6_1]\n- Replaced thunderbird-redhat-default-prefs.js with\n thunderbird-oracle-default-prefs.js\n- Replace clean.gif in tarball\n[3.1.16-2]\n- Update to 3.1.16", "edition": 3, "reporter": "Oracle", "published": "2011-11-09T00:00:00", "title": "thunderbird security update", "type": "oraclelinux", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2011-3648", "CVE-2011-3650", "CVE-2011-3647"], "modified": "2011-11-09T00:00:00", "id": "ELSA-2011-1439", "href": "http://linux.oracle.com/errata/ELSA-2011-1439.html", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T01:37:43", "references": [], "affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "3.6.24-3.0.1.el5_7", "arch": "src", "packageFilename": "firefox-3.6.24-3.0.1.el5_7.src.rpm", "packageName": "firefox", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "3.6.24-3.0.1.el5_7", "arch": "src", "packageFilename": "firefox-3.6.24-3.0.1.el5_7.src.rpm", "packageName": "firefox", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "3.6.24-3.0.1.el5_7", "arch": "src", "packageFilename": "firefox-3.6.24-3.0.1.el5_7.src.rpm", "packageName": "firefox", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "3.6.24-3.0.1.el6_1", "arch": "i686", "packageFilename": "firefox-3.6.24-3.0.1.el6_1.i686.rpm", "packageName": "firefox", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "3.6.24-3.0.1.el6_1", "arch": "i686", "packageFilename": "firefox-3.6.24-3.0.1.el6_1.i686.rpm", "packageName": "firefox", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.9.2.24-2.0.1.el6_1.1", "arch": "i686", "packageFilename": "xulrunner-devel-1.9.2.24-2.0.1.el6_1.1.i686.rpm", "packageName": "xulrunner-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.9.2.24-2.0.1.el6_1.1", "arch": "i686", "packageFilename": "xulrunner-devel-1.9.2.24-2.0.1.el6_1.1.i686.rpm", "packageName": "xulrunner-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "3.6.24-3.0.1.el4", "arch": "i386", "packageFilename": "firefox-3.6.24-3.0.1.el4.i386.rpm", "packageName": "firefox", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "3.6.24-3.0.1.el4", "arch": "x86_64", "packageFilename": "firefox-3.6.24-3.0.1.el4.x86_64.rpm", "packageName": "firefox", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.9.2.24-2.0.1.el6_1.1", "arch": "x86_64", "packageFilename": "xulrunner-1.9.2.24-2.0.1.el6_1.1.x86_64.rpm", "packageName": "xulrunner", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.9.2.24-2.0.1.el6_1.1", "arch": "i686", "packageFilename": "xulrunner-1.9.2.24-2.0.1.el6_1.1.i686.rpm", "packageName": "xulrunner", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.9.2.24-2.0.1.el6_1.1", "arch": "i686", "packageFilename": "xulrunner-1.9.2.24-2.0.1.el6_1.1.i686.rpm", "packageName": "xulrunner", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "3.6.24-3.0.1.el5_7", "arch": "ia64", "packageFilename": "firefox-3.6.24-3.0.1.el5_7.ia64.rpm", "packageName": "firefox", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.9.2.24-2.0.1.el5_7", "arch": "i386", "packageFilename": "xulrunner-devel-1.9.2.24-2.0.1.el5_7.i386.rpm", "packageName": "xulrunner-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.9.2.24-2.0.1.el5_7", "arch": "i386", "packageFilename": "xulrunner-devel-1.9.2.24-2.0.1.el5_7.i386.rpm", "packageName": "xulrunner-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.9.2.24-2.0.1.el5_7", "arch": "i386", "packageFilename": "xulrunner-1.9.2.24-2.0.1.el5_7.i386.rpm", "packageName": "xulrunner", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.9.2.24-2.0.1.el5_7", "arch": "i386", "packageFilename": "xulrunner-1.9.2.24-2.0.1.el5_7.i386.rpm", "packageName": "xulrunner", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "3.6.24-3.0.1.el5_7", "arch": "x86_64", "packageFilename": "firefox-3.6.24-3.0.1.el5_7.x86_64.rpm", "packageName": "firefox", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.9.2.24-2.0.1.el5_7", "arch": "x86_64", "packageFilename": "xulrunner-1.9.2.24-2.0.1.el5_7.x86_64.rpm", "packageName": "xulrunner", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "3.6.24-3.0.1.el6_1", "arch": "x86_64", "packageFilename": "firefox-3.6.24-3.0.1.el6_1.x86_64.rpm", "packageName": "firefox", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.9.2.24-2.0.1.el5_7", "arch": "src", "packageFilename": "xulrunner-1.9.2.24-2.0.1.el5_7.src.rpm", "packageName": "xulrunner", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.9.2.24-2.0.1.el5_7", "arch": "src", "packageFilename": "xulrunner-1.9.2.24-2.0.1.el5_7.src.rpm", "packageName": "xulrunner", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.9.2.24-2.0.1.el5_7", "arch": "src", "packageFilename": "xulrunner-1.9.2.24-2.0.1.el5_7.src.rpm", "packageName": "xulrunner", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.9.2.24-2.0.1.el6_1.1", "arch": "src", "packageFilename": "xulrunner-1.9.2.24-2.0.1.el6_1.1.src.rpm", "packageName": "xulrunner", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.9.2.24-2.0.1.el6_1.1", "arch": "src", "packageFilename": "xulrunner-1.9.2.24-2.0.1.el6_1.1.src.rpm", "packageName": "xulrunner", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "3.6.24-3.0.1.el5_7", "arch": "i386", "packageFilename": "firefox-3.6.24-3.0.1.el5_7.i386.rpm", "packageName": "firefox", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "3.6.24-3.0.1.el5_7", "arch": "i386", "packageFilename": "firefox-3.6.24-3.0.1.el5_7.i386.rpm", "packageName": "firefox", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "3.6.24-3.0.1.el6_1", "arch": "src", "packageFilename": "firefox-3.6.24-3.0.1.el6_1.src.rpm", "packageName": "firefox", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "3.6.24-3.0.1.el6_1", "arch": "src", "packageFilename": "firefox-3.6.24-3.0.1.el6_1.src.rpm", "packageName": "firefox", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.9.2.24-2.0.1.el6_1.1", "arch": "x86_64", "packageFilename": "xulrunner-devel-1.9.2.24-2.0.1.el6_1.1.x86_64.rpm", "packageName": "xulrunner-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.9.2.24-2.0.1.el5_7", "arch": "ia64", "packageFilename": "xulrunner-1.9.2.24-2.0.1.el5_7.ia64.rpm", "packageName": "xulrunner", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "3.6.24-3.0.1.el4", "arch": "src", "packageFilename": "firefox-3.6.24-3.0.1.el4.src.rpm", "packageName": "firefox", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "3.6.24-3.0.1.el4", "arch": "src", "packageFilename": "firefox-3.6.24-3.0.1.el4.src.rpm", "packageName": "firefox", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "3.6.24-3.0.1.el4", "arch": "src", "packageFilename": "firefox-3.6.24-3.0.1.el4.src.rpm", "packageName": "firefox", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "3.6.24-3.0.1.el4", "arch": "ia64", "packageFilename": "firefox-3.6.24-3.0.1.el4.ia64.rpm", "packageName": "firefox", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.9.2.24-2.0.1.el5_7", "arch": "x86_64", "packageFilename": "xulrunner-devel-1.9.2.24-2.0.1.el5_7.x86_64.rpm", "packageName": "xulrunner-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.9.2.24-2.0.1.el5_7", "arch": "ia64", "packageFilename": "xulrunner-devel-1.9.2.24-2.0.1.el5_7.ia64.rpm", "packageName": "xulrunner-devel", "operator": "lt"}], "description": "firefox:\n[3.6.24-3.0.1.el6_1]\n- Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat ones\n[3.6.24-3]\n- Update to 3.6.24\nxulrunner:\n[1.9.2.24-2.0.1.el6_1.1]\n- Replace xulrunner-redhat-default-prefs.js with\n xulrunner-oracle-default-prefs.js\n[1.9.2.24-2]\n- Update to 1.9.2.24", "edition": 3, "reporter": "Oracle", "published": "2011-11-09T00:00:00", "title": "firefox security update", "type": "oraclelinux", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2011-3648", "CVE-2011-3650", "CVE-2011-3647"], "modified": "2011-11-09T00:00:00", "id": "ELSA-2011-1437", "href": "http://linux.oracle.com/errata/ELSA-2011-1437.html", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "openvas": [{"lastseen": "2018-09-02T00:00:42", "references": ["http://lists.centos.org/pipermail/centos-announce/2011-November/018190.html", "2011:1438"], "pluginID": "1361412562310881378", "description": "Check for the Version of thunderbird", "edition": 3, "reporter": "Copyright (c) 2012 Greenbone Networks GmbH", "published": "2012-07-30T00:00:00", "title": "CentOS Update for thunderbird CESA-2011:1438 centos5 x86_64", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 4.3}}, "naslFamily": "CentOS Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-3648"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310881378", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881378", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for thunderbird CESA-2011:1438 centos5 x86_64\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Mozilla Thunderbird is a standalone mail and newsgroup client.\n\n A cross-site scripting (XSS) flaw was found in the way Thunderbird handled\n certain multibyte character sets. Malicious, remote content could cause\n Thunderbird to run JavaScript code with the permissions of different remote\n content. (CVE-2011-3648)\n \n Note: This issue cannot be exploited by a specially-crafted HTML mail\n message as JavaScript is disabled by default for mail messages. It could be\n exploited another way in Thunderbird, for example, when viewing the full\n remote content of an RSS feed.\n \n All Thunderbird users should upgrade to this updated package, which\n resolves this issue. All running instances of Thunderbird must be restarted\n for the update to take effect.\";\n\ntag_affected = \"thunderbird on CentOS 5\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2011-November/018190.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.881378\");\n script_version(\"$Revision: 9352 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:13:02 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 17:37:41 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2011-3648\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_xref(name: \"CESA\", value: \"2011:1438\");\n script_name(\"CentOS Update for thunderbird CESA-2011:1438 centos5 x86_64\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of thunderbird\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"thunderbird\", rpm:\"thunderbird~2.0.0.24~27.el5.centos\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-07-25T10:55:32", "references": ["2011:1438", "http://lists.centos.org/pipermail/centos-announce/2011-November/018189.html"], "pluginID": "881034", "description": "Check for the Version of thunderbird", "edition": 2, "reporter": "Copyright (c) 2011 Greenbone Networks GmbH", "published": "2011-11-11T00:00:00", "title": "CentOS Update for thunderbird CESA-2011:1438 centos5 i386", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 4.3}}, "naslFamily": "CentOS Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-3648"], "modified": "2017-07-10T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=881034", "id": "OPENVAS:881034", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for thunderbird CESA-2011:1438 centos5 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Mozilla Thunderbird is a standalone mail and newsgroup client.\n\n A cross-site scripting (XSS) flaw was found in the way Thunderbird handled\n certain multibyte character sets. Malicious, remote content could cause\n Thunderbird to run JavaScript code with the permissions of different remote\n content. (CVE-2011-3648)\n\n Note: This issue cannot be exploited by a specially-crafted HTML mail\n message as JavaScript is disabled by default for mail messages. It could be\n exploited another way in Thunderbird, for example, when viewing the full\n remote content of an RSS feed.\n\n All Thunderbird users should upgrade to this updated package, which\n resolves this issue. All running instances of Thunderbird must be restarted\n for the update to take effect.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"thunderbird on CentOS 5\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2011-November/018189.html\");\n script_id(881034);\n script_version(\"$Revision: 6653 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:46:53 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-11-11 09:54:25 +0530 (Fri, 11 Nov 2011)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_xref(name: \"CESA\", value: \"2011:1438\");\n script_cve_id(\"CVE-2011-3648\");\n script_name(\"CentOS Update for thunderbird CESA-2011:1438 centos5 i386\");\n\n script_summary(\"Check for the Version of thunderbird\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"thunderbird\", rpm:\"thunderbird~2.0.0.24~27.el5.centos\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-07-27T10:55:16", "references": ["2011:1440-01", "https://www.redhat.com/archives/rhsa-announce/2011-November/msg00009.html"], "pluginID": "870512", "description": "Check for the Version of seamonkey", "edition": 2, "reporter": "Copyright (c) 2011 Greenbone Networks GmbH", "published": "2011-11-11T00:00:00", "title": "RedHat Update for seamonkey RHSA-2011:1440-01", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 4.3}}, "naslFamily": "Red Hat Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-3648"], "modified": "2017-07-12T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=870512", "id": "OPENVAS:870512", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for seamonkey RHSA-2011:1440-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"SeaMonkey is an open source web browser, email and newsgroup client, IRC\n chat client, and HTML editor.\n\n A cross-site scripting (XSS) flaw was found in the way SeaMonkey handled\n certain multibyte character sets. A web page containing malicious content\n could cause SeaMonkey to run JavaScript code with the permissions of a\n different website. (CVE-2011-3648)\n\n All SeaMonkey users should upgrade to these updated packages, which correct\n this issue. After installing the update, SeaMonkey must be restarted for\n the changes to take effect.\";\n\ntag_affected = \"seamonkey on Red Hat Enterprise Linux AS version 4,\n Red Hat Enterprise Linux ES version 4,\n Red Hat Enterprise Linux WS version 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2011-November/msg00009.html\");\n script_id(870512);\n script_version(\"$Revision: 6685 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:44:46 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-11-11 09:53:18 +0530 (Fri, 11 Nov 2011)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_xref(name: \"RHSA\", value: \"2011:1440-01\");\n script_cve_id(\"CVE-2011-3648\");\n script_name(\"RedHat Update for seamonkey RHSA-2011:1440-01\");\n\n script_summary(\"Check for the Version of seamonkey\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_4\")\n{\n\n if ((res = isrpmvuln(pkg:\"seamonkey\", rpm:\"seamonkey~1.0.9~77.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-chat\", rpm:\"seamonkey-chat~1.0.9~77.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-debuginfo\", rpm:\"seamonkey-debuginfo~1.0.9~77.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-devel\", rpm:\"seamonkey-devel~1.0.9~77.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-dom-inspector\", rpm:\"seamonkey-dom-inspector~1.0.9~77.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-js-debugger\", rpm:\"seamonkey-js-debugger~1.0.9~77.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-mail\", rpm:\"seamonkey-mail~1.0.9~77.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-07-25T10:55:27", "references": ["http://lists.centos.org/pipermail/centos-announce/2011-November/018183.html", "2011:1438"], "pluginID": "881041", "description": "Check for the Version of thunderbird", "edition": 2, "reporter": "Copyright (c) 2011 Greenbone Networks GmbH", "published": "2011-11-11T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 4.3}}, "title": "CentOS Update for thunderbird CESA-2011:1438 centos4 i386", "type": "openvas", "naslFamily": "CentOS Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-3648"], "modified": "2017-07-10T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=881041", "id": "OPENVAS:881041", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for thunderbird CESA-2011:1438 centos4 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Mozilla Thunderbird is a standalone mail and newsgroup client.\n\n A cross-site scripting (XSS) flaw was found in the way Thunderbird handled\n certain multibyte character sets. Malicious, remote content could cause\n Thunderbird to run JavaScript code with the permissions of different remote\n content. (CVE-2011-3648)\n\n Note: This issue cannot be exploited by a specially-crafted HTML mail\n message as JavaScript is disabled by default for mail messages. It could be\n exploited another way in Thunderbird, for example, when viewing the full\n remote content of an RSS feed.\n\n All Thunderbird users should upgrade to this updated package, which\n resolves this issue. All running instances of Thunderbird must be restarted\n for the update to take effect.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"thunderbird on CentOS 4\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2011-November/018183.html\");\n script_id(881041);\n script_version(\"$Revision: 6653 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:46:53 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-11-11 09:54:50 +0530 (Fri, 11 Nov 2011)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_xref(name: \"CESA\", value: \"2011:1438\");\n script_cve_id(\"CVE-2011-3648\");\n script_name(\"CentOS Update for thunderbird CESA-2011:1438 centos4 i386\");\n\n script_summary(\"Check for the Version of thunderbird\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"thunderbird\", rpm:\"thunderbird~1.5.0.12~45.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-01-08T12:56:40", "references": ["http://lists.centos.org/pipermail/centos-announce/2011-November/018182.html", "2011:1440"], "pluginID": "881280", "description": "Check for the Version of seamonkey", "edition": 3, "reporter": "Copyright (c) 2012 Greenbone Networks GmbH", "published": "2012-07-30T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 4.3}}, "title": "CentOS Update for seamonkey CESA-2011:1440 centos4 x86_64", "type": "openvas", "naslFamily": "CentOS Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-3648"], "modified": "2018-01-08T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=881280", "id": "OPENVAS:881280", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for seamonkey CESA-2011:1440 centos4 x86_64\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"SeaMonkey is an open source web browser, email and newsgroup client, IRC\n chat client, and HTML editor.\n\n A cross-site scripting (XSS) flaw was found in the way SeaMonkey handled\n certain multibyte character sets. A web page containing malicious content\n could cause SeaMonkey to run JavaScript code with the permissions of a\n different website. (CVE-2011-3648)\n \n All SeaMonkey users should upgrade to these updated packages, which correct\n this issue. After installing the update, SeaMonkey must be restarted for\n the changes to take effect.\";\n\ntag_affected = \"seamonkey on CentOS 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2011-November/018182.html\");\n script_id(881280);\n script_version(\"$Revision: 8313 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-08 08:02:11 +0100 (Mon, 08 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 17:15:32 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2011-3648\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_xref(name: \"CESA\", value: \"2011:1440\");\n script_name(\"CentOS Update for seamonkey CESA-2011:1440 centos4 x86_64\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of seamonkey\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"seamonkey\", rpm:\"seamonkey~1.0.9~77.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-chat\", rpm:\"seamonkey-chat~1.0.9~77.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-devel\", rpm:\"seamonkey-devel~1.0.9~77.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-dom-inspector\", rpm:\"seamonkey-dom-inspector~1.0.9~77.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-js-debugger\", rpm:\"seamonkey-js-debugger~1.0.9~77.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-mail\", rpm:\"seamonkey-mail~1.0.9~77.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-01-02T10:57:25", "references": ["2011:1438", "http://lists.centos.org/pipermail/centos-announce/2011-November/018184.html"], "pluginID": "881262", "description": "Check for the Version of thunderbird", "edition": 3, "reporter": "Copyright (c) 2012 Greenbone Networks GmbH", "published": "2012-07-30T00:00:00", "title": "CentOS Update for thunderbird CESA-2011:1438 centos4 x86_64", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 4.3}}, "naslFamily": "CentOS Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-3648"], "modified": "2018-01-02T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=881262", "id": "OPENVAS:881262", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for thunderbird CESA-2011:1438 centos4 x86_64\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Mozilla Thunderbird is a standalone mail and newsgroup client.\n\n A cross-site scripting (XSS) flaw was found in the way Thunderbird handled\n certain multibyte character sets. Malicious, remote content could cause\n Thunderbird to run JavaScript code with the permissions of different remote\n content. (CVE-2011-3648)\n \n Note: This issue cannot be exploited by a specially-crafted HTML mail\n message as JavaScript is disabled by default for mail messages. It could be\n exploited another way in Thunderbird, for example, when viewing the full\n remote content of an RSS feed.\n \n All Thunderbird users should upgrade to this updated package, which\n resolves this issue. All running instances of Thunderbird must be restarted\n for the update to take effect.\";\n\ntag_affected = \"thunderbird on CentOS 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2011-November/018184.html\");\n script_id(881262);\n script_version(\"$Revision: 8267 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-02 07:29:17 +0100 (Tue, 02 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 17:13:32 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2011-3648\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_xref(name: \"CESA\", value: \"2011:1438\");\n script_name(\"CentOS Update for thunderbird CESA-2011:1438 centos4 x86_64\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of thunderbird\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"thunderbird\", rpm:\"thunderbird~1.5.0.12~45.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-09-02T00:00:23", "references": ["2011:1438", "http://lists.centos.org/pipermail/centos-announce/2011-November/018184.html"], "pluginID": "1361412562310881262", "description": "Check for the Version of thunderbird", "edition": 3, "reporter": "Copyright (c) 2012 Greenbone Networks GmbH", "published": "2012-07-30T00:00:00", "title": "CentOS Update for thunderbird CESA-2011:1438 centos4 x86_64", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 4.3}}, "naslFamily": "CentOS Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-3648"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310881262", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881262", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for thunderbird CESA-2011:1438 centos4 x86_64\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Mozilla Thunderbird is a standalone mail and newsgroup client.\n\n A cross-site scripting (XSS) flaw was found in the way Thunderbird handled\n certain multibyte character sets. Malicious, remote content could cause\n Thunderbird to run JavaScript code with the permissions of different remote\n content. (CVE-2011-3648)\n \n Note: This issue cannot be exploited by a specially-crafted HTML mail\n message as JavaScript is disabled by default for mail messages. It could be\n exploited another way in Thunderbird, for example, when viewing the full\n remote content of an RSS feed.\n \n All Thunderbird users should upgrade to this updated package, which\n resolves this issue. All running instances of Thunderbird must be restarted\n for the update to take effect.\";\n\ntag_affected = \"thunderbird on CentOS 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2011-November/018184.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.881262\");\n script_version(\"$Revision: 9352 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:13:02 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 17:13:32 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2011-3648\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_xref(name: \"CESA\", value: \"2011:1438\");\n script_name(\"CentOS Update for thunderbird CESA-2011:1438 centos4 x86_64\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of thunderbird\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"thunderbird\", rpm:\"thunderbird~1.5.0.12~45.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-09-02T00:03:52", "references": ["http://lists.centos.org/pipermail/centos-announce/2011-November/018183.html", "2011:1438"], "pluginID": "1361412562310881041", "description": "Check for the Version of thunderbird", "edition": 4, "reporter": "Copyright (c) 2011 Greenbone Networks GmbH", "published": "2011-11-11T00:00:00", "title": "CentOS Update for thunderbird CESA-2011:1438 centos4 i386", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 4.3}}, "naslFamily": "CentOS Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-3648"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310881041", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881041", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for thunderbird CESA-2011:1438 centos4 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Mozilla Thunderbird is a standalone mail and newsgroup client.\n\n A cross-site scripting (XSS) flaw was found in the way Thunderbird handled\n certain multibyte character sets. Malicious, remote content could cause\n Thunderbird to run JavaScript code with the permissions of different remote\n content. (CVE-2011-3648)\n\n Note: This issue cannot be exploited by a specially-crafted HTML mail\n message as JavaScript is disabled by default for mail messages. It could be\n exploited another way in Thunderbird, for example, when viewing the full\n remote content of an RSS feed.\n\n All Thunderbird users should upgrade to this updated package, which\n resolves this issue. All running instances of Thunderbird must be restarted\n for the update to take effect.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"thunderbird on CentOS 4\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2011-November/018183.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.881041\");\n script_version(\"$Revision: 9371 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:55:06 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2011-11-11 09:54:50 +0530 (Fri, 11 Nov 2011)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_xref(name: \"CESA\", value: \"2011:1438\");\n script_cve_id(\"CVE-2011-3648\");\n script_name(\"CentOS Update for thunderbird CESA-2011:1438 centos4 i386\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of thunderbird\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"thunderbird\", rpm:\"thunderbird~1.5.0.12~45.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-11-23T15:18:45", "references": ["2011:1438-01", "https://www.redhat.com/archives/rhsa-announce/2011-November/msg00007.html"], "pluginID": "1361412562310870514", "description": "The remote host is missing an update for the ", "edition": 7, "reporter": "Copyright (c) 2011 Greenbone Networks GmbH", "published": "2011-11-11T00:00:00", "title": "RedHat Update for thunderbird RHSA-2011:1438-01", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 4.3}}, "naslFamily": "Red Hat Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-3648"], "modified": "2018-11-23T00:00:00", "id": "OPENVAS:1361412562310870514", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870514", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for thunderbird RHSA-2011:1438-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2011-November/msg00007.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870514\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2011-11-11 09:53:30 +0530 (Fri, 11 Nov 2011)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_xref(name:\"RHSA\", value:\"2011:1438-01\");\n script_cve_id(\"CVE-2011-3648\");\n script_name(\"RedHat Update for thunderbird RHSA-2011:1438-01\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'thunderbird'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_4\");\n script_tag(name:\"affected\", value:\"thunderbird on Red Hat Enterprise Linux AS version 4,\n Red Hat Enterprise Linux ES version 4,\n Red Hat Enterprise Linux WS version 4\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"Mozilla Thunderbird is a standalone mail and newsgroup client.\n\n A cross-site scripting (XSS) flaw was found in the way Thunderbird handled\n certain multibyte character sets. Malicious, remote content could cause\n Thunderbird to run JavaScript code with the permissions of different remote\n content. (CVE-2011-3648)\n\n Note: This issue cannot be exploited by a specially-crafted HTML mail\n message as JavaScript is disabled by default for mail messages. It could be\n exploited another way in Thunderbird, for example, when viewing the full\n remote content of an RSS feed.\n\n All Thunderbird users should upgrade to this updated package, which\n resolves this issue. All running instances of Thunderbird must be restarted\n for the update to take effect.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_4\")\n{\n\n if ((res = isrpmvuln(pkg:\"thunderbird\", rpm:\"thunderbird~1.5.0.12~45.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"thunderbird-debuginfo\", rpm:\"thunderbird-debuginfo~1.5.0.12~45.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-07-27T10:55:28", "references": ["2011:1438-01", "https://www.redhat.com/archives/rhsa-announce/2011-November/msg00007.html"], "pluginID": "870514", "description": "Check for the Version of thunderbird", "edition": 2, "reporter": "Copyright (c) 2011 Greenbone Networks GmbH", "published": "2011-11-11T00:00:00", "title": "RedHat Update for thunderbird RHSA-2011:1438-01", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 4.3}}, "naslFamily": "Red Hat Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-3648"], "modified": "2017-07-12T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=870514", "id": "OPENVAS:870514", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for thunderbird RHSA-2011:1438-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Mozilla Thunderbird is a standalone mail and newsgroup client.\n\n A cross-site scripting (XSS) flaw was found in the way Thunderbird handled\n certain multibyte character sets. Malicious, remote content could cause\n Thunderbird to run JavaScript code with the permissions of different remote\n content. (CVE-2011-3648)\n\n Note: This issue cannot be exploited by a specially-crafted HTML mail\n message as JavaScript is disabled by default for mail messages. It could be\n exploited another way in Thunderbird, for example, when viewing the full\n remote content of an RSS feed.\n\n All Thunderbird users should upgrade to this updated package, which\n resolves this issue. All running instances of Thunderbird must be restarted\n for the update to take effect.\";\n\ntag_affected = \"thunderbird on Red Hat Enterprise Linux AS version 4,\n Red Hat Enterprise Linux ES version 4,\n Red Hat Enterprise Linux WS version 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2011-November/msg00007.html\");\n script_id(870514);\n script_version(\"$Revision: 6685 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:44:46 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-11-11 09:53:30 +0530 (Fri, 11 Nov 2011)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_xref(name: \"RHSA\", value: \"2011:1438-01\");\n script_cve_id(\"CVE-2011-3648\");\n script_name(\"RedHat Update for thunderbird RHSA-2011:1438-01\");\n\n script_summary(\"Check for the Version of thunderbird\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_4\")\n{\n\n if ((res = isrpmvuln(pkg:\"thunderbird\", rpm:\"thunderbird~1.5.0.12~45.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"thunderbird-debuginfo\", rpm:\"thunderbird-debuginfo~1.5.0.12~45.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "nessus": [{"lastseen": "2018-11-11T13:01:22", "references": ["http://www.nessus.org/u?6d11cf27", "http://www.nessus.org/u?ed5b2ae0"], "pluginID": "56783", "description": "Updated SeaMonkey packages that fix one security issue are now available for Red Hat Enterprise Linux 4.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nSeaMonkey is an open source web browser, email and newsgroup client, IRC chat client, and HTML editor.\n\nA cross-site scripting (XSS) flaw was found in the way SeaMonkey handled certain multibyte character sets. A web page containing malicious content could cause SeaMonkey to run JavaScript code with the permissions of a different website. (CVE-2011-3648)\n\nAll SeaMonkey users should upgrade to these updated packages, which correct this issue. After installing the update, SeaMonkey must be restarted for the changes to take effect.", "edition": 7, "reporter": "Tenable", "published": "2011-11-14T00:00:00", "title": "CentOS 4 : seamonkey (CESA-2011:1440)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "CentOS Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-3648"], "modified": "2018-11-10T00:00:00", "cpe": ["p-cpe:/a:centos:centos:seamonkey-mail", "p-cpe:/a:centos:centos:seamonkey-dom-inspector", "p-cpe:/a:centos:centos:seamonkey-chat", "cpe:/o:centos:centos:4", "p-cpe:/a:centos:centos:seamonkey", "p-cpe:/a:centos:centos:seamonkey-js-debugger", "p-cpe:/a:centos:centos:seamonkey-devel"], "id": "CENTOS_RHSA-2011-1440.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=56783", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2011:1440 and \n# CentOS Errata and Security Advisory 2011:1440 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(56783);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2018/11/10 11:49:29\");\n\n script_cve_id(\"CVE-2011-3648\");\n script_xref(name:\"RHSA\", value:\"2011:1440\");\n\n script_name(english:\"CentOS 4 : seamonkey (CESA-2011:1440)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated SeaMonkey packages that fix one security issue are now\navailable for Red Hat Enterprise Linux 4.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nSeaMonkey is an open source web browser, email and newsgroup client,\nIRC chat client, and HTML editor.\n\nA cross-site scripting (XSS) flaw was found in the way SeaMonkey\nhandled certain multibyte character sets. A web page containing\nmalicious content could cause SeaMonkey to run JavaScript code with\nthe permissions of a different website. (CVE-2011-3648)\n\nAll SeaMonkey users should upgrade to these updated packages, which\ncorrect this issue. After installing the update, SeaMonkey must be\nrestarted for the changes to take effect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2011-November/018181.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6d11cf27\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2011-November/018182.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ed5b2ae0\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected seamonkey packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:seamonkey\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:seamonkey-chat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:seamonkey-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:seamonkey-dom-inspector\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:seamonkey-js-debugger\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:seamonkey-mail\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:4\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/11/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"seamonkey-1.0.9-77.el4.centos\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"seamonkey-1.0.9-77.el4.centos\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"seamonkey-chat-1.0.9-77.el4.centos\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"seamonkey-chat-1.0.9-77.el4.centos\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"seamonkey-devel-1.0.9-77.el4.centos\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"seamonkey-devel-1.0.9-77.el4.centos\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"seamonkey-dom-inspector-1.0.9-77.el4.centos\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"seamonkey-dom-inspector-1.0.9-77.el4.centos\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"seamonkey-js-debugger-1.0.9-77.el4.centos\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"seamonkey-js-debugger-1.0.9-77.el4.centos\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"seamonkey-mail-1.0.9-77.el4.centos\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"seamonkey-mail-1.0.9-77.el4.centos\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-09-01T23:38:56", "references": ["https://oss.oracle.com/pipermail/el-errata/2011-November/002458.html"], "pluginID": "68385", "description": "From Red Hat Security Advisory 2011:1438 :\n\nAn updated thunderbird package that fixes one security issue is now available for Red Hat Enterprise Linux 4 and 5.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nA cross-site scripting (XSS) flaw was found in the way Thunderbird handled certain multibyte character sets. Malicious, remote content could cause Thunderbird to run JavaScript code with the permissions of different remote content. (CVE-2011-3648)\n\nNote: This issue cannot be exploited by a specially crafted HTML mail message as JavaScript is disabled by default for mail messages. It could be exploited another way in Thunderbird, for example, when viewing the full remote content of an RSS feed.\n\nAll Thunderbird users should upgrade to this updated package, which resolves this issue. All running instances of Thunderbird must be restarted for the update to take effect.", "edition": 5, "reporter": "Tenable", "published": "2013-07-12T00:00:00", "title": "Oracle Linux 4 : thunderbird (ELSA-2011-1438)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 4.3}}, "naslFamily": "Oracle Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-3648"], "modified": "2018-08-13T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:thunderbird", "cpe:/o:oracle:linux:4"], "id": "ORACLELINUX_ELSA-2011-1438.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=68385", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2011:1438 and \n# Oracle Linux Security Advisory ELSA-2011-1438 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(68385);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2018/08/13 14:32:37\");\n\n script_cve_id(\"CVE-2011-3648\");\n script_xref(name:\"RHSA\", value:\"2011:1438\");\n\n script_name(english:\"Oracle Linux 4 : thunderbird (ELSA-2011-1438)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2011:1438 :\n\nAn updated thunderbird package that fixes one security issue is now\navailable for Red Hat Enterprise Linux 4 and 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nA cross-site scripting (XSS) flaw was found in the way Thunderbird\nhandled certain multibyte character sets. Malicious, remote content\ncould cause Thunderbird to run JavaScript code with the permissions of\ndifferent remote content. (CVE-2011-3648)\n\nNote: This issue cannot be exploited by a specially crafted HTML mail\nmessage as JavaScript is disabled by default for mail messages. It\ncould be exploited another way in Thunderbird, for example, when\nviewing the full remote content of an RSS feed.\n\nAll Thunderbird users should upgrade to this updated package, which\nresolves this issue. All running instances of Thunderbird must be\nrestarted for the update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2011-November/002458.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected thunderbird package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/11/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 4\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL4\", reference:\"thunderbird-1.5.0.12-45.0.1.el4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"thunderbird\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-11-11T12:39:25", "references": ["http://www.nessus.org/u?5b5067a4", "http://www.nessus.org/u?a7011d23", "http://www.nessus.org/u?9e022d95", "http://www.nessus.org/u?fe497e27"], "pluginID": "56782", "description": "An updated thunderbird package that fixes one security issue is now available for Red Hat Enterprise Linux 4 and 5.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nA cross-site scripting (XSS) flaw was found in the way Thunderbird handled certain multibyte character sets. Malicious, remote content could cause Thunderbird to run JavaScript code with the permissions of different remote content. (CVE-2011-3648)\n\nNote: This issue cannot be exploited by a specially crafted HTML mail message as JavaScript is disabled by default for mail messages. It could be exploited another way in Thunderbird, for example, when viewing the full remote content of an RSS feed.\n\nAll Thunderbird users should upgrade to this updated package, which resolves this issue. All running instances of Thunderbird must be restarted for the update to take effect.", "edition": 7, "reporter": "Tenable", "published": "2011-11-14T00:00:00", "title": "CentOS 4 / 5 : thunderbird (CESA-2011:1438)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 4.3}}, "naslFamily": "CentOS Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-3648"], "modified": "2018-11-10T00:00:00", "cpe": ["cpe:/o:centos:centos:4", "p-cpe:/a:centos:centos:thunderbird", "cpe:/o:centos:centos:5"], "id": "CENTOS_RHSA-2011-1438.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=56782", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2011:1438 and \n# CentOS Errata and Security Advisory 2011:1438 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(56782);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2018/11/10 11:49:29\");\n\n script_cve_id(\"CVE-2011-3648\");\n script_xref(name:\"RHSA\", value:\"2011:1438\");\n\n script_name(english:\"CentOS 4 / 5 : thunderbird (CESA-2011:1438)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated thunderbird package that fixes one security issue is now\navailable for Red Hat Enterprise Linux 4 and 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nA cross-site scripting (XSS) flaw was found in the way Thunderbird\nhandled certain multibyte character sets. Malicious, remote content\ncould cause Thunderbird to run JavaScript code with the permissions of\ndifferent remote content. (CVE-2011-3648)\n\nNote: This issue cannot be exploited by a specially crafted HTML mail\nmessage as JavaScript is disabled by default for mail messages. It\ncould be exploited another way in Thunderbird, for example, when\nviewing the full remote content of an RSS feed.\n\nAll Thunderbird users should upgrade to this updated package, which\nresolves this issue. All running instances of Thunderbird must be\nrestarted for the update to take effect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2011-November/018183.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a7011d23\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2011-November/018184.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?9e022d95\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2011-November/018189.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?fe497e27\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2011-November/018190.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5b5067a4\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected thunderbird package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/11/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"thunderbird-1.5.0.12-45.el4.centos\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"thunderbird-1.5.0.12-45.el4.centos\")) flag++;\n\nif (rpm_check(release:\"CentOS-5\", reference:\"thunderbird-2.0.0.24-27.el5.centos\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-11-27T05:15:41", "references": ["https://access.redhat.com/security/cve/cve-2011-3648", "https://access.redhat.com/errata/RHSA-2011:1440"], "pluginID": "56744", "description": "Updated SeaMonkey packages that fix one security issue are now available for Red Hat Enterprise Linux 4.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nSeaMonkey is an open source web browser, email and newsgroup client, IRC chat client, and HTML editor.\n\nA cross-site scripting (XSS) flaw was found in the way SeaMonkey handled certain multibyte character sets. A web page containing malicious content could cause SeaMonkey to run JavaScript code with the permissions of a different website. (CVE-2011-3648)\n\nAll SeaMonkey users should upgrade to these updated packages, which correct this issue. After installing the update, SeaMonkey must be restarted for the changes to take effect.", "edition": 8, "reporter": "Tenable", "published": "2011-11-09T00:00:00", "title": "RHEL 4 : seamonkey (RHSA-2011:1440)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Red Hat Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-3648"], "modified": "2018-11-26T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:4", "p-cpe:/a:redhat:enterprise_linux:seamonkey", "p-cpe:/a:redhat:enterprise_linux:seamonkey-js-debugger", "p-cpe:/a:redhat:enterprise_linux:seamonkey-devel", "p-cpe:/a:redhat:enterprise_linux:seamonkey-mail", "p-cpe:/a:redhat:enterprise_linux:seamonkey-chat", "p-cpe:/a:redhat:enterprise_linux:seamonkey-dom-inspector"], "id": "REDHAT-RHSA-2011-1440.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=56744", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2011:1440. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(56744);\n script_version (\"1.15\");\n script_cvs_date(\"Date: 2018/11/26 11:02:15\");\n\n script_cve_id(\"CVE-2011-3648\");\n script_xref(name:\"RHSA\", value:\"2011:1440\");\n\n script_name(english:\"RHEL 4 : seamonkey (RHSA-2011:1440)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated SeaMonkey packages that fix one security issue are now\navailable for Red Hat Enterprise Linux 4.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nSeaMonkey is an open source web browser, email and newsgroup client,\nIRC chat client, and HTML editor.\n\nA cross-site scripting (XSS) flaw was found in the way SeaMonkey\nhandled certain multibyte character sets. A web page containing\nmalicious content could cause SeaMonkey to run JavaScript code with\nthe permissions of a different website. (CVE-2011-3648)\n\nAll SeaMonkey users should upgrade to these updated packages, which\ncorrect this issue. After installing the update, SeaMonkey must be\nrestarted for the changes to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-3648\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2011:1440\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:seamonkey\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:seamonkey-chat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:seamonkey-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:seamonkey-dom-inspector\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:seamonkey-js-debugger\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:seamonkey-mail\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/11/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/11/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2011:1440\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL4\", reference:\"seamonkey-1.0.9-77.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"seamonkey-chat-1.0.9-77.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"seamonkey-devel-1.0.9-77.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"seamonkey-dom-inspector-1.0.9-77.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"seamonkey-js-debugger-1.0.9-77.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"seamonkey-mail-1.0.9-77.el4\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"seamonkey / seamonkey-chat / seamonkey-devel / etc\");\n }\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-11-27T05:18:44", "references": ["https://access.redhat.com/security/cve/cve-2011-3648", "https://access.redhat.com/errata/RHSA-2011:1438"], "pluginID": "56742", "description": "An updated thunderbird package that fixes one security issue is now available for Red Hat Enterprise Linux 4 and 5.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nA cross-site scripting (XSS) flaw was found in the way Thunderbird handled certain multibyte character sets. Malicious, remote content could cause Thunderbird to run JavaScript code with the permissions of different remote content. (CVE-2011-3648)\n\nNote: This issue cannot be exploited by a specially crafted HTML mail message as JavaScript is disabled by default for mail messages. It could be exploited another way in Thunderbird, for example, when viewing the full remote content of an RSS feed.\n\nAll Thunderbird users should upgrade to this updated package, which resolves this issue. All running instances of Thunderbird must be restarted for the update to take effect.", "edition": 8, "reporter": "Tenable", "published": "2011-11-09T00:00:00", "title": "RHEL 4 / 5 : thunderbird (RHSA-2011:1438)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Red Hat Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-3648"], "modified": "2018-11-26T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:4", "cpe:/o:redhat:enterprise_linux:5", "p-cpe:/a:redhat:enterprise_linux:thunderbird"], "id": "REDHAT-RHSA-2011-1438.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=56742", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2011:1438. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(56742);\n script_version (\"1.16\");\n script_cvs_date(\"Date: 2018/11/26 11:02:15\");\n\n script_cve_id(\"CVE-2011-3648\");\n script_xref(name:\"RHSA\", value:\"2011:1438\");\n\n script_name(english:\"RHEL 4 / 5 : thunderbird (RHSA-2011:1438)\");\n script_summary(english:\"Checks the rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated thunderbird package that fixes one security issue is now\navailable for Red Hat Enterprise Linux 4 and 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nA cross-site scripting (XSS) flaw was found in the way Thunderbird\nhandled certain multibyte character sets. Malicious, remote content\ncould cause Thunderbird to run JavaScript code with the permissions of\ndifferent remote content. (CVE-2011-3648)\n\nNote: This issue cannot be exploited by a specially crafted HTML mail\nmessage as JavaScript is disabled by default for mail messages. It\ncould be exploited another way in Thunderbird, for example, when\nviewing the full remote content of an RSS feed.\n\nAll Thunderbird users should upgrade to this updated package, which\nresolves this issue. All running instances of Thunderbird must be\nrestarted for the update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-3648\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2011:1438\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected thunderbird package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/11/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/11/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x / 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2011:1438\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL4\", reference:\"thunderbird-1.5.0.12-45.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"thunderbird-2.0.0.24-27.el5_7\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"thunderbird-2.0.0.24-27.el5_7\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"thunderbird\");\n }\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-09-02T00:10:33", "references": ["http://www.nessus.org/u?0792f37d"], "pluginID": "61172", "description": "SeaMonkey is an open source web browser, email and newsgroup client, IRC chat client, and HTML editor.\n\nA cross-site scripting (XSS) flaw was found in the way SeaMonkey handled certain multibyte character sets. A web page containing malicious content could cause SeaMonkey to run JavaScript code with the permissions of a different website. (CVE-2011-3648) All SeaMonkey users should upgrade to these updated packages, which correct this issue. After installing the update, SeaMonkey must be restarted for the changes to take effect.", "edition": 4, "reporter": "Tenable", "published": "2012-08-01T00:00:00", "title": "Scientific Linux Security Update : seamonkey on SL4.x i386/x86_64", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 4.3}}, "naslFamily": "Scientific Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-3648"], "modified": "2012-08-01T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20111108_SEAMONKEY_ON_SL4_X.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=61172", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(61172);\n script_version(\"$Revision: 1.1 $\");\n script_cvs_date(\"$Date: 2012/08/01 14:38:56 $\");\n\n script_cve_id(\"CVE-2011-3648\");\n\n script_name(english:\"Scientific Linux Security Update : seamonkey on SL4.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"SeaMonkey is an open source web browser, email and newsgroup client,\nIRC chat client, and HTML editor.\n\nA cross-site scripting (XSS) flaw was found in the way SeaMonkey\nhandled certain multibyte character sets. A web page containing\nmalicious content could cause SeaMonkey to run JavaScript code with\nthe permissions of a different website. (CVE-2011-3648) All SeaMonkey\nusers should upgrade to these updated packages, which correct this\nissue. After installing the update, SeaMonkey must be restarted for\nthe changes to take effect.\"\n );\n # http://listserv.fnal.gov/scripts/wa.exe?A2=ind1111&L=scientific-linux-errata&T=0&P=1488\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0792f37d\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/11/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012 Tenable Network Security, Inc.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL4\", reference:\"seamonkey-1.0.9-77.el4\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"seamonkey-chat-1.0.9-77.el4\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"seamonkey-debuginfo-1.0.9-77.el4\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"seamonkey-devel-1.0.9-77.el4\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"seamonkey-dom-inspector-1.0.9-77.el4\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"seamonkey-js-debugger-1.0.9-77.el4\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"seamonkey-mail-1.0.9-77.el4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-09-01T23:52:23", "references": ["http://www.nessus.org/u?a350531f"], "pluginID": "61173", "description": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nA cross-site scripting (XSS) flaw was found in the way Thunderbird handled certain multibyte character sets. Malicious, remote content could cause Thunderbird to run JavaScript code with the permissions of different remote content. (CVE-2011-3648)\n\nNote: This issue cannot be exploited by a specially crafted HTML mail message as JavaScript is disabled by default for mail messages. It could be exploited another way in Thunderbird, for example, when viewing the full remote content of an RSS feed.\n\nAll Thunderbird users should upgrade to this updated package, which resolves this issue. All running instances of Thunderbird must be restarted for the update to take effect.", "edition": 4, "reporter": "Tenable", "published": "2012-08-01T00:00:00", "title": "Scientific Linux Security Update : thunderbird on SL4.x, SL5.x i386/x86_64", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 4.3}}, "naslFamily": "Scientific Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-3648"], "modified": "2014-08-16T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20111108_THUNDERBIRD_ON_SL4_X.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=61173", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(61173);\n script_version(\"$Revision: 1.2 $\");\n script_cvs_date(\"$Date: 2014/08/16 19:47:27 $\");\n\n script_cve_id(\"CVE-2011-3648\");\n\n script_name(english:\"Scientific Linux Security Update : thunderbird on SL4.x, SL5.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nA cross-site scripting (XSS) flaw was found in the way Thunderbird\nhandled certain multibyte character sets. Malicious, remote content\ncould cause Thunderbird to run JavaScript code with the permissions of\ndifferent remote content. (CVE-2011-3648)\n\nNote: This issue cannot be exploited by a specially crafted HTML mail\nmessage as JavaScript is disabled by default for mail messages. It\ncould be exploited another way in Thunderbird, for example, when\nviewing the full remote content of an RSS feed.\n\nAll Thunderbird users should upgrade to this updated package, which\nresolves this issue. All running instances of Thunderbird must be\nrestarted for the update to take effect.\"\n );\n # http://listserv.fnal.gov/scripts/wa.exe?A2=ind1111&L=scientific-linux-errata&T=0&P=1223\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a350531f\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected thunderbird and / or thunderbird-debuginfo\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/11/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2014 Tenable Network Security, Inc.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL4\", reference:\"thunderbird-1.5.0.12-45.el4\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"thunderbird-debuginfo-1.5.0.12-45.el4\")) flag++;\n\nif (rpm_check(release:\"SL5\", reference:\"thunderbird-2.0.0.24-27.el5_7\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"thunderbird-debuginfo-2.0.0.24-27.el5_7\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-09-01T23:46:02", "references": ["https://oss.oracle.com/pipermail/el-errata/2011-November/002459.html"], "pluginID": "68387", "description": "From Red Hat Security Advisory 2011:1440 :\n\nUpdated SeaMonkey packages that fix one security issue are now available for Red Hat Enterprise Linux 4.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nSeaMonkey is an open source web browser, email and newsgroup client, IRC chat client, and HTML editor.\n\nA cross-site scripting (XSS) flaw was found in the way SeaMonkey handled certain multibyte character sets. A web page containing malicious content could cause SeaMonkey to run JavaScript code with the permissions of a different website. (CVE-2011-3648)\n\nAll SeaMonkey users should upgrade to these updated packages, which correct this issue. After installing the update, SeaMonkey must be restarted for the changes to take effect.", "edition": 5, "reporter": "Tenable", "published": "2013-07-12T00:00:00", "title": "Oracle Linux 4 : seamonkey (ELSA-2011-1440)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Oracle Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-3648"], "modified": "2018-08-13T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:seamonkey-mail", "p-cpe:/a:oracle:linux:seamonkey-devel", "p-cpe:/a:oracle:linux:seamonkey", "p-cpe:/a:oracle:linux:seamonkey-dom-inspector", "cpe:/o:oracle:linux:4", "p-cpe:/a:oracle:linux:seamonkey-js-debugger", "p-cpe:/a:oracle:linux:seamonkey-chat"], "id": "ORACLELINUX_ELSA-2011-1440.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=68387", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2011:1440 and \n# Oracle Linux Security Advisory ELSA-2011-1440 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(68387);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2018/08/13 14:32:37\");\n\n script_cve_id(\"CVE-2011-3648\");\n script_xref(name:\"RHSA\", value:\"2011:1440\");\n\n script_name(english:\"Oracle Linux 4 : seamonkey (ELSA-2011-1440)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2011:1440 :\n\nUpdated SeaMonkey packages that fix one security issue are now\navailable for Red Hat Enterprise Linux 4.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nSeaMonkey is an open source web browser, email and newsgroup client,\nIRC chat client, and HTML editor.\n\nA cross-site scripting (XSS) flaw was found in the way SeaMonkey\nhandled certain multibyte character sets. A web page containing\nmalicious content could cause SeaMonkey to run JavaScript code with\nthe permissions of a different website. (CVE-2011-3648)\n\nAll SeaMonkey users should upgrade to these updated packages, which\ncorrect this issue. After installing the update, SeaMonkey must be\nrestarted for the changes to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2011-November/002459.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected seamonkey packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:seamonkey\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:seamonkey-chat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:seamonkey-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:seamonkey-dom-inspector\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:seamonkey-js-debugger\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:seamonkey-mail\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/11/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 4\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL4\", reference:\"seamonkey-1.0.9-77.0.1.el4\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"seamonkey-chat-1.0.9-77.0.1.el4\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"seamonkey-devel-1.0.9-77.0.1.el4\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"seamonkey-dom-inspector-1.0.9-77.0.1.el4\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"seamonkey-js-debugger-1.0.9-77.0.1.el4\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"seamonkey-mail-1.0.9-77.0.1.el4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"seamonkey / seamonkey-chat / seamonkey-devel / etc\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-09-01T23:39:39", "references": ["https://oss.oracle.com/pipermail/el-errata/2011-November/002455.html"], "pluginID": "68386", "description": "From Red Hat Security Advisory 2011:1439 :\n\nAn updated thunderbird package that fixes multiple security issues is now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nA flaw was found in the way Thunderbird handled certain add-ons.\nMalicious, remote content could cause an add-on to elevate its privileges, which could lead to arbitrary code execution with the privileges of the user running Thunderbird. (CVE-2011-3647)\n\nA cross-site scripting (XSS) flaw was found in the way Thunderbird handled certain multibyte character sets. Malicious, remote content could cause Thunderbird to run JavaScript code with the permissions of different remote content. (CVE-2011-3648)\n\nA flaw was found in the way Thunderbird handled large JavaScript scripts. Malicious, remote content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2011-3650)\n\nAll Thunderbird users should upgrade to this updated package, which resolves these issues. All running instances of Thunderbird must be restarted for the update to take effect.", "edition": 5, "reporter": "Tenable", "published": "2013-07-12T00:00:00", "title": "Oracle Linux 6 : thunderbird (ELSA-2011-1439)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "naslFamily": "Oracle Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-3648", "CVE-2011-3650", "CVE-2011-3647"], "modified": "2018-07-18T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:thunderbird"], "id": "ORACLELINUX_ELSA-2011-1439.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=68386", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2011:1439 and \n# Oracle Linux Security Advisory ELSA-2011-1439 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(68386);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2018/07/18 17:43:56\");\n\n script_cve_id(\"CVE-2011-3647\", \"CVE-2011-3648\", \"CVE-2011-3650\");\n script_bugtraq_id(50589, 50593, 50595);\n script_xref(name:\"RHSA\", value:\"2011:1439\");\n\n script_name(english:\"Oracle Linux 6 : thunderbird (ELSA-2011-1439)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2011:1439 :\n\nAn updated thunderbird package that fixes multiple security issues is\nnow available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\ncritical security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nA flaw was found in the way Thunderbird handled certain add-ons.\nMalicious, remote content could cause an add-on to elevate its\nprivileges, which could lead to arbitrary code execution with the\nprivileges of the user running Thunderbird. (CVE-2011-3647)\n\nA cross-site scripting (XSS) flaw was found in the way Thunderbird\nhandled certain multibyte character sets. Malicious, remote content\ncould cause Thunderbird to run JavaScript code with the permissions of\ndifferent remote content. (CVE-2011-3648)\n\nA flaw was found in the way Thunderbird handled large JavaScript\nscripts. Malicious, remote content could cause Thunderbird to crash\nor, potentially, execute arbitrary code with the privileges of the\nuser running Thunderbird. (CVE-2011-3650)\n\nAll Thunderbird users should upgrade to this updated package, which\nresolves these issues. All running instances of Thunderbird must be\nrestarted for the update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2011-November/002455.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected thunderbird package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/11/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", reference:\"thunderbird-3.1.16-2.0.1.el6_1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"thunderbird\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:34:51", "references": ["https://www.mozilla.org/en-US/security/advisories/mfsa2011-49/", "https://www.mozilla.org/en-US/security/advisories/mfsa2011-47/", "https://www.mozilla.org/en-US/security/advisories/mfsa2011-46/"], "pluginID": "56752", "description": "The installed version of Thunderbird 3.1.x is earlier than 3.1.16 and is potentially affected by the following vulnerabilities:\n\n - There is an error within the JSSubScriptLoader that incorrectly unwraps 'XPCNativeWrappers'. By tricking a user into installing a malicious plug-in, an attacker could exploit this issue to execute arbitrary code.\n (CVE-2011-3647)\n\n - Certain invalid sequences are not handled properly in 'Shift-JIS' encoding and can allow cross-site scripting attacks. (CVE-2011-3648)\n\n - Profiling JavaScript files with many functions can cause the application to crash. It may be possible to trigger this behavior even when the debugging APIs are not being used. (CVE-2011-3650)", "edition": 6, "reporter": "Tenable", "published": "2011-11-09T00:00:00", "title": "Mozilla Thunderbird 3.1.x < 3.1.16 Multiple Vulnerabilities", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "naslFamily": "Windows", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-3648", "CVE-2011-3650", "CVE-2011-3647"], "modified": "2018-07-16T00:00:00", "cpe": ["cpe:/a:mozilla:thunderbird"], "id": "MOZILLA_THUNDERBIRD_3116.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=56752", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(56752);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2018/07/16 14:09:15\");\n\n script_cve_id(\"CVE-2011-3647\", \"CVE-2011-3648\", \"CVE-2011-3650\");\n script_bugtraq_id(50589, 50593, 50595);\n\n script_name(english:\"Mozilla Thunderbird 3.1.x < 3.1.16 Multiple Vulnerabilities\");\n script_summary(english:\"Checks version of Thunderbird\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host contains a mail client that is potentially\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The installed version of Thunderbird 3.1.x is earlier than 3.1.16 and\nis potentially affected by the following vulnerabilities:\n\n - There is an error within the JSSubScriptLoader that\n incorrectly unwraps 'XPCNativeWrappers'. By tricking\n a user into installing a malicious plug-in, an attacker\n could exploit this issue to execute arbitrary code.\n (CVE-2011-3647)\n\n - Certain invalid sequences are not handled properly in\n 'Shift-JIS' encoding and can allow cross-site scripting\n attacks. (CVE-2011-3648)\n\n - Profiling JavaScript files with many functions can cause\n the application to crash. It may be possible to trigger\n this behavior even when the debugging APIs are not being\n used. (CVE-2011-3650)\");\n\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2011-46/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2011-47/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2011-49/\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Thunderbird 3.1.16 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/11/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/11/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/11/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:thunderbird\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"mozilla_org_installed.nasl\");\n script_require_keys(\"Mozilla/Thunderbird/Version\");\n exit(0);\n}\n\ninclude(\"mozilla_version.inc\");\nport = get_kb_item_or_exit(\"SMB/transport\");\n\ninstalls = get_kb_list(\"SMB/Mozilla/Thunderbird/*\");\nif (isnull(installs)) audit(AUDIT_NOT_INST, \"Thunderbird\");\n\nmozilla_check_version(installs:installs, product:'thunderbird', esr:FALSE, fix:'3.1.16', min:'3.1.0', severity:SECURITY_HOLE);", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:42", "references": [], "description": "Mozilla Foundation Security Advisory 2011-47\r\n\r\nTitle: Potential XSS against sites using Shift-JIS\r\nImpact: High\r\nAnnounced: November 8, 2011\r\nReporter: Yosuke Hasegawa\r\nProducts: Firefox, Thunderbird\r\n\r\nFixed in: Firefox 8.0\r\n Firefox 3.6.24\r\n Thunderbird 8.0\r\n Thunderbird 3.1.16\r\nDescription\r\n\r\nYosuke Hasegawa reported that the Mozilla browser engine mishandled invalid sequences in the Shift-JIS encoding. When encountering an invalid pair Mozilla would turn the entire two-byte sequence into a single unknown character rather than an unknown character followed by a valid single-byte character. On some sites attackers may have been able to end their input with the first byte of a two byte sequence; when that input was later put into a page context it might cause the following delimiter (such as a double-quote) to be consumed, breaking the format of the page. Depending on the page this could potentially be used to steal data or inject script into the page.\r\n\r\nReferences\r\n\r\nhttps://bugzilla.mozilla.org/show_bug.cgi?id=690225\r\nCVE-2011-3648", "edition": 1, "reporter": "Securityvulns", "published": "2011-11-25T00:00:00", "title": "Mozilla Foundation Security Advisory 2011-47", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:42", "vector": "NONE", "value": 6.8}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2011-3648"], "modified": "2011-11-25T00:00:00", "id": "SECURITYVULNS:DOC:27343", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:27343", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-08-31T11:09:45", "references": ["https://vulners.com/securityvulns/securityvulns:doc:27347", "https://vulners.com/securityvulns/securityvulns:doc:27346", "https://vulners.com/securityvulns/securityvulns:doc:27345", "https://vulners.com/securityvulns/securityvulns:doc:27343", "https://vulners.com/securityvulns/securityvulns:doc:27348", "https://vulners.com/securityvulns/securityvulns:doc:27344", "https://vulners.com/securityvulns/securityvulns:doc:27342"], "description": "Crossite scripting, code execution, memory corruptions, information leakage.", "edition": 1, "reporter": "MOZILLA", "published": "2011-11-25T00:00:00", "title": "Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:09:45", "vector": "NONE", "value": 9.3}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "Firefox", "version": "3.6", "operator": "eq"}, {"name": "Firefox", "version": "8.0", "operator": "eq"}, {"name": "Thunderbird", "version": "8.0", "operator": "eq"}, {"name": "Thunderbird", "version": "3.1", "operator": "eq"}], "cvelist": ["CVE-2011-3648", "CVE-2011-3654", "CVE-2011-3652", "CVE-2011-3650", "CVE-2011-3647", "CVE-2011-3653", "CVE-2011-3649", "CVE-2011-3651", "CVE-2011-3655"], "modified": "2011-11-25T00:00:00", "id": "SECURITYVULNS:VULN:12053", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:12053", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "redhat": [{"lastseen": "2018-12-11T17:43:55", "_object_types": ["robots.models.redhat.RedHatBulletin", "robots.models.base.Bulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "4", "packageVersion": "1.0.9-77.el4", "arch": "x86_64", "packageName": "seamonkey", "packageFilename": "seamonkey-1.0.9-77.el4.x86_64.rpm", "operator": "lt"}], "description": "SeaMonkey is an open source web browser, email and newsgroup client, IRC\nchat client, and HTML editor.\n\nA cross-site scripting (XSS) flaw was found in the way SeaMonkey handled\ncertain multibyte character sets. A web page containing malicious content\ncould cause SeaMonkey to run JavaScript code with the permissions of a\ndifferent website. (CVE-2011-3648)\n \nAll SeaMonkey users should upgrade to these updated packages, which correct\nthis issue. After installing the update, SeaMonkey must be restarted for\nthe changes to take effect.\n", "reporter": "RedHat", "published": "2011-11-08T05:00:00", "type": "redhat", "title": "(RHSA-2011:1440) Moderate: seamonkey security update", "enchantments": {"score": {"vector": "NONE", "value": 4.3}}, "bulletinFamily": "unix", "cvelist": ["CVE-2011-3648"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2017-09-08T12:14:35", "id": "RHSA-2011:1440", "href": "https://access.redhat.com/errata/RHSA-2011:1440", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-12-11T17:41:26", "_object_types": ["robots.models.redhat.RedHatBulletin", "robots.models.base.Bulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "4", "packageVersion": "1.5.0.12-45.el4", "arch": "x86_64", "packageName": "thunderbird", "packageFilename": "thunderbird-1.5.0.12-45.el4.x86_64.rpm", "operator": "lt"}], "description": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nA cross-site scripting (XSS) flaw was found in the way Thunderbird handled\ncertain multibyte character sets. Malicious, remote content could cause\nThunderbird to run JavaScript code with the permissions of different remote\ncontent. (CVE-2011-3648)\n\nNote: This issue cannot be exploited by a specially-crafted HTML mail\nmessage as JavaScript is disabled by default for mail messages. It could be\nexploited another way in Thunderbird, for example, when viewing the full\nremote content of an RSS feed.\n\nAll Thunderbird users should upgrade to this updated package, which\nresolves this issue. All running instances of Thunderbird must be restarted\nfor the update to take effect.\n", "reporter": "RedHat", "published": "2011-11-08T05:00:00", "type": "redhat", "title": "(RHSA-2011:1438) Moderate: thunderbird security update", "enchantments": {"score": {"vector": "NONE", "value": 4.3}}, "bulletinFamily": "unix", "cvelist": ["CVE-2011-3648"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2017-09-08T12:19:48", "id": "RHSA-2011:1438", "href": "https://access.redhat.com/errata/RHSA-2011:1438", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-12-11T19:43:02", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "4", "packageVersion": "3.6.24-3.el4", "arch": "ia64", "packageName": "firefox", "packageFilename": "firefox-3.6.24-3.el4.ia64.rpm", "operator": "lt"}], "description": "Mozilla Firefox is an open source web browser. XULRunner provides the XUL\nRuntime environment for Mozilla Firefox.\n\nA flaw was found in the way Firefox handled certain add-ons. A web page\ncontaining malicious content could cause an add-on to grant itself full\nbrowser privileges, which could lead to arbitrary code execution with the\nprivileges of the user running Firefox. (CVE-2011-3647)\n\nA cross-site scripting (XSS) flaw was found in the way Firefox handled\ncertain multibyte character sets. A web page containing malicious content\ncould cause Firefox to run JavaScript code with the permissions of a\ndifferent website. (CVE-2011-3648)\n\nA flaw was found in the way Firefox handled large JavaScript scripts. A web\npage containing malicious JavaScript could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nFirefox. (CVE-2011-3650)\n\nFor technical details regarding these flaws, refer to the Mozilla security\nadvisories for Firefox 3.6.24. You can find a link to the Mozilla\nadvisories in the References section of this erratum.\n\nAll Firefox users should upgrade to these updated packages, which contain\nFirefox version 3.6.24, which corrects these issues. After installing the\nupdate, Firefox must be restarted for the changes to take effect.\n", "reporter": "RedHat", "published": "2011-11-08T05:00:00", "type": "redhat", "title": "(RHSA-2011:1437) Critical: firefox security update", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "bulletinFamily": "unix", "cvelist": ["CVE-2011-3647", "CVE-2011-3648", "CVE-2011-3650"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-06-06T20:24:33", "id": "RHSA-2011:1437", "href": "https://access.redhat.com/errata/RHSA-2011:1437", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-12-11T19:40:54", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "6", "packageVersion": "3.1.16-2.el6_1", "arch": "i686", "packageName": "thunderbird-debuginfo", "packageFilename": "thunderbird-debuginfo-3.1.16-2.el6_1.i686.rpm", "operator": "lt"}], "description": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nA flaw was found in the way Thunderbird handled certain add-ons. Malicious,\nremote content could cause an add-on to elevate its privileges, which could\nlead to arbitrary code execution with the privileges of the user running\nThunderbird. (CVE-2011-3647)\n\nA cross-site scripting (XSS) flaw was found in the way Thunderbird handled\ncertain multibyte character sets. Malicious, remote content could cause\nThunderbird to run JavaScript code with the permissions of different\nremote content. (CVE-2011-3648)\n\nA flaw was found in the way Thunderbird handled large JavaScript scripts.\nMalicious, remote content could cause Thunderbird to crash or, potentially,\nexecute arbitrary code with the privileges of the user running Thunderbird.\n(CVE-2011-3650)\n\nAll Thunderbird users should upgrade to this updated package, which\nresolves these issues. All running instances of Thunderbird must be\nrestarted for the update to take effect.\n", "reporter": "RedHat", "published": "2011-11-08T05:00:00", "type": "redhat", "title": "(RHSA-2011:1439) Critical: thunderbird security update", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "bulletinFamily": "unix", "cvelist": ["CVE-2011-3647", "CVE-2011-3648", "CVE-2011-3650"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-06-06T20:24:18", "id": "RHSA-2011:1439", "href": "https://access.redhat.com/errata/RHSA-2011:1439", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "debian": [{"lastseen": "2018-10-16T22:14:54", "references": [], "affectedPackage": [{"OS": "Debian", "OSVersion": "6", "packageVersion": "2.0.11-9", "arch": "all", "packageFilename": "iceape_2.0.11-9_all.deb", "packageName": "iceape", "operator": "lt"}], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2342-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nNovember 09, 2011 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : iceape\nVulnerability : several\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2011-3647 CVE-2011-3648 CVE-2011-3650 \n\nSeveral vulnerabilities have been found in the Iceape internet suite, an\nunbranded version of Seamonkey:\n\nCVE-2011-3647\n\n "moz_bug_r_a4" discovered a privilege escalation vulnerability in\n addon handling. \n\nCVE-2011-3648\n\n Yosuke Hasegawa discovered that incorrect handling of Shift-JIS \n encodings could lead to cross-site scripting.\n\nCVE-2011-3650\n\n Marc Schoenefeld discovered that profiling the Javascript code\n could lead to memory corruption.\n\nThe oldstable distribution (lenny) is not affected. The iceape package only\nprovides the XPCOM code.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 2.0.11-9.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2.0.14-9.\n\nWe recommend that you upgrade your iceape packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 1, "reporter": "Debian", "published": "2011-11-09T17:27:12", "title": "[SECURITY] [DSA 2342-1] iceape security update", "type": "debian", "enchantments": {"score": {"modified": "2018-10-16T22:14:54", "vector": "NONE", "value": 4.3}}, "bulletinFamily": "unix", "cvelist": ["CVE-2011-3648", "CVE-2011-3650", "CVE-2011-3647"], "modified": "2011-11-09T17:27:12", "id": "DEBIAN:DSA-2342-1:4E4BA", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2011/msg00219.html", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-10-16T22:13:13", "references": [], "affectedPackage": [{"OS": "Debian", "OSVersion": "5", "packageVersion": "1.9.0.19-15", "arch": "all", "packageFilename": "icewease_1.9.0.19-15_all.deb", "packageName": "icewease", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "3.5.16-11", "arch": "all", "packageFilename": "icewease_3.5.16-11_all.deb", "packageName": "icewease", "operator": "lt"}], "description": "I uploaded new packages for icewease which fixed the following\nsecurity problems:\n\nCVE-2011-3647\n\n "moz_bug_r_a4" discovered a privilege escalation vulnerability in\n addon handling.\n\nCVE-2011-3648\n\n Yosuke Hasegawa discovered that incorrect handling of Shift-JIS\n encodings could lead to cross-site scripting.\n\nCVE-2011-3650\n\n Marc Schoenefeld discovered that profiling the Javascript code\n could lead to memory corruption.\n\nFor the oldstable distribution (lenny), this problem has been fixed in\nversion 1.9.0.19-15 of the xulrunner source package.\n\nFor the lenny-backports distribution the problems have been fixed in\nversion 3.5.16-11~bpo50+1.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 3.5.16-11.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 8.0-1.\n\nUpgrade instructions\n--------------------\n\nIf you don't use pinning (see [1]) you have to update the package\nmanually via "apt-get -t lenny-backports install <packagelist>" with\nthe packagelist of your installed packages affected by this update.\n[1] <http://backports.debian.org/Instructions>\n\nWe recommend to pin (in /etc/apt/preferences) the backports repository to\n200 so that new versions of installed backports will be installed\nautomatically.\n\n Package: *\n Pin: release a=lenny-backports\n Pin-Priority: 200\n", "edition": 1, "reporter": "Debian", "published": "2011-11-16T11:46:20", "title": "[BSA-056] Security update for Iceweasel", "type": "debian", "enchantments": {"score": {"modified": "2018-10-16T22:13:13", "vector": "NONE", "value": 4.3}}, "bulletinFamily": "unix", "cvelist": ["CVE-2011-3648", "CVE-2011-3650", "CVE-2011-3647"], "modified": "2011-11-16T11:46:20", "id": "DEBIAN:BSA-056:3C3C5", "href": "https://lists.debian.org/debian-backports-announce/2011/debian-backports-announce-201111/msg00003.html", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-10-16T22:14:53", "references": [], "affectedPackage": [{"OS": "Debian", "OSVersion": "5", "packageVersion": "1.9.0.19-15", "arch": "all", "packageFilename": "xulrunner-dev_1.9.0.19-15_all.deb", "packageName": "xulrunner-dev", "operator": "lt"}, {"OS": "Debian", "OSVersion": "5", "packageVersion": "1.9.0.19-15", "arch": "all", "packageFilename": "xulrunner-1.9-gnome-support_1.9.0.19-15_all.deb", "packageName": "xulrunner-1.9-gnome-support", "operator": "lt"}, {"OS": "Debian", "OSVersion": "5", "packageVersion": "1.9.0.19-15", "arch": "all", "packageFilename": "libmozjs-dev_1.9.0.19-15_all.deb", "packageName": "libmozjs-dev", "operator": "lt"}, {"OS": "Debian", "OSVersion": "5", "packageVersion": "1.9.0.19-15", "arch": "all", "packageFilename": "libmozillainterfaces-java_1.9.0.19-15_all.deb", "packageName": "libmozillainterfaces-java", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "3.5.16-11", "arch": "all", "packageFilename": "xulrunner-dev_3.5.16-11_all.deb", "packageName": "xulrunner-dev", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "3.5.16-11", "arch": "all", "packageFilename": "iceweasel-dbg_3.5.16-11_all.deb", "packageName": "iceweasel-dbg", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "3.5.16-11", "arch": "all", "packageFilename": "libmozjs2d-dbg_3.5.16-11_all.deb", "packageName": "libmozjs2d-dbg", "operator": "lt"}, {"OS": "Debian", "OSVersion": "5", "packageVersion": "1.9.0.19-15", "arch": "all", "packageFilename": "xulrunner-1.9-dbg_1.9.0.19-15_all.deb", "packageName": "xulrunner-1.9-dbg", "operator": "lt"}, {"OS": "Debian", "OSVersion": "5", "packageVersion": "1.9.0.19-15", "arch": "all", "packageFilename": "libmozjs1d-dbg_1.9.0.19-15_all.deb", "packageName": "libmozjs1d-dbg", "operator": "lt"}, {"OS": "Debian", "OSVersion": "5", "packageVersion": "1.9.0.19-15", "arch": "all", "packageFilename": "xulrunner_1.9.0.19-15_all.deb", "packageName": "xulrunner", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "3.5.16-11", "arch": "all", "packageFilename": "iceweasel_3.5.16-11_all.deb", "packageName": "iceweasel", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "3.5.16-11", "arch": "all", "packageFilename": "xulrunner-1.9.1_3.5.16-11_all.deb", "packageName": "xulrunner-1.9.1", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "3.5.16-11", "arch": "all", "packageFilename": "xulrunner-1.9.1-dbg_3.5.16-11_all.deb", "packageName": "xulrunner-1.9.1-dbg", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "3.5.16-11", "arch": "all", "packageFilename": "libmozjs-dev_3.5.16-11_all.deb", "packageName": "libmozjs-dev", "operator": "lt"}, {"OS": "Debian", "OSVersion": "5", "packageVersion": "1.9.0.19-15", "arch": "all", "packageFilename": "xulrunner-1.9_1.9.0.19-15_all.deb", "packageName": "xulrunner-1.9", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "3.5.16-11", "arch": "all", "packageFilename": "libmozjs2d_3.5.16-11_all.deb", "packageName": "libmozjs2d", "operator": "lt"}, {"OS": "Debian", "OSVersion": "5", "packageVersion": "1.9.0.19-15", "arch": "all", "packageFilename": "spidermonkey-bin_1.9.0.19-15_all.deb", "packageName": "spidermonkey-bin", "operator": "lt"}, {"OS": "Debian", "OSVersion": "5", "packageVersion": "1.9.0.19-15", "arch": "all", "packageFilename": "libmozjs1d_1.9.0.19-15_all.deb", "packageName": "libmozjs1d", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "3.5.16-11", "arch": "all", "packageFilename": "spidermonkey-bin_3.5.16-11_all.deb", "packageName": "spidermonkey-bin", "operator": "lt"}, {"OS": "Debian", "OSVersion": "5", "packageVersion": "1.9.0.19-15", "arch": "all", "packageFilename": "python-xpcom_1.9.0.19-15_all.deb", "packageName": "python-xpcom", "operator": "lt"}], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2341-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nNovember 09, 2011 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : iceweasel\nVulnerability : several\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2011-3647 CVE-2011-3648 CVE-2011-3650 \n\nSeveral vulnerabilities have been discovered in Iceweasel, a web browser\nbased on Firefox. The included XULRunner library provides rendering\nservices for several other applications included in Debian.\n\nCVE-2011-3647\n\n "moz_bug_r_a4" discovered a privilege escalation vulnerability in\n addon handling. \n\nCVE-2011-3648\n\n Yosuke Hasegawa discovered that incorrect handling of Shift-JIS \n encodings could lead to cross-site scripting.\n\nCVE-2011-3650\n\n Marc Schoenefeld discovered that profiling the Javascript code\n could lead to memory corruption.\n\nFor the oldstable distribution (lenny), this problem has been fixed in\nversion 1.9.0.19-15 of the xulrunner source package.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 3.5.16-11.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 8.0-1.\n\nWe recommend that you upgrade your iceweasel packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 1, "reporter": "Debian", "published": "2011-11-09T17:00:08", "title": "[SECURITY] [DSA 2341-1] iceweasel security update", "type": "debian", "enchantments": {"score": {"modified": "2018-10-16T22:14:53", "vector": "NONE", "value": 4.3}}, "bulletinFamily": "unix", "cvelist": ["CVE-2011-3648", "CVE-2011-3650", "CVE-2011-3647"], "modified": "2011-11-09T17:00:08", "id": "DEBIAN:DSA-2341-1:8091B", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2011/msg00218.html", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-10-16T22:14:16", "references": [], "affectedPackage": [{"OS": "Debian", "OSVersion": "6", "packageVersion": "3.0.11-1+squeeze6", "arch": "all", "packageFilename": "icedove_3.0.11-1+squeeze6_all.deb", "packageName": "icedove", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "3.0.11-1+squeeze6", "arch": "all", "packageFilename": "icedove-dbg_3.0.11-1+squeeze6_all.deb", "packageName": "icedove-dbg", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "3.0.11-1+squeeze6", "arch": "all", "packageFilename": "icedove-dev_3.0.11-1+squeeze6_all.deb", "packageName": "icedove-dev", "operator": "lt"}], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2345-1 security@debian.org\nhttp://www.debian.org/security/ Florian Weimer\nNovember 11, 2011 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : icedove\nVulnerability : several\nProblem type : local (remote)\nDebian-specific: no\nCVE ID : CVE-2011-3647 CVE-2011-3648 CVE-2011-3650\n\nSeveral vulnerabilities have been discovered in Icedove, a mail client\nbased on Thunderbird.\n\nCVE-2011-3647\n The JSSubScriptLoader does not properly handle\n XPCNativeWrappers during calls to the loadSubScript method in\n an add-on, which makes it easier for remote attackers to gain\n privileges via a crafted web site that leverages certain\n unwrapping behavior.\n\nCVE-2011-3648\n\tA cross-site scripting (XSS) vulnerability allows remote\n\tattackers to inject arbitrary web script or HTML via crafted\n\ttext with Shift JIS encoding.\n\nCVE-2011-3650 \n Iceweasel does not properly handle JavaScript files that\n\tcontain many functions, which allows user-assisted remote\n\tattackers to cause a denial of service (memory corruption and\n\tapplication crash) or possibly have unspecified other impact\n\tvia a crafted file that is accessed by debugging APIs, as\n\tdemonstrated by Firebug.\n\nFor the stable distribution (squeeze), these problems have been fixed\nin version 3.0.11-1+squeeze6.\n\nFor the testing distribution (wheezy) and the unstable distribution\n(sid), these problems have been fixed in version 3.1.15-1.\n\nWe recommend that you upgrade your icedove packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 1, "reporter": "Debian", "published": "2011-11-11T21:26:36", "title": "[SECURITY] [DSA 2345-1] icedove security update", "type": "debian", "enchantments": {"score": {"modified": "2018-10-16T22:14:16", "vector": "NONE", "value": 6.8}}, "bulletinFamily": "unix", "cvelist": ["CVE-2011-3648", "CVE-2011-3650", "CVE-2011-3647"], "modified": "2011-11-11T21:26:36", "id": "DEBIAN:DSA-2345-1:67B2D", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2011/msg00222.html", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "suse": [{"lastseen": "2016-09-04T11:50:18", "references": ["https://bugzilla.novell.com/728520"], "affectedPackage": [{"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "3.1.16-0.23.1", "packageName": "MozillaThunderbird-devel", "packageFilename": "MozillaThunderbird-devel-3.1.16-0.23.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "1.9.2.24-0.2.1", "packageName": "mozilla-xulrunner192-32bit", "packageFilename": "mozilla-xulrunner192-32bit-1.9.2.24-0.2.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "1.1.2+3.1.16-0.23.1", "packageName": "enigmail", "packageFilename": "enigmail-1.1.2+3.1.16-0.23.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "1.9.2.24-0.2.1", "packageName": "mozilla-xulrunner192-translations-common", "packageFilename": "mozilla-xulrunner192-translations-common-1.9.2.24-0.2.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "1.9.2.24-0.2.1", "packageName": "mozilla-xulrunner192-translations-other-32bit", "packageFilename": "mozilla-xulrunner192-translations-other-32bit-1.9.2.24-0.2.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "3.6.24-0.2.1", "packageName": "MozillaFirefox", "packageFilename": "MozillaFirefox-3.6.24-0.2.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "3.1.16-0.23.1", "packageName": "MozillaThunderbird", "packageFilename": "MozillaThunderbird-3.1.16-0.23.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "3.1.16-0.23.1", "packageName": "MozillaThunderbird-translations-other", "packageFilename": "MozillaThunderbird-translations-other-3.1.16-0.23.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "1.9.2.24-0.2.1", "packageName": "mozilla-xulrunner192-translations-other", "packageFilename": "mozilla-xulrunner192-translations-other-1.9.2.24-0.2.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "1.9.2.24-0.2.1", "packageName": "mozilla-xulrunner192-buildsymbols", "packageFilename": "mozilla-xulrunner192-buildsymbols-1.9.2.24-0.2.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "1.9.2.24-0.2.1", "packageName": "mozilla-xulrunner192-translations-other", "packageFilename": "mozilla-xulrunner192-translations-other-1.9.2.24-0.2.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "1.9.2.24-0.2.1", "packageName": "mozilla-xulrunner192-buildsymbols", "packageFilename": "mozilla-xulrunner192-buildsymbols-1.9.2.24-0.2.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "3.6.24-0.2.1", "packageName": "MozillaFirefox-translations-other", "packageFilename": "MozillaFirefox-translations-other-3.6.24-0.2.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "3.6.24-0.2.1", "packageName": "MozillaFirefox-translations-common", "packageFilename": "MozillaFirefox-translations-common-3.6.24-0.2.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "3.1.16-0.23.1", "packageName": "MozillaThunderbird-devel", "packageFilename": "MozillaThunderbird-devel-3.1.16-0.23.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "3.5-17.3.1", "packageName": "MozillaFirefox-branding-openSUSE", "packageFilename": "MozillaFirefox-branding-openSUSE-3.5-17.3.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "1.9.2.24-0.2.1", "packageName": "mozilla-js192-32bit", "packageFilename": "mozilla-js192-32bit-1.9.2.24-0.2.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "3.6.24-0.2.1", "packageName": "MozillaFirefox-branding-upstream", "packageFilename": "MozillaFirefox-branding-upstream-3.6.24-0.2.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "1.9.2.24-0.2.1", "packageName": "mozilla-js192", "packageFilename": "mozilla-js192-1.9.2.24-0.2.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "1.9.2.24-0.2.1", "packageName": "mozilla-xulrunner192-translations-common", "packageFilename": "mozilla-xulrunner192-translations-common-1.9.2.24-0.2.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "3.1.16-0.23.1", "packageName": "MozillaThunderbird", "packageFilename": "MozillaThunderbird-3.1.16-0.23.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "3.6.24-0.2.1", "packageName": "MozillaFirefox-translations-other", "packageFilename": "MozillaFirefox-translations-other-3.6.24-0.2.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "1.9.2.24-0.2.1", "packageName": "mozilla-xulrunner192", "packageFilename": "mozilla-xulrunner192-1.9.2.24-0.2.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "1.1.2+3.1.16-0.23.1", "packageName": "enigmail", "packageFilename": "enigmail-1.1.2+3.1.16-0.23.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "3.1.16-0.23.1", "packageName": "MozillaThunderbird-translations-common", "packageFilename": "MozillaThunderbird-translations-common-3.1.16-0.23.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "1.9.2.24-0.2.1", "packageName": "mozilla-xulrunner192-gnome-32bit", "packageFilename": "mozilla-xulrunner192-gnome-32bit-1.9.2.24-0.2.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "3.5-17.3.1", "packageName": "MozillaFirefox-branding-openSUSE", "packageFilename": "MozillaFirefox-branding-openSUSE-3.5-17.3.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "1.9.2.24-0.2.1", "packageName": "mozilla-xulrunner192", "packageFilename": "mozilla-xulrunner192-1.9.2.24-0.2.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "1.9.2.24-0.2.1", "packageName": "mozilla-xulrunner192-devel", "packageFilename": "mozilla-xulrunner192-devel-1.9.2.24-0.2.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "1.9.2.24-0.2.1", "packageName": "mozilla-js192", "packageFilename": "mozilla-js192-1.9.2.24-0.2.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "1.9.2.24-0.2.1", "packageName": "mozilla-xulrunner192-gnome", "packageFilename": "mozilla-xulrunner192-gnome-1.9.2.24-0.2.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "3.1.16-0.23.1", "packageName": "MozillaThunderbird-translations-common", "packageFilename": "MozillaThunderbird-translations-common-3.1.16-0.23.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "3.6.24-0.2.1", "packageName": "MozillaFirefox-translations-common", "packageFilename": "MozillaFirefox-translations-common-3.6.24-0.2.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "1.9.2.24-0.2.1", "packageName": "mozilla-xulrunner192-gnome", "packageFilename": "mozilla-xulrunner192-gnome-1.9.2.24-0.2.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "1.9.2.24-0.2.1", "packageName": "mozilla-xulrunner192-translations-common-32bit", "packageFilename": "mozilla-xulrunner192-translations-common-32bit-1.9.2.24-0.2.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "1.9.2.24-0.2.1", "packageName": "mozilla-xulrunner192-devel", "packageFilename": "mozilla-xulrunner192-devel-1.9.2.24-0.2.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "3.6.24-0.2.1", "packageName": "MozillaFirefox-branding-upstream", "packageFilename": "MozillaFirefox-branding-upstream-3.6.24-0.2.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "3.6.24-0.2.1", "packageName": "MozillaFirefox", "packageFilename": "MozillaFirefox-3.6.24-0.2.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "3.1.16-0.23.1", "packageName": "MozillaThunderbird-translations-other", "packageFilename": "MozillaThunderbird-translations-other-3.1.16-0.23.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}], "description": "MozillaFirefox has been updated to version 3.6.24 to fix\n the following security issues:\n\n * MFSA 2011-46/CVE-2011-3647 (bmo#680880) loadSubScript\n unwraps XPCNativeWrapper scope parameter\n * MFSA 2011-47/CVE-2011-3648 (bmo#690225) Potential XSS\n against sites using Shift-JIS\n * MFSA 2011-49/CVE-2011-3650 (bmo#674776) Memory corruption\n while profiling using Firebug\n\n", "edition": 1, "reporter": "Suse", "published": "2011-11-15T15:08:31", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "suse", "title": "MozillaFirefox (critical)", "bulletinFamily": "unix", "cvelist": ["CVE-2011-3648", "CVE-2011-3650", "CVE-2011-3647"], "modified": "2011-11-15T15:08:31", "id": "OPENSUSE-SU-2011:1242-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00015.html", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:08:03", "references": ["http://download.novell.com/patch/finder/?keywords=a9702913279a83a089e38e9d764a8ce1", "https://bugzilla.novell.com/728520"], "affectedPackage": [{"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "10.4", "packageVersion": "1.9.2.24-0.5.1", "packageName": "mozilla-xulrunner192-gnome-32bit", "packageFilename": "mozilla-xulrunner192-gnome-32bit-1.9.2.24-0.5.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "10.4", "packageVersion": "1.9.2.24-0.5.1", "packageName": "mozilla-xulrunner192", "packageFilename": "mozilla-xulrunner192-1.9.2.24-0.5.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "10.4", "packageVersion": "1.9.2.24-0.5.1", "packageName": "mozilla-xulrunner192-translations", "packageFilename": "mozilla-xulrunner192-translations-1.9.2.24-0.5.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "1.9.2.24-0.5.1", "packageName": "mozilla-xulrunner192-translations", "packageFilename": "mozilla-xulrunner192-translations-1.9.2.24-0.5.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "1.9.2.24-0.5.1", "packageName": "mozilla-xulrunner192-gnome-32bit", "packageFilename": "mozilla-xulrunner192-gnome-32bit-1.9.2.24-0.5.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SLE SDK", "OSVersion": "10.4", "packageVersion": "3.6.24-0.5.1", "packageName": "MozillaFirefox-branding-upstream", "packageFilename": "MozillaFirefox-branding-upstream-3.6.24-0.5.1.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "3.6.24-0.5.1", "packageName": "MozillaFirefox", "packageFilename": "MozillaFirefox-3.6.24-0.5.1.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "10.4", "packageVersion": "1.9.2.24-0.5.1", "packageName": "mozilla-xulrunner192", "packageFilename": "mozilla-xulrunner192-1.9.2.24-0.5.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "3.6.24-0.5.1", "packageName": "MozillaFirefox-translations", "packageFilename": "MozillaFirefox-translations-3.6.24-0.5.1.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "10.4", "packageVersion": "1.9.2.24-0.5.1", "packageName": "mozilla-xulrunner192-gnome", "packageFilename": "mozilla-xulrunner192-gnome-1.9.2.24-0.5.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "3.6.24-0.5.1", "packageName": "MozillaFirefox-translations", "packageFilename": "MozillaFirefox-translations-3.6.24-0.5.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "10.4", "packageVersion": "1.9.2.24-0.5.1", "packageName": "mozilla-xulrunner192-32bit", "packageFilename": "mozilla-xulrunner192-32bit-1.9.2.24-0.5.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "1.9.2.24-0.5.1", "packageName": "mozilla-xulrunner192-translations-32bit", "packageFilename": "mozilla-xulrunner192-translations-32bit-1.9.2.24-0.5.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "1.9.2.24-0.5.1", "packageName": "mozilla-xulrunner192", "packageFilename": "mozilla-xulrunner192-1.9.2.24-0.5.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "1.9.2.24-0.5.1", "packageName": "mozilla-xulrunner192", "packageFilename": "mozilla-xulrunner192-1.9.2.24-0.5.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "1.9.2.24-0.5.1", "packageName": "mozilla-xulrunner192-translations", "packageFilename": "mozilla-xulrunner192-translations-1.9.2.24-0.5.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "1.9.2.24-0.5.1", "packageName": "mozilla-xulrunner192-gnome-32bit", "packageFilename": "mozilla-xulrunner192-gnome-32bit-1.9.2.24-0.5.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "3.6.24-0.5.1", "packageName": "MozillaFirefox-translations", "packageFilename": "MozillaFirefox-translations-3.6.24-0.5.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "3.6.24-0.5.1", "packageName": "MozillaFirefox", "packageFilename": "MozillaFirefox-3.6.24-0.5.1.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "SLE SDK", "OSVersion": "10.4", "packageVersion": "3.6.24-0.5.1", "packageName": "MozillaFirefox-branding-upstream", "packageFilename": "MozillaFirefox-branding-upstream-3.6.24-0.5.1.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "3.6.24-0.5.1", "packageName": "MozillaFirefox", "packageFilename": "MozillaFirefox-3.6.24-0.5.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SLE SDK", "OSVersion": "10.4", "packageVersion": "3.6.24-0.5.1", "packageName": "MozillaFirefox-branding-upstream", "packageFilename": "MozillaFirefox-branding-upstream-3.6.24-0.5.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "1.9.2.24-0.5.1", "packageName": "mozilla-xulrunner192", "packageFilename": "mozilla-xulrunner192-1.9.2.24-0.5.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "1.9.2.24-0.5.1", "packageName": "mozilla-xulrunner192-translations", "packageFilename": "mozilla-xulrunner192-translations-1.9.2.24-0.5.1.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "1.9.2.24-0.5.1", "packageName": "mozilla-xulrunner192-gnome", "packageFilename": "mozilla-xulrunner192-gnome-1.9.2.24-0.5.1.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "1.9.2.24-0.5.1", "packageName": "mozilla-xulrunner192-32bit", "packageFilename": "mozilla-xulrunner192-32bit-1.9.2.24-0.5.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "1.9.2.24-0.5.1", "packageName": "mozilla-xulrunner192-translations-32bit", "packageFilename": "mozilla-xulrunner192-translations-32bit-1.9.2.24-0.5.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "3.6.24-0.5.1", "packageName": "MozillaFirefox-translations", "packageFilename": "MozillaFirefox-translations-3.6.24-0.5.1.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "1.9.2.24-0.5.1", "packageName": "mozilla-xulrunner192-translations", "packageFilename": "mozilla-xulrunner192-translations-1.9.2.24-0.5.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "10.4", "packageVersion": "3.6.24-0.5.1", "packageName": "MozillaFirefox-translations", "packageFilename": "MozillaFirefox-translations-3.6.24-0.5.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "1.9.2.24-0.5.1", "packageName": "mozilla-xulrunner192-gnome", "packageFilename": "mozilla-xulrunner192-gnome-1.9.2.24-0.5.1.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "1.9.2.24-0.5.1", "packageName": "mozilla-xulrunner192", "packageFilename": "mozilla-xulrunner192-1.9.2.24-0.5.1.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "1.9.2.24-0.5.1", "packageName": "mozilla-xulrunner192-gnome", "packageFilename": "mozilla-xulrunner192-gnome-1.9.2.24-0.5.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SLE SDK", "OSVersion": "10.4", "packageVersion": "3.6.24-0.5.1", "packageName": "MozillaFirefox-branding-upstream", "packageFilename": "MozillaFirefox-branding-upstream-3.6.24-0.5.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "1.9.2.24-0.5.1", "packageName": "mozilla-xulrunner192-gnome", "packageFilename": "mozilla-xulrunner192-gnome-1.9.2.24-0.5.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "10.4", "packageVersion": "1.9.2.24-0.5.1", "packageName": "mozilla-xulrunner192-gnome", "packageFilename": "mozilla-xulrunner192-gnome-1.9.2.24-0.5.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "3.6.24-0.5.1", "packageName": "MozillaFirefox", "packageFilename": "MozillaFirefox-3.6.24-0.5.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "1.9.2.24-0.5.1", "packageName": "mozilla-xulrunner192", "packageFilename": "mozilla-xulrunner192-1.9.2.24-0.5.1.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "10.4", "packageVersion": "1.9.2.24-0.5.1", "packageName": "mozilla-xulrunner192-translations", "packageFilename": "mozilla-xulrunner192-translations-1.9.2.24-0.5.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "1.9.2.24-0.5.1", "packageName": "mozilla-xulrunner192-translations", "packageFilename": "mozilla-xulrunner192-translations-1.9.2.24-0.5.1.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "10.4", "packageVersion": "3.6.24-0.5.1", "packageName": "MozillaFirefox", "packageFilename": "MozillaFirefox-3.6.24-0.5.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "1.9.2.24-0.5.1", "packageName": "mozilla-xulrunner192-32bit", "packageFilename": "mozilla-xulrunner192-32bit-1.9.2.24-0.5.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "10.4", "packageVersion": "1.9.2.24-0.5.1", "packageName": "mozilla-xulrunner192-translations-32bit", "packageFilename": "mozilla-xulrunner192-translations-32bit-1.9.2.24-0.5.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "1.9.2.24-0.5.1", "packageName": "mozilla-xulrunner192-gnome", "packageFilename": "mozilla-xulrunner192-gnome-1.9.2.24-0.5.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}], "description": "MozillaFirefox has been updated to version 3.6.24 to fix\n the following security issues:\n\n * MFSA 2011-46 loadSubScript unwraps XPCNativeWrapper\n scope parameter ( CVE-2011-3647\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3647\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3647</a>\n > )\n * MFSA 2011-47 Potential XSS against sites using\n Shift-JIS ( CVE-2011-3648\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3648\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3648</a>\n > )\n * MFSA 2011-49 Memory corruption while profiling using\n Firebug ( CVE-2011-3650\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3650\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3650</a>\n > )\n\n\n", "edition": 1, "reporter": "Suse", "published": "2011-11-18T22:08:45", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "suse", "title": "Security update for MozillaFirefox (critical)", "bulletinFamily": "unix", "cvelist": ["CVE-2011-3648", "CVE-2011-3650", "CVE-2011-3647"], "modified": "2011-11-18T22:08:45", "id": "SUSE-SU-2011:1266-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00024.html", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:03:49", "references": ["https://bugzilla.novell.com/728520"], "affectedPackage": [{"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.1.16-0.19.2", "packageName": "MozillaThunderbird-devel", "packageFilename": "MozillaThunderbird-devel-3.1.16-0.19.2.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "8.0-0.2.2", "packageName": "MozillaFirefox-translations-common", "packageFilename": "MozillaFirefox-translations-common-8.0-0.2.2.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.1.16-0.19.2", "packageName": "MozillaThunderbird-translations-common", "packageFilename": "MozillaThunderbird-translations-common-3.1.16-0.19.2.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "1.9.2.24-0.2.2", "packageName": "mozilla-js192", "packageFilename": "mozilla-js192-1.9.2.24-0.2.2.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "1.9.2.24-0.2.2", "packageName": "mozilla-xulrunner192-gnome", "packageFilename": "mozilla-xulrunner192-gnome-1.9.2.24-0.2.2.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.1.16-0.19.2", "packageName": "MozillaThunderbird-buildsymbols", "packageFilename": "MozillaThunderbird-buildsymbols-3.1.16-0.19.2.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.1.16-0.19.2", "packageName": "MozillaThunderbird-devel", "packageFilename": "MozillaThunderbird-devel-3.1.16-0.19.2.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "8.0-0.2.2", "packageName": "MozillaFirefox-buildsymbols", "packageFilename": "MozillaFirefox-buildsymbols-8.0-0.2.2.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "1.9.2.24-0.2.2", "packageName": "mozilla-xulrunner192-translations-common", "packageFilename": "mozilla-xulrunner192-translations-common-1.9.2.24-0.2.2.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "1.9.2.24-0.2.2", "packageName": "mozilla-xulrunner192-translations-other", "packageFilename": "mozilla-xulrunner192-translations-other-1.9.2.24-0.2.2.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "1.9.2.24-0.2.2", "packageName": "mozilla-xulrunner192-gnome-32bit", "packageFilename": "mozilla-xulrunner192-gnome-32bit-1.9.2.24-0.2.2.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "1.9.2.24-0.2.2", "packageName": "mozilla-xulrunner192-gnome", "packageFilename": "mozilla-xulrunner192-gnome-1.9.2.24-0.2.2.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "8.0-0.2.2", "packageName": "MozillaFirefox-branding-upstream", "packageFilename": "MozillaFirefox-branding-upstream-8.0-0.2.2.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.1.16-0.19.2", "packageName": "MozillaThunderbird-translations-other", "packageFilename": "MozillaThunderbird-translations-other-3.1.16-0.19.2.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "1.9.2.24-0.2.2", "packageName": "mozilla-xulrunner192-devel", "packageFilename": "mozilla-xulrunner192-devel-1.9.2.24-0.2.2.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.1.16-0.19.2", "packageName": "MozillaThunderbird-translations-common", "packageFilename": "MozillaThunderbird-translations-common-3.1.16-0.19.2.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "5.0-2.5.1", "packageName": "MozillaFirefox-branding-openSUSE", "packageFilename": "MozillaFirefox-branding-openSUSE-5.0-2.5.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "8.0-0.2.2", "packageName": "MozillaFirefox-devel", "packageFilename": "MozillaFirefox-devel-8.0-0.2.2.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "1.9.2.24-0.2.2", "packageName": "mozilla-xulrunner192-translations-common-32bit", "packageFilename": "mozilla-xulrunner192-translations-common-32bit-1.9.2.24-0.2.2.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "1.9.2.24-0.2.2", "packageName": "mozilla-xulrunner192-buildsymbols", "packageFilename": "mozilla-xulrunner192-buildsymbols-1.9.2.24-0.2.2.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "8.0-0.2.2", "packageName": "MozillaFirefox-buildsymbols", "packageFilename": "MozillaFirefox-buildsymbols-8.0-0.2.2.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "8.0-0.2.2", "packageName": "MozillaFirefox-devel", "packageFilename": "MozillaFirefox-devel-8.0-0.2.2.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.1.16-0.19.2", "packageName": "MozillaThunderbird", "packageFilename": "MozillaThunderbird-3.1.16-0.19.2.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "1.1.2+3.1.16-0.19.2", "packageName": "enigmail", "packageFilename": "enigmail-1.1.2+3.1.16-0.19.2.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "1.9.2.24-0.2.2", "packageName": "mozilla-xulrunner192", "packageFilename": "mozilla-xulrunner192-1.9.2.24-0.2.2.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.1.16-0.19.2", "packageName": "MozillaThunderbird-translations-other", "packageFilename": "MozillaThunderbird-translations-other-3.1.16-0.19.2.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "8.0-0.2.2", "packageName": "MozillaFirefox-translations-other", "packageFilename": "MozillaFirefox-translations-other-8.0-0.2.2.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "1.1.2+3.1.16-0.19.2", "packageName": "enigmail", "packageFilename": "enigmail-1.1.2+3.1.16-0.19.2.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "1.9.2.24-0.2.2", "packageName": "mozilla-xulrunner192-translations-other", "packageFilename": "mozilla-xulrunner192-translations-other-1.9.2.24-0.2.2.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "1.9.2.24-0.2.2", "packageName": "mozilla-xulrunner192-32bit", "packageFilename": "mozilla-xulrunner192-32bit-1.9.2.24-0.2.2.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "1.9.2.24-0.2.2", "packageName": "mozilla-xulrunner192", "packageFilename": "mozilla-xulrunner192-1.9.2.24-0.2.2.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "8.0-0.2.2", "packageName": "MozillaFirefox", "packageFilename": "MozillaFirefox-8.0-0.2.2.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "8.0-0.2.2", "packageName": "MozillaFirefox", "packageFilename": "MozillaFirefox-8.0-0.2.2.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.1.16-0.19.2", "packageName": "MozillaThunderbird-buildsymbols", "packageFilename": "MozillaThunderbird-buildsymbols-3.1.16-0.19.2.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "8.0-0.2.2", "packageName": "MozillaFirefox-translations-common", "packageFilename": "MozillaFirefox-translations-common-8.0-0.2.2.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "1.9.2.24-0.2.2", "packageName": "mozilla-js192", "packageFilename": "mozilla-js192-1.9.2.24-0.2.2.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "1.9.2.24-0.2.2", "packageName": "mozilla-xulrunner192-devel", "packageFilename": "mozilla-xulrunner192-devel-1.9.2.24-0.2.2.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "1.9.2.24-0.2.2", "packageName": "mozilla-xulrunner192-translations-common", "packageFilename": "mozilla-xulrunner192-translations-common-1.9.2.24-0.2.2.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "5.0-2.5.1", "packageName": "MozillaFirefox-branding-openSUSE", "packageFilename": "MozillaFirefox-branding-openSUSE-5.0-2.5.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "1.9.2.24-0.2.2", "packageName": "mozilla-xulrunner192-buildsymbols", "packageFilename": "mozilla-xulrunner192-buildsymbols-1.9.2.24-0.2.2.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "8.0-0.2.2", "packageName": "MozillaFirefox-translations-other", "packageFilename": "MozillaFirefox-translations-other-8.0-0.2.2.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.1.16-0.19.2", "packageName": "MozillaThunderbird", "packageFilename": "MozillaThunderbird-3.1.16-0.19.2.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "1.9.2.24-0.2.2", "packageName": "mozilla-xulrunner192-translations-other-32bit", "packageFilename": "mozilla-xulrunner192-translations-other-32bit-1.9.2.24-0.2.2.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "8.0-0.2.2", "packageName": "MozillaFirefox-branding-upstream", "packageFilename": "MozillaFirefox-branding-upstream-8.0-0.2.2.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "1.9.2.24-0.2.2", "packageName": "mozilla-js192-32bit", "packageFilename": "mozilla-js192-32bit-1.9.2.24-0.2.2.x86_64.rpm", "arch": "x86_64", "operator": "lt"}], "description": "MozillaFirefox was updated to version 8 (bnc#728520) to fix\n the following security issues:\n\n * MFSA 2011-47/CVE-2011-3648 (bmo#690225) Potential XSS\n against sites using Shift-JIS\n * MFSA 2011-48/CVE-2011-3651/CVE-2011-3652/CVE-2011-3654\n Miscellaneous memory safety hazards\n * MFSA 2011-49/CVE-2011-3650 (bmo#674776) Memory\n corruption while profiling using Firebug\n * MFSA 2011-52/CVE-2011-3655 (bmo#672182) Code execution\n via NoWaiverWrapper\n - rebased patches\n\n", "edition": 1, "reporter": "Suse", "published": "2011-11-15T15:08:39", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "type": "suse", "title": "MozillaFirefox secuirty update (critical)", "bulletinFamily": "unix", "cvelist": ["CVE-2011-3648", "CVE-2011-3654", "CVE-2011-3652", "CVE-2011-3650", "CVE-2011-3651", "CVE-2011-3655"], "modified": "2011-11-15T15:08:39", "id": "OPENSUSE-SU-2011:1243-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00016.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:56:41", "references": ["http://download.novell.com/patch/finder/?keywords=c78d5ba357ca9d7cf302f1609efa467f", "https://bugzilla.novell.com/726096", "https://bugzilla.novell.com/728520"], "affectedPackage": [{"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "3.13.1-0.2.1", "packageName": "mozilla-nss-32bit", "packageFilename": "mozilla-nss-32bit-3.13.1-0.2.1.ppc64.rpm", "arch": "ppc64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "1.9.2.24-0.3.1", "packageName": "mozilla-xulrunner192-gnome", "packageFilename": "mozilla-xulrunner192-gnome-1.9.2.24-0.3.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "1.9.2.24-0.3.1", "packageName": "mozilla-xulrunner192-translations", "packageFilename": "mozilla-xulrunner192-translations-1.9.2.24-0.3.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.1", "packageVersion": "3.13.1-0.2.1", "packageName": "libfreebl3-32bit", "packageFilename": "libfreebl3-32bit-3.13.1-0.2.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.1", "packageVersion": "3.13.1-0.2.1", "packageName": "mozilla-nss-devel", "packageFilename": "mozilla-nss-devel-3.13.1-0.2.1.ppc64.rpm", "arch": "ppc64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.1", "packageVersion": "1.9.2.24-0.3.2", "packageName": "mozilla-xulrunner192-translations-32bit", "packageFilename": "mozilla-xulrunner192-translations-32bit-1.9.2.24-0.3.2.ppc64.rpm", "arch": "ppc64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.1", "packageVersion": "3.13.1-0.2.1", "packageName": "libfreebl3", "packageFilename": "libfreebl3-3.13.1-0.2.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.1", "packageVersion": "1.9.2.24-0.3.1", "packageName": "mozilla-xulrunner192-translations", "packageFilename": "mozilla-xulrunner192-translations-1.9.2.24-0.3.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "3.6.24-0.3.1", "packageName": "MozillaFirefox", "packageFilename": "MozillaFirefox-3.6.24-0.3.1.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "1.9.2.24-0.3.1", "packageName": "mozilla-xulrunner192-translations", "packageFilename": "mozilla-xulrunner192-translations-1.9.2.24-0.3.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "1.9.2.24-0.3.1", "packageName": "mozilla-xulrunner192-gnome", "packageFilename": "mozilla-xulrunner192-gnome-1.9.2.24-0.3.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "3.13.1-0.2.1", "packageName": "mozilla-nss-tools", "packageFilename": "mozilla-nss-tools-3.13.1-0.2.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.1", "packageVersion": "3.13.1-0.2.1", "packageName": "libfreebl3", "packageFilename": "libfreebl3-3.13.1-0.2.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.1", "packageVersion": "3.6.24-0.3.1", "packageName": "MozillaFirefox-translations", "packageFilename": "MozillaFirefox-translations-3.6.24-0.3.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "3.13.1-0.2.1", "packageName": "mozilla-nss-32bit", "packageFilename": "mozilla-nss-32bit-3.13.1-0.2.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "3.13.1-0.2.1", "packageName": "mozilla-nss", "packageFilename": "mozilla-nss-3.13.1-0.2.1.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "3.13.1-0.2.1", "packageName": "mozilla-nss-32bit", "packageFilename": "mozilla-nss-32bit-3.13.1-0.2.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "3.6.24-0.3.1", "packageName": "MozillaFirefox", "packageFilename": "MozillaFirefox-3.6.24-0.3.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "3.6.24-0.3.1", "packageName": "MozillaFirefox", "packageFilename": "MozillaFirefox-3.6.24-0.3.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.1", "packageVersion": "3.6.24-0.3.1", "packageName": "MozillaFirefox", "packageFilename": "MozillaFirefox-3.6.24-0.3.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.1", "packageVersion": "3.6.24-0.3.1", "packageName": "MozillaFirefox", "packageFilename": "MozillaFirefox-3.6.24-0.3.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "1.9.2.24-0.3.1", "packageName": "mozilla-xulrunner192-translations", "packageFilename": "mozilla-xulrunner192-translations-1.9.2.24-0.3.1.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.1", "packageVersion": "1.9.2.24-0.3.1", "packageName": "mozilla-xulrunner192-devel", "packageFilename": "mozilla-xulrunner192-devel-1.9.2.24-0.3.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "3.6.24-0.3.1", "packageName": "MozillaFirefox-translations", "packageFilename": "MozillaFirefox-translations-3.6.24-0.3.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "1.9.2.24-0.3.1", "packageName": "mozilla-xulrunner192-32bit", "packageFilename": "mozilla-xulrunner192-32bit-1.9.2.24-0.3.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.1", "packageVersion": "3.6.24-0.3.1", "packageName": "MozillaFirefox", "packageFilename": "MozillaFirefox-3.6.24-0.3.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.1", "packageVersion": "3.6.24-0.3.1", "packageName": "MozillaFirefox-translations", "packageFilename": "MozillaFirefox-translations-3.6.24-0.3.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.1", "packageVersion": "3.13.1-0.2.1", "packageName": "mozilla-nss", "packageFilename": "mozilla-nss-3.13.1-0.2.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "3.13.1-0.2.1", "packageName": "mozilla-nss", "packageFilename": "mozilla-nss-3.13.1-0.2.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.1", "packageVersion": "3.13.1-0.2.1", "packageName": "mozilla-nss-tools", "packageFilename": "mozilla-nss-tools-3.13.1-0.2.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.1", "packageVersion": "1.9.2.24-0.3.2", "packageName": "mozilla-xulrunner192-gnome-32bit", "packageFilename": "mozilla-xulrunner192-gnome-32bit-1.9.2.24-0.3.2.ppc64.rpm", "arch": "ppc64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "3.6.24-0.3.1", "packageName": "MozillaFirefox", "packageFilename": "MozillaFirefox-3.6.24-0.3.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "3.13.1-0.2.1", "packageName": "libfreebl3", "packageFilename": "libfreebl3-3.13.1-0.2.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.1", "packageVersion": "1.9.2.24-0.3.1", "packageName": "mozilla-xulrunner192-translations", "packageFilename": "mozilla-xulrunner192-translations-1.9.2.24-0.3.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.1", "packageVersion": "3.13.1-0.2.1", "packageName": "libfreebl3", "packageFilename": "libfreebl3-3.13.1-0.2.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.1", "packageVersion": "1.9.2.24-0.3.1", "packageName": "mozilla-xulrunner192-translations-x86", "packageFilename": "mozilla-xulrunner192-translations-x86-1.9.2.24-0.3.1.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "3.6.24-0.3.1", "packageName": "MozillaFirefox", "packageFilename": "MozillaFirefox-3.6.24-0.3.1.ppc64.rpm", "arch": "ppc64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.1", "packageVersion": "3.13.1-0.2.1", "packageName": "mozilla-nss-32bit", "packageFilename": "mozilla-nss-32bit-3.13.1-0.2.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "1.9.2.24-0.3.1", "packageName": "mozilla-xulrunner192-x86", "packageFilename": "mozilla-xulrunner192-x86-1.9.2.24-0.3.1.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.1", "packageVersion": "1.9.2.24-0.3.1", "packageName": "mozilla-xulrunner192-gnome-32bit", "packageFilename": "mozilla-xulrunner192-gnome-32bit-1.9.2.24-0.3.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.1", "packageVersion": "1.9.2.24-0.3.1", "packageName": "mozilla-xulrunner192-gnome-32bit", "packageFilename": "mozilla-xulrunner192-gnome-32bit-1.9.2.24-0.3.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "1.9.2.24-0.3.1", "packageName": "mozilla-xulrunner192-translations", "packageFilename": "mozilla-xulrunner192-translations-1.9.2.24-0.3.1.ppc64.rpm", "arch": "ppc64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.1", "packageVersion": "1.9.2.24-0.3.1", "packageName": "mozilla-xulrunner192-translations", "packageFilename": "mozilla-xulrunner192-translations-1.9.2.24-0.3.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.1", "packageVersion": "1.9.2.24-0.3.1", "packageName": "mozilla-xulrunner192", "packageFilename": "mozilla-xulrunner192-1.9.2.24-0.3.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.1", "packageVersion": "3.13.1-0.2.1", "packageName": "mozilla-nss-tools", "packageFilename": "mozilla-nss-tools-3.13.1-0.2.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.1", "packageVersion": "1.9.2.24-0.3.1", "packageName": "mozilla-xulrunner192-32bit", "packageFilename": "mozilla-xulrunner192-32bit-1.9.2.24-0.3.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.1", "packageVersion": "1.9.2.24-0.3.1", "packageName": "mozilla-xulrunner192-gnome", "packageFilename": "mozilla-xulrunner192-gnome-1.9.2.24-0.3.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.1", "packageVersion": "1.9.2.24-0.3.1", "packageName": "mozilla-xulrunner192-translations-32bit", "packageFilename": "mozilla-xulrunner192-translations-32bit-1.9.2.24-0.3.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "3.13.1-0.2.1", "packageName": "mozilla-nss", "packageFilename": "mozilla-nss-3.13.1-0.2.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "3.6.24-0.3.1", "packageName": "MozillaFirefox-translations", "packageFilename": "MozillaFirefox-translations-3.6.24-0.3.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.1", "packageVersion": "1.9.2.24-0.3.1", "packageName": "mozilla-xulrunner192-gnome-32bit", "packageFilename": "mozilla-xulrunner192-gnome-32bit-1.9.2.24-0.3.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.1", "packageVersion": "1.9.2.24-0.3.1", "packageName": "mozilla-xulrunner192-devel", "packageFilename": "mozilla-xulrunner192-devel-1.9.2.24-0.3.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "3.6.24-0.3.1", "packageName": "MozillaFirefox-translations", "packageFilename": "MozillaFirefox-translations-3.6.24-0.3.1.ppc64.rpm", "arch": "ppc64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "3.13.1-0.2.1", "packageName": "mozilla-nss-tools", "packageFilename": "mozilla-nss-tools-3.13.1-0.2.1.ppc64.rpm", "arch": "ppc64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "3.13.1-0.2.1", "packageName": "libfreebl3-32bit", "packageFilename": "libfreebl3-32bit-3.13.1-0.2.1.ppc64.rpm", "arch": "ppc64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.1", "packageVersion": "3.13.1-0.2.1", "packageName": "mozilla-nss-32bit", "packageFilename": "mozilla-nss-32bit-3.13.1-0.2.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.1", "packageVersion": "3.13.1-0.2.1", "packageName": "mozilla-nss", "packageFilename": "mozilla-nss-3.13.1-0.2.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.1", "packageVersion": "3.6.24-0.3.1", "packageName": "MozillaFirefox-translations", "packageFilename": "MozillaFirefox-translations-3.6.24-0.3.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "3.13.1-0.2.1", "packageName": "libfreebl3", "packageFilename": "libfreebl3-3.13.1-0.2.1.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.1", "packageVersion": "3.6.24-0.3.1", "packageName": "MozillaFirefox", "packageFilename": "MozillaFirefox-3.6.24-0.3.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.1", "packageVersion": "1.9.2.24-0.3.1", "packageName": "mozilla-xulrunner192", "packageFilename": "mozilla-xulrunner192-1.9.2.24-0.3.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.1", "packageVersion": "1.9.2.24-0.3.1", "packageName": "mozilla-xulrunner192-devel", "packageFilename": "mozilla-xulrunner192-devel-1.9.2.24-0.3.1.ppc64.rpm", "arch": "ppc64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "3.13.1-0.2.1", "packageName": "mozilla-nss-tools", "packageFilename": "mozilla-nss-tools-3.13.1-0.2.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.1", "packageVersion": "3.13.1-0.2.1", "packageName": "mozilla-nss-devel", "packageFilename": "mozilla-nss-devel-3.13.1-0.2.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.1", "packageVersion": "1.9.2.24-0.3.1", "packageName": "mozilla-xulrunner192-gnome-x86", "packageFilename": "mozilla-xulrunner192-gnome-x86-1.9.2.24-0.3.1.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "3.13.1-0.2.1", "packageName": "libfreebl3", "packageFilename": "libfreebl3-3.13.1-0.2.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "1.9.2.24-0.3.1", "packageName": "mozilla-xulrunner192-gnome", "packageFilename": "mozilla-xulrunner192-gnome-1.9.2.24-0.3.1.ppc64.rpm", "arch": "ppc64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.1", "packageVersion": "3.13.1-0.2.1", "packageName": "mozilla-nss-devel", "packageFilename": "mozilla-nss-devel-3.13.1-0.2.1.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "1.9.2.24-0.3.1", "packageName": "mozilla-xulrunner192-32bit", "packageFilename": "mozilla-xulrunner192-32bit-1.9.2.24-0.3.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "1.9.2.24-0.3.1", "packageName": "mozilla-xulrunner192", "packageFilename": "mozilla-xulrunner192-1.9.2.24-0.3.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "1.9.2.24-0.3.2", "packageName": "mozilla-xulrunner192-32bit", "packageFilename": "mozilla-xulrunner192-32bit-1.9.2.24-0.3.2.ppc64.rpm", "arch": "ppc64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "3.13.1-0.2.1", "packageName": "libfreebl3", "packageFilename": "libfreebl3-3.13.1-0.2.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "3.13.1-0.2.1", "packageName": "mozilla-nss", "packageFilename": "mozilla-nss-3.13.1-0.2.1.ppc64.rpm", "arch": "ppc64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "3.13.1-0.2.1", "packageName": "libfreebl3", "packageFilename": "libfreebl3-3.13.1-0.2.1.ppc64.rpm", "arch": "ppc64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "1.9.2.24-0.3.1", "packageName": "mozilla-xulrunner192", "packageFilename": "mozilla-xulrunner192-1.9.2.24-0.3.1.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "1.9.2.24-0.3.1", "packageName": "mozilla-xulrunner192", "packageFilename": "mozilla-xulrunner192-1.9.2.24-0.3.1.ppc64.rpm", "arch": "ppc64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "3.13.1-0.2.1", "packageName": "mozilla-nss-x86", "packageFilename": "mozilla-nss-x86-3.13.1-0.2.1.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "3.13.1-0.2.1", "packageName": "mozilla-nss-tools", "packageFilename": "mozilla-nss-tools-3.13.1-0.2.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.1", "packageVersion": "1.9.2.24-0.3.1", "packageName": "mozilla-xulrunner192-translations-32bit", "packageFilename": "mozilla-xulrunner192-translations-32bit-1.9.2.24-0.3.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.1", "packageVersion": "3.13.1-0.2.1", "packageName": "libfreebl3", "packageFilename": "libfreebl3-3.13.1-0.2.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "3.13.1-0.2.1", "packageName": "libfreebl3-32bit", "packageFilename": "libfreebl3-32bit-3.13.1-0.2.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.1", "packageVersion": "3.13.1-0.2.1", "packageName": "mozilla-nss", "packageFilename": "mozilla-nss-3.13.1-0.2.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.1", "packageVersion": "1.9.2.24-0.3.1", "packageName": "mozilla-xulrunner192-gnome", "packageFilename": "mozilla-xulrunner192-gnome-1.9.2.24-0.3.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "3.6.24-0.3.1", "packageName": "MozillaFirefox-translations", "packageFilename": "MozillaFirefox-translations-3.6.24-0.3.1.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.1", "packageVersion": "1.9.2.24-0.3.1", "packageName": "mozilla-xulrunner192-devel", "packageFilename": "mozilla-xulrunner192-devel-1.9.2.24-0.3.1.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "1.9.2.24-0.3.1", "packageName": "mozilla-xulrunner192", "packageFilename": "mozilla-xulrunner192-1.9.2.24-0.3.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.1", "packageVersion": "3.13.1-0.2.1", "packageName": "mozilla-nss-devel", "packageFilename": "mozilla-nss-devel-3.13.1-0.2.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "1.9.2.24-0.3.1", "packageName": "mozilla-xulrunner192-gnome", "packageFilename": "mozilla-xulrunner192-gnome-1.9.2.24-0.3.1.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.1", "packageVersion": "3.6.24-0.3.1", "packageName": "MozillaFirefox-translations", "packageFilename": "MozillaFirefox-translations-3.6.24-0.3.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.1", "packageVersion": "3.13.1-0.2.1", "packageName": "mozilla-nss-devel", "packageFilename": "mozilla-nss-devel-3.13.1-0.2.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "1.9.2.24-0.3.1", "packageName": "mozilla-xulrunner192", "packageFilename": "mozilla-xulrunner192-1.9.2.24-0.3.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "1.9.2.24-0.3.1", "packageName": "mozilla-xulrunner192-translations", "packageFilename": "mozilla-xulrunner192-translations-1.9.2.24-0.3.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.1", "packageVersion": "1.9.2.24-0.3.1", "packageName": "mozilla-xulrunner192-32bit", "packageFilename": "mozilla-xulrunner192-32bit-1.9.2.24-0.3.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.1", "packageVersion": "1.9.2.24-0.3.1", "packageName": "mozilla-xulrunner192-translations-32bit", "packageFilename": "mozilla-xulrunner192-translations-32bit-1.9.2.24-0.3.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.1", "packageVersion": "1.9.2.24-0.3.1", "packageName": "mozilla-xulrunner192-gnome", "packageFilename": "mozilla-xulrunner192-gnome-1.9.2.24-0.3.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "3.13.1-0.2.1", "packageName": "libfreebl3-x86", "packageFilename": "libfreebl3-x86-3.13.1-0.2.1.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.1", "packageVersion": "1.9.2.24-0.3.1", "packageName": "mozilla-xulrunner192-translations", "packageFilename": "mozilla-xulrunner192-translations-1.9.2.24-0.3.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "1.9.2.24-0.3.1", "packageName": "mozilla-xulrunner192-gnome", "packageFilename": "mozilla-xulrunner192-gnome-1.9.2.24-0.3.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.1", "packageVersion": "3.13.1-0.2.1", "packageName": "mozilla-nss", "packageFilename": "mozilla-nss-3.13.1-0.2.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "3.6.24-0.3.1", "packageName": "MozillaFirefox-translations", "packageFilename": "MozillaFirefox-translations-3.6.24-0.3.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "3.13.1-0.2.1", "packageName": "mozilla-nss", "packageFilename": "mozilla-nss-3.13.1-0.2.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.1", "packageVersion": "1.9.2.24-0.3.1", "packageName": "mozilla-xulrunner192-gnome", "packageFilename": "mozilla-xulrunner192-gnome-1.9.2.24-0.3.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.1", "packageVersion": "3.13.1-0.2.1", "packageName": "mozilla-nss-tools", "packageFilename": "mozilla-nss-tools-3.13.1-0.2.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.1", "packageVersion": "1.9.2.24-0.3.1", "packageName": "mozilla-xulrunner192", "packageFilename": "mozilla-xulrunner192-1.9.2.24-0.3.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "3.13.1-0.2.1", "packageName": "mozilla-nss-tools", "packageFilename": "mozilla-nss-tools-3.13.1-0.2.1.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.1", "packageVersion": "3.13.1-0.2.1", "packageName": "libfreebl3-32bit", "packageFilename": "libfreebl3-32bit-3.13.1-0.2.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "3.13.1-0.2.1", "packageName": "libfreebl3-32bit", "packageFilename": "libfreebl3-32bit-3.13.1-0.2.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.1", "packageVersion": "3.13.1-0.2.1", "packageName": "mozilla-nss-tools", "packageFilename": "mozilla-nss-tools-3.13.1-0.2.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.1", "packageVersion": "1.9.2.24-0.3.1", "packageName": "mozilla-xulrunner192-devel", "packageFilename": "mozilla-xulrunner192-devel-1.9.2.24-0.3.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.1", "packageVersion": "1.9.2.24-0.3.1", "packageName": "mozilla-xulrunner192", "packageFilename": "mozilla-xulrunner192-1.9.2.24-0.3.1.i586.rpm", "arch": "i586", "operator": "lt"}], "description": "MozillaFirefox has been updated to version 1.9.2.24\n (bnc#728520) to fix the following security issues:\n\n * MFSA 2011-46/CVE-2011-3647 (bmo#680880) loadSubScript\n unwraps XPCNativeWrapper scope parameter\n * MFSA 2011-47/CVE-2011-3648 (bmo#690225) Potential XSS\n against sites using Shift-JIS\n * MFSA 2011-49/CVE-2011-3650 (bmo#674776) Memory\n corruption while profiling using Firebug\n", "edition": 1, "reporter": "Suse", "published": "2011-11-17T23:08:23", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "suse", "title": "Security update for Mozilla Firefox (critical)", "bulletinFamily": "unix", "cvelist": ["CVE-2011-3648", "CVE-2011-2998", "CVE-2011-2372", "CVE-2011-3650", "CVE-2011-3647", "CVE-2011-3653", "CVE-2011-3649", "CVE-2011-2996", "CVE-2011-3651", "CVE-2011-3000", "CVE-2011-3655", "CVE-2011-2999", "CVE-2011-3001"], "modified": "2011-11-17T23:08:23", "id": "SUSE-SU-2011:1256-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00020.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:45:07", "references": ["https://bugzilla.novell.com/728520"], "affectedPackage": [{"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "2.5-0.2.1", "arch": "i586", "packageFilename": "seamonkey-2.5-0.2.1.i586.rpm", "packageName": "seamonkey", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "2.5-0.2.1", "arch": "x86_64", "packageFilename": "seamonkey-2.5-0.2.1.x86_64.rpm", "packageName": "seamonkey", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "2.5-0.2.1", "arch": "i586", "packageFilename": "seamonkey-translations-common-2.5-0.2.1.i586.rpm", "packageName": "seamonkey-translations-common", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "2.5-0.2.1", "arch": "i586", "packageFilename": "seamonkey-translations-other-2.5-0.2.1.i586.rpm", "packageName": "seamonkey-translations-other", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "2.5-0.2.1", "arch": "i586", "packageFilename": "seamonkey-irc-2.5-0.2.1.i586.rpm", "packageName": "seamonkey-irc", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "2.5-0.2.1", "arch": "x86_64", "packageFilename": "seamonkey-venkman-2.5-0.2.1.x86_64.rpm", "packageName": "seamonkey-venkman", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "2.5-0.2.1", "arch": "x86_64", "packageFilename": "seamonkey-dom-inspector-2.5-0.2.1.x86_64.rpm", "packageName": "seamonkey-dom-inspector", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "2.5-0.2.1", "arch": "x86_64", "packageFilename": "seamonkey-irc-2.5-0.2.1.x86_64.rpm", "packageName": "seamonkey-irc", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "2.5-0.2.1", "arch": "x86_64", "packageFilename": "seamonkey-translations-other-2.5-0.2.1.x86_64.rpm", "packageName": "seamonkey-translations-other", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "2.5-0.2.1", "arch": "x86_64", "packageFilename": "seamonkey-translations-other-2.5-0.2.1.x86_64.rpm", "packageName": "seamonkey-translations-other", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "2.5-0.2.1", "arch": "i586", "packageFilename": "seamonkey-venkman-2.5-0.2.1.i586.rpm", "packageName": "seamonkey-venkman", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "2.5-0.2.1", "arch": "i586", "packageFilename": "seamonkey-dom-inspector-2.5-0.2.1.i586.rpm", "packageName": "seamonkey-dom-inspector", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "2.5-0.2.1", "arch": "i586", "packageFilename": "seamonkey-dom-inspector-2.5-0.2.1.i586.rpm", "packageName": "seamonkey-dom-inspector", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "2.5-0.2.1", "arch": "x86_64", "packageFilename": "seamonkey-dom-inspector-2.5-0.2.1.x86_64.rpm", "packageName": "seamonkey-dom-inspector", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "2.5-0.2.1", "arch": "x86_64", "packageFilename": "seamonkey-irc-2.5-0.2.1.x86_64.rpm", "packageName": "seamonkey-irc", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "2.5-0.2.1", "arch": "x86_64", "packageFilename": "seamonkey-translations-common-2.5-0.2.1.x86_64.rpm", "packageName": "seamonkey-translations-common", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "2.5-0.2.1", "arch": "x86_64", "packageFilename": "seamonkey-venkman-2.5-0.2.1.x86_64.rpm", "packageName": "seamonkey-venkman", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "2.5-0.2.1", "arch": "i586", "packageFilename": "seamonkey-venkman-2.5-0.2.1.i586.rpm", "packageName": "seamonkey-venkman", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "2.5-0.2.1", "arch": "i586", "packageFilename": "seamonkey-translations-common-2.5-0.2.1.i586.rpm", "packageName": "seamonkey-translations-common", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "2.5-0.2.1", "arch": "i586", "packageFilename": "seamonkey-irc-2.5-0.2.1.i586.rpm", "packageName": "seamonkey-irc", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "2.5-0.2.1", "arch": "x86_64", "packageFilename": "seamonkey-2.5-0.2.1.x86_64.rpm", "packageName": "seamonkey", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "2.5-0.2.1", "arch": "i586", "packageFilename": "seamonkey-translations-other-2.5-0.2.1.i586.rpm", "packageName": "seamonkey-translations-other", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "2.5-0.2.1", "arch": "x86_64", "packageFilename": "seamonkey-translations-common-2.5-0.2.1.x86_64.rpm", "packageName": "seamonkey-translations-common", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "2.5-0.2.1", "arch": "i586", "packageFilename": "seamonkey-2.5-0.2.1.i586.rpm", "packageName": "seamonkey", "operator": "lt"}], "description": "Seamonkey was upgraded to version 2.5 in order to fix the\n following security problems:\n\n * MFSA 2011-47/CVE-2011-3648 (bmo#690225) Potential XSS\n against sites using Shift-JIS\n\n * MFSA 2011-48/CVE-2011-3651/CVE-2011-3652/CVE-2011-3654\n Miscellaneous memory safety hazards\n\n * MFSA 2011-49/CVE-2011-3650 (bmo#674776) Memory corruption\n while profiling using Firebug\n\n * MFSA 2011-52/CVE-2011-3655 (bmo#672182) Code execution\n via NoWaiverWrapper\n\n", "edition": 1, "reporter": "Suse", "published": "2011-12-01T15:08:20", "title": "Seamonkey update (critical)", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "suse", "bulletinFamily": "unix", "cvelist": ["CVE-2011-3648", "CVE-2011-3640", "CVE-2011-2998", "CVE-2011-3654", "CVE-2011-3652", "CVE-2011-2372", "CVE-2011-3650", "CVE-2011-3647", "CVE-2011-3653", "CVE-2011-3649", "CVE-2011-2996", "CVE-2011-3651", "CVE-2011-3000", "CVE-2011-3655", "CVE-2011-2999", "CVE-2011-3001"], "modified": "2011-12-01T15:08:20", "id": "OPENSUSE-SU-2011:1290-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00001.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:23:19", "references": ["http://download.novell.com/patch/finder/?keywords=d38a557341c2b284b12c5c1e21800a6d", "https://bugzilla.novell.com/726096", "https://bugzilla.novell.com/728520"], "affectedPackage": [{"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "3.13.1-0.5.1", "arch": "ppc", "packageFilename": "mozilla-nss-tools-3.13.1-0.5.1.ppc.rpm", "packageName": "mozilla-nss-tools", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "10.4", "packageVersion": "3.13.1-0.5.1", "arch": "x86_64", "packageFilename": "mozilla-nss-32bit-3.13.1-0.5.1.x86_64.rpm", "packageName": "mozilla-nss-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "3.13.1-0.5.1", "arch": "i586", "packageFilename": "mozilla-nss-tools-3.13.1-0.5.1.i586.rpm", "packageName": "mozilla-nss-tools", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "3.13.1-0.5.1", "arch": "ppc", "packageFilename": "mozilla-nss-64bit-3.13.1-0.5.1.ppc.rpm", "packageName": "mozilla-nss-64bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "3.13.1-0.5.1", "arch": "i586", "packageFilename": "mozilla-nss-devel-3.13.1-0.5.1.i586.rpm", "packageName": "mozilla-nss-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "3.13.1-0.5.1", "arch": "i586", "packageFilename": "mozilla-nss-3.13.1-0.5.1.i586.rpm", "packageName": "mozilla-nss", "operator": "lt"}, {"OS": "SLE SDK", "OSVersion": "10.4", "packageVersion": "3.13.1-0.5.1", "arch": "i586", "packageFilename": "mozilla-nss-tools-3.13.1-0.5.1.i586.rpm", "packageName": "mozilla-nss-tools", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "3.13.1-0.5.1", "arch": "ppc", "packageFilename": "mozilla-nss-3.13.1-0.5.1.ppc.rpm", "packageName": "mozilla-nss", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "10.4", "packageVersion": "3.13.1-0.5.1", "arch": "i586", "packageFilename": "mozilla-nss-3.13.1-0.5.1.i586.rpm", "packageName": "mozilla-nss", "operator": "lt"}, {"OS": "SLE SDK", "OSVersion": "10.4", "packageVersion": "3.13.1-0.5.1", "arch": "s390x", "packageFilename": "mozilla-nss-tools-3.13.1-0.5.1.s390x.rpm", "packageName": "mozilla-nss-tools", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "3.13.1-0.5.1", "arch": "ia64", "packageFilename": "mozilla-nss-tools-3.13.1-0.5.1.ia64.rpm", "packageName": "mozilla-nss-tools", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "3.13.1-0.5.1", "arch": "ia64", "packageFilename": "mozilla-nss-x86-3.13.1-0.5.1.ia64.rpm", "packageName": "mozilla-nss-x86", "operator": "lt"}, {"OS": "SLE SDK", "OSVersion": "10.4", "packageVersion": "3.13.1-0.5.1", "arch": "ia64", "packageFilename": "mozilla-nss-tools-3.13.1-0.5.1.ia64.rpm", "packageName": "mozilla-nss-tools", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "3.13.1-0.5.1", "arch": "x86_64", "packageFilename": "mozilla-nss-3.13.1-0.5.1.x86_64.rpm", "packageName": "mozilla-nss", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "3.13.1-0.5.1", "arch": "ppc", "packageFilename": "mozilla-nss-devel-3.13.1-0.5.1.ppc.rpm", "packageName": "mozilla-nss-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "3.13.1-0.5.1", "arch": "s390x", "packageFilename": "mozilla-nss-tools-3.13.1-0.5.1.s390x.rpm", "packageName": "mozilla-nss-tools", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "3.13.1-0.5.1", "arch": "s390x", "packageFilename": "mozilla-nss-devel-3.13.1-0.5.1.s390x.rpm", "packageName": "mozilla-nss-devel", "operator": "lt"}, {"OS": "SLE SDK", "OSVersion": "10.4", "packageVersion": "3.13.1-0.5.1", "arch": "x86_64", "packageFilename": "mozilla-nss-tools-3.13.1-0.5.1.x86_64.rpm", "packageName": "mozilla-nss-tools", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "3.13.1-0.5.1", "arch": "ia64", "packageFilename": "mozilla-nss-devel-3.13.1-0.5.1.ia64.rpm", "packageName": "mozilla-nss-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "10.4", "packageVersion": "3.13.1-0.5.1", "arch": "i586", "packageFilename": "mozilla-nss-devel-3.13.1-0.5.1.i586.rpm", "packageName": "mozilla-nss-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "10.4", "packageVersion": "3.13.1-0.5.1", "arch": "x86_64", "packageFilename": "mozilla-nss-3.13.1-0.5.1.x86_64.rpm", "packageName": "mozilla-nss", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "10.4", "packageVersion": "3.13.1-0.5.1", "arch": "x86_64", "packageFilename": "mozilla-nss-tools-3.13.1-0.5.1.x86_64.rpm", "packageName": "mozilla-nss-tools", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "3.13.1-0.5.1", "arch": "x86_64", "packageFilename": "mozilla-nss-32bit-3.13.1-0.5.1.x86_64.rpm", "packageName": "mozilla-nss-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "3.13.1-0.5.1", "arch": "x86_64", "packageFilename": "mozilla-nss-devel-3.13.1-0.5.1.x86_64.rpm", "packageName": "mozilla-nss-devel", "operator": "lt"}, {"OS": "SLE SDK", "OSVersion": "10.4", "packageVersion": "3.13.1-0.5.1", "arch": "ppc", "packageFilename": "mozilla-nss-tools-3.13.1-0.5.1.ppc.rpm", "packageName": "mozilla-nss-tools", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "3.13.1-0.5.1", "arch": "s390x", "packageFilename": "mozilla-nss-32bit-3.13.1-0.5.1.s390x.rpm", "packageName": "mozilla-nss-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "10.4", "packageVersion": "3.13.1-0.5.1", "arch": "i586", "packageFilename": "mozilla-nss-tools-3.13.1-0.5.1.i586.rpm", "packageName": "mozilla-nss-tools", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "3.13.1-0.5.1", "arch": "x86_64", "packageFilename": "mozilla-nss-tools-3.13.1-0.5.1.x86_64.rpm", "packageName": "mozilla-nss-tools", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "10.4", "packageVersion": "3.13.1-0.5.1", "arch": "x86_64", "packageFilename": "mozilla-nss-devel-3.13.1-0.5.1.x86_64.rpm", "packageName": "mozilla-nss-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "3.13.1-0.5.1", "arch": "ia64", "packageFilename": "mozilla-nss-3.13.1-0.5.1.ia64.rpm", "packageName": "mozilla-nss", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "3.13.1-0.5.1", "arch": "s390x", "packageFilename": "mozilla-nss-3.13.1-0.5.1.s390x.rpm", "packageName": "mozilla-nss", "operator": "lt"}], "description": "This update to version 3.13.1 of mozilla-nss fixes the\n following issues:\n\n * Explicitly distrust DigiCert Sdn. Bhd (bmo#698753)\n * Better SHA-224 support (bmo#647706)\n * Fix a regression (causing hangs in some situations)\n introduced in 3.13 (bmo#693228)\n * SSL 2.0 is disabled by default\n * A defense against the SSL 3.0 and TLS 1.0 CBC chosen\n plaintext attack demonstrated by Rizzo and Duong\n (CVE-2011-3389) has been enabled by default. Set the\n SSL_CBC_RANDOM_IV SSL option to PR_FALSE to disable it.\n * Support SHA-224\n * Add PORT_ErrorToString and PORT_ErrorToName to return\n the error message and symbolic name of an NSS error code\n * Add NSS_GetVersion to return the NSS version string\n * Add experimental support of RSA-PSS to the softoken\n only\n * NSS_NoDB_Init does not try to open /pkcs11.txt and\n /secmod.db anymore (bmo#641052)\n\n Security Issues:\n\n * CVE-2011-3648\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3648\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3648</a>\n >\n * CVE-2011-3000\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3000\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3000</a>\n >\n * CVE-2011-3001\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3001\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3001</a>\n >\n * CVE-2011-3647\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3647\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3647</a>\n >\n * CVE-2011-2372\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2372\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2372</a>\n >\n * CVE-2011-2999\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2999\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2999</a>\n >\n * CVE-2011-3650\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3650\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3650</a>\n >\n * CVE-2011-2998\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2998\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2998</a>\n >\n * CVE-2011-2996\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2996\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2996</a>\n >\n * CVE-2011-3655\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3655\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3655</a>\n >\n * CVE-2011-3653\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3653\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3653</a>\n >\n * CVE-2011-3649\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3649\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3649</a>\n >\n * CVE-2011-3651\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3651\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3651</a>\n >\n", "edition": 1, "reporter": "Suse", "published": "2011-11-18T22:08:26", "title": "Security update for mozilla-nss (critical)", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "suse", "bulletinFamily": "unix", "cvelist": ["CVE-2011-3648", "CVE-2011-2998", "CVE-2011-2372", "CVE-2011-3389", "CVE-2011-3650", "CVE-2011-3647", "CVE-2011-3653", "CVE-2011-3649", "CVE-2011-2996", "CVE-2011-3651", "CVE-2011-3000", "CVE-2011-3655", "CVE-2011-2999", "CVE-2011-3001"], "modified": "2011-11-18T22:08:26", "id": "SUSE-SU-2011:1256-2", "href": "http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00023.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:21:58", "references": ["https://bugzilla.novell.com/887746", "https://bugzilla.novell.com/603356", "https://bugzilla.novell.com/750044", "https://bugzilla.novell.com/765204", "https://bugzilla.novell.com/637303", "https://bugzilla.novell.com/861847", "https://bugzilla.novell.com/808243", "https://bugzilla.novell.com/528406", "https://bugzilla.novell.com/664211", "https://bugzilla.novell.com/657016", "https://bugzilla.novell.com/667155", "https://bugzilla.novell.com/771583", "https://bugzilla.novell.com/894201", "https://bugzilla.novell.com/825935", "https://bugzilla.novell.com/642502", "https://bugzilla.novell.com/720264", "https://bugzilla.novell.com/41903", "https://bugzilla.novell.com/104586", "https://bugzilla.novell.com/737533", "https://bugzilla.novell.com/881874", "https://bugzilla.novell.com/503151", "https://bugzilla.novell.com/726758", "https://bugzilla.novell.com/868603", "https://bugzilla.novell.com/593807", "https://bugzilla.novell.com/649492", "https://bugzilla.novell.com/622506", "https://bugzilla.novell.com/576969", "https://bugzilla.novell.com/796895", "https://bugzilla.novell.com/689281", "https://bugzilla.novell.com/354469", "https://bugzilla.novell.com/840485", "https://bugzilla.novell.com/847708", "https://bugzilla.novell.com/701296", "https://bugzilla.novell.com/744275", "https://bugzilla.novell.com/385739", "https://bugzilla.novell.com/790140", "https://bugzilla.novell.com/894370", "https://bugzilla.novell.com/529180", "https://bugzilla.novell.com/417869", "https://bugzilla.novell.com/429179", "https://bugzilla.novell.com/747328", "https://bugzilla.novell.com/712224", "https://bugzilla.novell.com/758408", "https://bugzilla.novell.com/559819", "https://bugzilla.novell.com/441084", "https://bugzilla.novell.com/455804", "https://bugzilla.novell.com/876833", "https://bugzilla.novell.com/804248", "https://bugzilla.novell.com/390992", "https://bugzilla.novell.com/819204", "https://bugzilla.novell.com/733002", "https://bugzilla.novell.com/777588", "https://bugzilla.novell.com/854370", "https://bugzilla.novell.com/484321", "https://bugzilla.novell.com/786522", "https://bugzilla.novell.com/582276", "https://bugzilla.novell.com/527418", "https://bugzilla.novell.com/732898", "https://bugzilla.novell.com/755060", "https://bugzilla.novell.com/714931", "https://bugzilla.novell.com/749440", "https://bugzilla.novell.com/833389", "https://bugzilla.novell.com/783533", "https://bugzilla.novell.com/728520", "https://bugzilla.novell.com/813026", "https://bugzilla.novell.com/439841", "https://bugzilla.novell.com/746616", "https://bugzilla.novell.com/518603", "https://bugzilla.novell.com/542809", "https://bugzilla.novell.com/645315", "https://bugzilla.novell.com/875378", "https://bugzilla.novell.com/586567"], "affectedPackage": [{"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "i586", "packageFilename": "libfreebl3-3.16.4-94.1.i586.rpm", "packageName": "libfreebl3", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "x86_64", "packageFilename": "mozilla-nss-tools-3.16.4-94.1.x86_64.rpm", "packageName": "mozilla-nss-tools", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "24.8.0-127.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-translations-other-24.8.0-127.1.x86_64.rpm", "packageName": "MozillaFirefox-translations-other", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "x86_64", "packageFilename": "mozilla-nss-debuginfo-3.16.4-94.1.x86_64.rpm", "packageName": "mozilla-nss-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "24.8.0-127.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-debuginfo-24.8.0-127.1.x86_64.rpm", "packageName": "MozillaFirefox-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "x86_64", "packageFilename": "mozilla-nss-debuginfo-32bit-3.16.4-94.1.x86_64.rpm", "packageName": "mozilla-nss-debuginfo-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "i586", "packageFilename": "mozilla-nss-debuginfo-3.16.4-94.1.i586.rpm", "packageName": "mozilla-nss-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "x86_64", "packageFilename": "libfreebl3-debuginfo-3.16.4-94.1.x86_64.rpm", "packageName": "libfreebl3-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "i586", "packageFilename": "mozilla-nss-tools-3.16.4-94.1.i586.rpm", "packageName": "mozilla-nss-tools", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "i586", "packageFilename": "libsoftokn3-debuginfo-3.16.4-94.1.i586.rpm", "packageName": "libsoftokn3-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "x86_64", "packageFilename": "libfreebl3-32bit-3.16.4-94.1.x86_64.rpm", "packageName": "libfreebl3-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "24.8.0-127.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-devel-24.8.0-127.1.x86_64.rpm", "packageName": "MozillaFirefox-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "ia64", "packageFilename": "libsoftokn3-x86-3.16.4-94.1.ia64.rpm", "packageName": "libsoftokn3-x86", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "i586", "packageFilename": "mozilla-nss-certs-debuginfo-3.16.4-94.1.i586.rpm", "packageName": "mozilla-nss-certs-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "ia64", "packageFilename": "mozilla-nss-debuginfo-x86-3.16.4-94.1.ia64.rpm", "packageName": "mozilla-nss-debuginfo-x86", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "x86_64", "packageFilename": "mozilla-nss-certs-3.16.4-94.1.x86_64.rpm", "packageName": "mozilla-nss-certs", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "ia64", "packageFilename": "mozilla-nss-sysinit-debuginfo-x86-3.16.4-94.1.ia64.rpm", "packageName": "mozilla-nss-sysinit-debuginfo-x86", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "x86_64", "packageFilename": "mozilla-nss-certs-debuginfo-32bit-3.16.4-94.1.x86_64.rpm", "packageName": "mozilla-nss-certs-debuginfo-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "24.8.0-127.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-debugsource-24.8.0-127.1.x86_64.rpm", "packageName": "MozillaFirefox-debugsource", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "24.8.0-127.1", "arch": "i586", "packageFilename": "MozillaFirefox-translations-other-24.8.0-127.1.i586.rpm", "packageName": "MozillaFirefox-translations-other", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "i586", "packageFilename": "mozilla-nss-certs-3.16.4-94.1.i586.rpm", "packageName": "mozilla-nss-certs", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "24.8.0-127.1", "arch": "i586", "packageFilename": "MozillaFirefox-buildsymbols-24.8.0-127.1.i586.rpm", "packageName": "MozillaFirefox-buildsymbols", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "x86_64", "packageFilename": "libsoftokn3-3.16.4-94.1.x86_64.rpm", "packageName": "libsoftokn3", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "ia64", "packageFilename": "mozilla-nss-sysinit-x86-3.16.4-94.1.ia64.rpm", "packageName": "mozilla-nss-sysinit-x86", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "ia64", "packageFilename": "libfreebl3-x86-3.16.4-94.1.ia64.rpm", "packageName": "libfreebl3-x86", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "x86_64", "packageFilename": "libsoftokn3-32bit-3.16.4-94.1.x86_64.rpm", "packageName": "libsoftokn3-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "ia64", "packageFilename": "mozilla-nss-certs-x86-3.16.4-94.1.ia64.rpm", "packageName": "mozilla-nss-certs-x86", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "i586", "packageFilename": "libfreebl3-debuginfo-3.16.4-94.1.i586.rpm", "packageName": "libfreebl3-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "ia64", "packageFilename": "mozilla-nss-x86-3.16.4-94.1.ia64.rpm", "packageName": "mozilla-nss-x86", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "24.8.0-127.1", "arch": "i586", "packageFilename": "MozillaFirefox-debugsource-24.8.0-127.1.i586.rpm", "packageName": "MozillaFirefox-debugsource", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "x86_64", "packageFilename": "mozilla-nss-sysinit-3.16.4-94.1.x86_64.rpm", "packageName": "mozilla-nss-sysinit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "x86_64", "packageFilename": "mozilla-nss-certs-debuginfo-3.16.4-94.1.x86_64.rpm", "packageName": "mozilla-nss-certs-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "x86_64", "packageFilename": "mozilla-nss-sysinit-debuginfo-32bit-3.16.4-94.1.x86_64.rpm", "packageName": "mozilla-nss-sysinit-debuginfo-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "ia64", "packageFilename": "libfreebl3-debuginfo-x86-3.16.4-94.1.ia64.rpm", "packageName": "libfreebl3-debuginfo-x86", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "x86_64", "packageFilename": "mozilla-nss-3.16.4-94.1.x86_64.rpm", "packageName": "mozilla-nss", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "x86_64", "packageFilename": "mozilla-nss-certs-32bit-3.16.4-94.1.x86_64.rpm", "packageName": "mozilla-nss-certs-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "i586", "packageFilename": "libsoftokn3-3.16.4-94.1.i586.rpm", "packageName": "libsoftokn3", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "x86_64", "packageFilename": "libfreebl3-3.16.4-94.1.x86_64.rpm", "packageName": "libfreebl3", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "i586", "packageFilename": "mozilla-nss-tools-debuginfo-3.16.4-94.1.i586.rpm", "packageName": "mozilla-nss-tools-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "i586", "packageFilename": "mozilla-nss-debugsource-3.16.4-94.1.i586.rpm", "packageName": "mozilla-nss-debugsource", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "24.8.0-127.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-branding-upstream-24.8.0-127.1.x86_64.rpm", "packageName": "MozillaFirefox-branding-upstream", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "x86_64", "packageFilename": "mozilla-nss-devel-3.16.4-94.1.x86_64.rpm", "packageName": "mozilla-nss-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "x86_64", "packageFilename": "mozilla-nss-tools-debuginfo-3.16.4-94.1.x86_64.rpm", "packageName": "mozilla-nss-tools-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "x86_64", "packageFilename": "libsoftokn3-debuginfo-3.16.4-94.1.x86_64.rpm", "packageName": "libsoftokn3-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "24.8.0-127.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-buildsymbols-24.8.0-127.1.x86_64.rpm", "packageName": "MozillaFirefox-buildsymbols", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "24.8.0-127.1", "arch": "i586", "packageFilename": "MozillaFirefox-devel-24.8.0-127.1.i586.rpm", "packageName": "MozillaFirefox-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "24.8.0-127.1", "arch": "i586", "packageFilename": "MozillaFirefox-translations-common-24.8.0-127.1.i586.rpm", "packageName": "MozillaFirefox-translations-common", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "x86_64", "packageFilename": "mozilla-nss-debugsource-3.16.4-94.1.x86_64.rpm", "packageName": "mozilla-nss-debugsource", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "i586", "packageFilename": "mozilla-nss-sysinit-debuginfo-3.16.4-94.1.i586.rpm", "packageName": "mozilla-nss-sysinit-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "24.8.0-127.1", "arch": "i586", "packageFilename": "MozillaFirefox-branding-upstream-24.8.0-127.1.i586.rpm", "packageName": "MozillaFirefox-branding-upstream", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "24.8.0-127.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-24.8.0-127.1.x86_64.rpm", "packageName": "MozillaFirefox", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "x86_64", "packageFilename": "libfreebl3-debuginfo-32bit-3.16.4-94.1.x86_64.rpm", "packageName": "libfreebl3-debuginfo-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "x86_64", "packageFilename": "libsoftokn3-debuginfo-32bit-3.16.4-94.1.x86_64.rpm", "packageName": "libsoftokn3-debuginfo-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "x86_64", "packageFilename": "mozilla-nss-sysinit-debuginfo-3.16.4-94.1.x86_64.rpm", "packageName": "mozilla-nss-sysinit-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "ia64", "packageFilename": "mozilla-nss-certs-debuginfo-x86-3.16.4-94.1.ia64.rpm", "packageName": "mozilla-nss-certs-debuginfo-x86", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "ia64", "packageFilename": "libsoftokn3-debuginfo-x86-3.16.4-94.1.ia64.rpm", "packageName": "libsoftokn3-debuginfo-x86", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "24.8.0-127.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-translations-common-24.8.0-127.1.x86_64.rpm", "packageName": "MozillaFirefox-translations-common", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "i586", "packageFilename": "mozilla-nss-3.16.4-94.1.i586.rpm", "packageName": "mozilla-nss", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "24.8.0-127.1", "arch": "i586", "packageFilename": "MozillaFirefox-24.8.0-127.1.i586.rpm", "packageName": "MozillaFirefox", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "24.8.0-127.1", "arch": "i586", "packageFilename": "MozillaFirefox-debuginfo-24.8.0-127.1.i586.rpm", "packageName": "MozillaFirefox-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "x86_64", "packageFilename": "mozilla-nss-32bit-3.16.4-94.1.x86_64.rpm", "packageName": "mozilla-nss-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "i586", "packageFilename": "mozilla-nss-devel-3.16.4-94.1.i586.rpm", "packageName": "mozilla-nss-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "i586", "packageFilename": "mozilla-nss-sysinit-3.16.4-94.1.i586.rpm", "packageName": "mozilla-nss-sysinit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "x86_64", "packageFilename": "mozilla-nss-sysinit-32bit-3.16.4-94.1.x86_64.rpm", "packageName": "mozilla-nss-sysinit-32bit", "operator": "lt"}], "description": "This patch contains security updates for\n\n * mozilla-nss 3.16.4\n - The following 1024-bit root CA certificate was restored to allow more\n time to develop a better transition strategy for affected sites. It\n was removed in NSS 3.16.3, but discussion in the\n mozilla.dev.security.policy forum led to the decision to keep this\n root included longer in order to give website administrators more time\n to update their web servers.\n - CN = GTE CyberTrust Global Root\n * In NSS 3.16.3, the 1024-bit "Entrust.net Secure Server Certification\n Authority" root CA certificate was removed. In NSS 3.16.4, a 2048-bit\n intermediate CA certificate has been included, without explicit trust.\n The intention is to mitigate the effects of the previous removal of\n the 1024-bit Entrust.net root certificate, because many public\n Internet sites still use the "USERTrust Legacy Secure Server CA"\n intermediate certificate that is signed by the 1024-bit Entrust.net\n root certificate. The inclusion of the intermediate certificate is a\n temporary measure to allow those sites to function, by allowing them\n to find a trust path to another 2048-bit root CA certificate. The\n temporarily included intermediate certificate expires November 1, 2015.\n\n * Firefox 31.1esr Firefox is updated from 24esr to 31esr as maintenance\n for version 24 stopped\n\n", "edition": 1, "reporter": "Suse", "published": "2014-09-09T18:04:16", "title": "Firefox update to 31.1esr (important)", "enchantments": {"score": {"vector": "NONE", "value": 2.1}}, "type": "suse", "bulletinFamily": "unix", "cvelist": ["CVE-2012-1945", "CVE-2011-3648", "CVE-2014-1505", "CVE-2014-1536", "CVE-2011-0061", "CVE-2011-0077", "CVE-2014-1513", "CVE-2012-0478", "CVE-2012-4193", "CVE-2012-0442", "CVE-2013-5601", "CVE-2013-1687", "CVE-2013-5612", "CVE-2013-1692", "CVE-2010-0654", "CVE-2012-1962", "CVE-2013-0743", "CVE-2012-0443", "CVE-2012-5842", "CVE-2012-4212", "CVE-2013-5595", "CVE-2010-0176", "CVE-2014-1530", "CVE-2011-0083", "CVE-2010-1203", "CVE-2013-1737", "CVE-2012-4214", "CVE-2008-1236", "CVE-2013-5611", "CVE-2012-1970", "CVE-2008-3835", "CVE-2013-1709", "CVE-2007-3738", "CVE-2012-3989", "CVE-2013-5616", "CVE-2013-1678", "CVE-2010-2762", "CVE-2012-5830", "CVE-2013-0763", "CVE-2014-1510", "CVE-2011-3026", "CVE-2012-0460", "CVE-2013-5613", "CVE-2012-1973", "CVE-2014-1522", "CVE-2011-3654", "CVE-2014-1567", "CVE-2012-1974", "CVE-2010-2766", "CVE-2012-4195", "CVE-2012-3986", "CVE-2013-0783", "CVE-2007-3734", "CVE-2011-2371", "CVE-2014-1481", "CVE-2013-1670", "CVE-2012-4185", "CVE-2010-3777", "CVE-2012-3991", "CVE-2013-1719", "CVE-2012-3968", "CVE-2013-1725", "CVE-2012-3963", "CVE-2014-1539", "CVE-2010-0174", "CVE-2012-0452", "CVE-2013-1735", "CVE-2012-1956", "CVE-2014-1487", "CVE-2012-3978", "CVE-2012-3985", "CVE-2013-0746", "CVE-2012-5829", "CVE-2009-1571", "CVE-2012-1944", "CVE-2012-5838", "CVE-2011-2986", "CVE-2010-1205", "CVE-2014-1538", "CVE-2012-4213", "CVE-2013-1685", "CVE-2012-0479", "CVE-2013-5609", "CVE-2007-3737", "CVE-2013-0766", "CVE-2007-3736", "CVE-2012-1940", "CVE-2013-1697", "CVE-2014-1484", "CVE-2014-1525", "CVE-2012-3993", "CVE-2013-5619", "CVE-2012-5837", "CVE-2008-5500", "CVE-2012-5836", "CVE-2014-1509", "CVE-2009-0772", "CVE-2013-0787", "CVE-2012-3995", "CVE-2012-4201", "CVE-2010-0159", "CVE-2009-0773", "CVE-2011-3659", "CVE-2011-3663", "CVE-2014-1494", "CVE-2014-1559", "CVE-2013-0747", "CVE-2012-0470", "CVE-2012-0446", "CVE-2008-4063", "CVE-2014-1537", "CVE-2013-1694", "CVE-2014-1523", "CVE-2012-1972", "CVE-2010-1200", "CVE-2010-0175", "CVE-2012-3988", "CVE-2012-0457", "CVE-2010-3778", "CVE-2012-3994", "CVE-2013-5615", "CVE-2013-1680", "CVE-2012-3962", "CVE-2012-0459", "CVE-2011-2362", "CVE-2014-1529", "CVE-2013-1724", "CVE-2010-1213", "CVE-2013-5597", "CVE-2012-5843", "CVE-2014-1543", "CVE-2014-1486", "CVE-2011-0085", "CVE-2013-5590", "CVE-2008-5510", "CVE-2011-0080", "CVE-2013-0780", "CVE-2008-5502", "CVE-2010-3765", "CVE-2013-1732", "CVE-2013-0744", "CVE-2013-0795", "CVE-2008-1237", "CVE-2013-1720", "CVE-2008-4070", "CVE-2013-0748", "CVE-2012-4183", "CVE-2010-3178", "CVE-2013-1679", "CVE-2007-3285", "CVE-2013-5610", "CVE-2013-0768", "CVE-2011-3661", "CVE-2012-4181", "CVE-2014-1532", "CVE-2013-6671", "CVE-2009-0040", "CVE-2011-3652", "CVE-2013-0755", "CVE-2008-4067", "CVE-2014-1548", "CVE-2011-2364", "CVE-2014-1531", "CVE-2013-0752", "CVE-2012-4186", "CVE-2014-1508", "CVE-2012-1948", "CVE-2008-5012", "CVE-2012-1938", "CVE-2013-0796", "CVE-2012-0449", "CVE-2010-3769", "CVE-2012-3969", "CVE-2014-1502", "CVE-2013-1723", "CVE-2013-0782", "CVE-2012-1953", "CVE-2012-1949", "CVE-2014-1542", "CVE-2012-0456", "CVE-2011-2372", "CVE-2010-3169", "CVE-2012-3970", "CVE-2011-0053", "CVE-2012-5840", "CVE-2010-3176", "CVE-2012-4191", "CVE-2010-3174", "CVE-2010-3768", "CVE-2014-1477", "CVE-2013-0800", "CVE-2010-1212", "CVE-2013-1681", "CVE-2010-1211", "CVE-2010-1121", "CVE-2013-0773", "CVE-2013-0754", "CVE-2010-3167", "CVE-2012-4202", "CVE-2010-3180", "CVE-2012-3957", "CVE-2011-3660", "CVE-2014-1540", "CVE-2014-1534", "CVE-2012-1941", "CVE-2013-1738", "CVE-2014-1482", "CVE-2014-1479", "CVE-2008-4066", "CVE-2008-5018", "CVE-2012-3984", "CVE-2014-1504", "CVE-2012-0444", "CVE-2011-3650", "CVE-2014-1511", "CVE-2010-2753", "CVE-2012-1946", "CVE-2010-3776", "CVE-2012-4182", "CVE-2008-1233", "CVE-2012-4187", "CVE-2012-3983", "CVE-2011-0062", "CVE-2008-0016", "CVE-2011-3101", "CVE-2010-3168", "CVE-2013-0788", "CVE-2013-1728", "CVE-2014-1545", "CVE-2010-0173", "CVE-2012-0472", "CVE-2013-5592", "CVE-2013-1730", "CVE-2008-4059", "CVE-2010-2764", "CVE-2014-1492", "CVE-2011-0081", "CVE-2009-0771", "CVE-2007-3670", "CVE-2012-1954", "CVE-2009-0774", "CVE-2014-1556", "CVE-2012-0461", "CVE-2011-2376", "CVE-2012-3958", "CVE-2012-0469", "CVE-2014-1563", "CVE-2014-1524", "CVE-2014-1512", "CVE-2012-1975", "CVE-2011-0075", "CVE-2013-1690", "CVE-2012-0464", "CVE-2013-0775", "CVE-2012-1967", "CVE-2013-5604", "CVE-2014-1514", "CVE-2010-3166", "CVE-2011-0074", "CVE-2013-0801", "CVE-2012-3956", "CVE-2010-2769", "CVE-2012-3982", "CVE-2009-3555", "CVE-2013-1714", "CVE-2011-2989", "CVE-2010-1196", "CVE-2008-5021", "CVE-2008-5017", "CVE-2013-0769", "CVE-2012-3966", "CVE-2013-0771", "CVE-2014-1490", "CVE-2012-5839", "CVE-2013-0757", "CVE-2014-1498", "CVE-2012-1961", "CVE-2010-3173", "CVE-2012-4216", "CVE-2008-4062", "CVE-2010-3179", "CVE-2010-0182", "CVE-2014-1565", "CVE-2012-3967", "CVE-2013-0749", "CVE-2011-3651", "CVE-2008-4060", "CVE-2007-3656", "CVE-2008-1234", "CVE-2012-1951", "CVE-2012-0475", "CVE-2014-1555", "CVE-2014-1564", "CVE-2012-1952", "CVE-2010-1201", "CVE-2013-0761", "CVE-2013-1669", "CVE-2010-1585", "CVE-2012-3959", "CVE-2012-0455", "CVE-2014-1558", "CVE-2011-0084", "CVE-2012-0759", "CVE-2007-3089", "CVE-2014-1519", "CVE-2013-1701", "CVE-2012-0474", "CVE-2012-3975", "CVE-2010-2768", "CVE-2008-5014", "CVE-2013-1684", "CVE-2008-4058", "CVE-2012-4184", "CVE-2012-0447", "CVE-2014-1547", "CVE-2011-3232", "CVE-2012-4205", "CVE-2014-1480", "CVE-2014-1500", "CVE-2011-0069", "CVE-2013-6630", "CVE-2008-5022", "CVE-2008-5512", "CVE-2014-1497", "CVE-2013-5596", "CVE-2012-3992", "CVE-2008-1235", "CVE-2013-1676", "CVE-2013-0789", "CVE-2008-5501", "CVE-2008-4068", "CVE-2008-5016", "CVE-2013-1675", "CVE-2014-1478", "CVE-2012-3980", "CVE-2008-5503", "CVE-2011-2374", "CVE-2012-1955", "CVE-2012-1960", "CVE-2012-0445", "CVE-2012-0462", "CVE-2012-4217", "CVE-2013-1686", "CVE-2013-0745", "CVE-2013-0756", "CVE-2012-4218", "CVE-2013-0760", "CVE-2011-2377", "CVE-2014-1485", "CVE-2014-1493", "CVE-2007-3735", "CVE-2011-3000", "CVE-2010-2765", "CVE-2014-1544", "CVE-2010-2767", "CVE-2011-0078", "CVE-2012-3960", "CVE-2010-3175", "CVE-2012-0451", "CVE-2011-3655", "CVE-2012-4180", "CVE-2013-0767", "CVE-2010-3182", "CVE-2009-0776", "CVE-2013-5603", "CVE-2012-1959", "CVE-2011-2363", "CVE-2011-0070", "CVE-2013-1682", "CVE-2012-1947", "CVE-2013-6673", "CVE-2013-1674", "CVE-2013-0762", "CVE-2014-1562", "CVE-2010-3170", "CVE-2011-3005", "CVE-2012-4208", "CVE-2011-3658", "CVE-2014-1541", "CVE-2011-2373", "CVE-2008-5511", "CVE-2011-2992", "CVE-2014-1488", "CVE-2012-1957", "CVE-2012-1958", "CVE-2008-4064", "CVE-2012-1976", "CVE-2011-1187", "CVE-2012-5835", "CVE-2014-1552", "CVE-2010-3183", "CVE-2010-1202", "CVE-2012-0468", "CVE-2013-5599", "CVE-2014-1553", "CVE-2014-1549", "CVE-2013-1713", "CVE-2008-5508", "CVE-2012-3972", "CVE-2012-4207", "CVE-2011-2988", "CVE-2008-4061", "CVE-2013-5591", "CVE-2010-1199", "CVE-2012-4204", "CVE-2013-5602", "CVE-2011-2985", "CVE-2012-4192", "CVE-2011-2987", "CVE-2012-4188", "CVE-2012-0441", "CVE-2013-0774", "CVE-2008-5024", "CVE-2013-0753", "CVE-2012-5833", "CVE-2014-1557", "CVE-2013-1736", "CVE-2014-1526", "CVE-2013-0776", "CVE-2012-3964", "CVE-2013-5593", "CVE-2014-1550", "CVE-2013-1718", "CVE-2012-5841", "CVE-2014-1533", "CVE-2013-1717", "CVE-2010-2754", "CVE-2008-5507", "CVE-2012-3990", "CVE-2014-1491", "CVE-2013-6672", "CVE-2013-5614", "CVE-2008-4065", "CVE-2013-1693", "CVE-2010-2760", "CVE-2013-0750", "CVE-2012-1937", "CVE-2014-1560", "CVE-2012-4215", "CVE-2013-6629", "CVE-2012-0463", "CVE-2013-1677", "CVE-2011-2991", "CVE-2013-0770", "CVE-2013-0793", "CVE-2012-4179", "CVE-2011-3001", "CVE-2014-1483", "CVE-2014-1489", "CVE-2011-3062", "CVE-2012-0477", "CVE-2013-1722", "CVE-2012-0473", "CVE-2012-4194", "CVE-2011-2365", "CVE-2012-4209", "CVE-2012-1963", "CVE-2012-4196", "CVE-2008-5506", "CVE-2013-1710", "CVE-2012-0467", "CVE-2012-0458", "CVE-2013-0758", "CVE-2013-5600", "CVE-2010-2752", "CVE-2014-1499", "CVE-2014-1518", "CVE-2012-0471", "CVE-2012-3961", "CVE-2014-1561", "CVE-2012-3971", "CVE-2013-0764", "CVE-2014-1528", "CVE-2013-5618", "CVE-2011-0072"], "modified": "2014-09-09T18:04:16", "href": "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00004.html", "id": "OPENSUSE-SU-2014:1100-1", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "ubuntu": [{"lastseen": "2018-08-31T00:08:30", "references": ["https://people.canonical.com/~ubuntu-security/cve/CVE-2011-3650", "https://people.canonical.com/~ubuntu-security/cve/CVE-2011-3648", "https://people.canonical.com/~ubuntu-security/cve/CVE-2011-3647"], "affectedPackage": [{"OS": "Ubuntu", "OSVersion": "10.10", "packageVersion": "3.6.24+build2+nobinonly-0ubuntu0.10.10.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "firefox", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "10.04", "packageVersion": "1.9.2.24+build2+nobinonly-0ubuntu0.10.04.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "xulrunner-1.9.2", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "10.04", "packageVersion": "3.6.24+build2+nobinonly-0ubuntu0.10.04.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "firefox", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "10.10", "packageVersion": "1.9.2.24+build2+nobinonly-0ubuntu0.10.10.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "xulrunner-1.9.2", "operator": "lt"}], "description": "It was discovered that CVE-2011-3004, which addressed possible privilege escalation in addons, also affected Firefox 3.6. An attacker could potentially exploit Firefox when an add-on was installed that used loadSubscript in vulnerable ways. (CVE-2011-3647)\n\nYosuke Hasegawa discovered that the Mozilla browser engine mishandled invalid sequences in the Shift-JIS encoding. A malicious website could possibly use this flaw this to steal data or inject malicious scripts into web content. (CVE-2011-3648)\n\nMarc Schoenefeld discovered that using Firebug to profile a JavaScript file with many functions would cause Firefox to crash. An attacker might be able to exploit this without using the debugging APIs which would potentially allow an attacker to remotely crash the browser. (CVE-2011-3650)", "edition": 3, "reporter": "Ubuntu", "published": "2011-11-10T00:00:00", "title": "Firefox and Xulrunner vulnerabilities", "type": "ubuntu", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2011-3648", "CVE-2011-3650", "CVE-2011-3647", "CVE-2011-3004"], "modified": "2011-11-10T00:00:00", "id": "USN-1251-1", "href": "https://usn.ubuntu.com/1251-1/", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T00:10:13", "references": ["https://people.canonical.com/~ubuntu-security/cve/CVE-2011-3650", "https://people.canonical.com/~ubuntu-security/cve/CVE-2011-3648", "https://people.canonical.com/~ubuntu-security/cve/CVE-2011-3647"], "affectedPackage": [{"OS": "Ubuntu", "OSVersion": "10.04", "packageVersion": "3.1.16+build2+nobinonly-0ubuntu0.10.04.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "thunderbird", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "10.10", "packageVersion": "3.1.16+build2+nobinonly-0ubuntu0.10.10.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "thunderbird", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "11.04", "packageVersion": "3.1.16+build2+nobinonly-0ubuntu0.11.04.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "thunderbird", "operator": "lt"}], "description": "It was discovered that CVE-2011-3004, which addressed possible privilege escalation in addons, also affected Thunderbird 3.1. An attacker could potentially exploit a user who had installed an add-on that used loadSubscript in vulnerable ways. (CVE-2011-3647)\n\nYosuke Hasegawa discovered that the Mozilla browser engine mishandled invalid sequences in the Shift-JIS encoding. It may be possible to trigger this crash without the use of debugging APIs, which might allow malicious websites to exploit this vulnerability. An attacker could possibly use this flaw this to steal data or inject malicious scripts into web content. (CVE-2011-3648)\n\nMarc Schoenefeld discovered that using Firebug to profile a JavaScript file with many functions would cause Firefox to crash. An attacker might be able to exploit this without using the debugging APIs which would potentially allow an attacker to remotely crash Thunderbird. (CVE-2011-3650)", "edition": 3, "reporter": "Ubuntu", "published": "2011-12-22T00:00:00", "title": "Thunderbird vulnerabilities", "type": "ubuntu", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2011-3648", "CVE-2011-3650", "CVE-2011-3647", "CVE-2011-3004"], "modified": "2011-12-22T00:00:00", "id": "USN-1254-1", "href": "https://usn.ubuntu.com/1254-1/", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T00:09:30", "references": ["https://people.canonical.com/~ubuntu-security/cve/CVE-2011-3655", "https://people.canonical.com/~ubuntu-security/cve/CVE-2011-3650", "https://people.canonical.com/~ubuntu-security/cve/CVE-2011-3652", "https://people.canonical.com/~ubuntu-security/cve/CVE-2011-3654", "https://people.canonical.com/~ubuntu-security/cve/CVE-2011-3648", "https://launchpad.net/bugs/887339", "https://people.canonical.com/~ubuntu-security/cve/CVE-2011-3651"], "affectedPackage": [{"OS": "Ubuntu", "OSVersion": "11.04", "packageVersion": "8.0+build1-0ubuntu0.11.04.3", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "firefox", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "11.10", "packageVersion": "8.0+build1-0ubuntu0.11.10.3", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "firefox", "operator": "lt"}], "description": "Yosuke Hasegawa discovered that the Mozilla browser engine mishandled invalid sequences in the Shift-JIS encoding. It may be possible to trigger this crash without the use of debugging APIs, which might allow malicious websites to exploit this vulnerability. An attacker could possibly use this flaw this to steal data or inject malicious scripts into web content. (CVE-2011-3648)\n\nMarc Schoenefeld discovered that using Firebug to profile a JavaScript file with many functions would cause Firefox to crash. An attacker might be able to exploit this without using the debugging APIs, which could potentially remotely crash the browser, resulting in a denial of service. (CVE-2011-3650)\n\nJason Orendorff, Boris Zbarsky, Gregg Tavares, Mats Palmgren, Christian Holler, Jesse Ruderman, Simona Marcu, Bob Clary, and William McCloskey discovered multiple memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. An attacker might be able to use these flaws to execute arbitrary code with the privileges of the user invoking Firefox or possibly crash the browser resulting in a denial of service. (CVE-2011-3651)\n\nIt was discovered that Firefox could be caused to crash under certain conditions, due to an unchecked allocation failure, resulting in a denial of service. It might also be possible to execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2011-3652)\n\nAki Helin discovered that Firefox does not properly handle links from SVG mpath elements to non-SVG elements. An attacker could use this vulnerability to crash Firefox, resulting in a denial of service, or possibly execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2011-3654)\n\nIt was discovered that an internal privilege check failed to respect the NoWaiverWrappers introduced with Firefox 4. An attacker could possibly use this to gain elevated privileges within the browser for web content. (CVE-2011-3655)", "edition": 3, "reporter": "Ubuntu", "published": "2011-11-23T00:00:00", "title": "Firefox vulnerabilities", "type": "ubuntu", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2011-3648", "CVE-2011-3654", "CVE-2011-3652", "CVE-2011-3650", "CVE-2011-3651", "CVE-2011-3655"], "modified": "2011-11-23T00:00:00", "id": "USN-1277-1", "href": "https://usn.ubuntu.com/1277-1/", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T00:09:40", "references": ["https://usn.ubuntu.com/usn/usn-1277-1", "https://launchpad.net/bugs/887339"], "affectedPackage": [{"OS": "Ubuntu", "OSVersion": "11.10", "packageVersion": "1.0-0ubuntu2.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "xul-ext-ubufox", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "11.04", "packageVersion": "1.10.0-0ubuntu0.11.04.3", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "xul-ext-mozvoikko", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "11.10", "packageVersion": "1.10.0-0ubuntu2.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "xul-ext-mozvoikko", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "11.04", "packageVersion": "0.9.2-0ubuntu0.11.04.2", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "xul-ext-ubufox", "operator": "lt"}], "description": "USN-1277-1 fixed vulnerabilities in Firefox. This update provides updated Mozvoikko and ubufox packages for use with Firefox 8.\n\nOriginal advisory details:\n\nYosuke Hasegawa discovered that the Mozilla browser engine mishandled invalid sequences in the Shift-JIS encoding. It may be possible to trigger this crash without the use of debugging APIs, which might allow malicious websites to exploit this vulnerability. An attacker could possibly use this flaw this to steal data or inject malicious scripts into web content. (CVE-2011-3648)\n\nMarc Schoenefeld discovered that using Firebug to profile a JavaScript file with many functions would cause Firefox to crash. An attacker might be able to exploit this without using the debugging APIs, which could potentially remotely crash the browser, resulting in a denial of service. (CVE-2011-3650)\n\nJason Orendorff, Boris Zbarsky, Gregg Tavares, Mats Palmgren, Christian Holler, Jesse Ruderman, Simona Marcu, Bob Clary, and William McCloskey discovered multiple memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. An attacker might be able to use these flaws to execute arbitrary code with the privileges of the user invoking Firefox or possibly crash the browser resulting in a denial of service. (CVE-2011-3651)\n\nIt was discovered that Firefox could be caused to crash under certain conditions, due to an unchecked allocation failure, resulting in a denial of service. It might also be possible to execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2011-3652)\n\nAki Helin discovered that Firefox does not properly handle links from SVG mpath elements to non-SVG elements. An attacker could use this vulnerability to crash Firefox, resulting in a denial of service, or possibly execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2011-3654)\n\nIt was discovered that an internal privilege check failed to respect the NoWaiverWrappers introduced with Firefox 4. An attacker could possibly use this to gain elevated privileges within the browser for web content. (CVE-2011-3655)", "edition": 3, "reporter": "Ubuntu", "published": "2011-11-23T00:00:00", "title": "Mozvoikko and ubufox update", "type": "ubuntu", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2011-3648", "CVE-2011-3654", "CVE-2011-3652", "CVE-2011-3650", "CVE-2011-3651", "CVE-2011-3655"], "modified": "2011-11-23T00:00:00", "id": "USN-1277-2", "href": "https://usn.ubuntu.com/1277-2/", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T00:10:22", "references": ["https://people.canonical.com/~ubuntu-security/cve/CVE-2011-3655", "https://people.canonical.com/~ubuntu-security/cve/CVE-2011-3650", "https://people.canonical.com/~ubuntu-security/cve/CVE-2011-3652", "https://people.canonical.com/~ubuntu-security/cve/CVE-2011-3654", "https://people.canonical.com/~ubuntu-security/cve/CVE-2011-3648", "https://launchpad.net/bugs/894593", "https://people.canonical.com/~ubuntu-security/cve/CVE-2011-3651"], "affectedPackage": [{"OS": "Ubuntu", "OSVersion": "11.10", "packageVersion": "8.0+build1-0ubuntu0.11.10.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "thunderbird", "operator": "lt"}], "description": "Yosuke Hasegawa discovered that the Mozilla browser engine mishandled invalid sequences in the Shift-JIS encoding. It may be possible to trigger this crash without the use of debugging APIs, which might allow malicious websites to exploit this vulnerability. An attacker could possibly use this flaw this to steal data or inject malicious scripts into web content. (CVE-2011-3648)\n\nMarc Schoenefeld discovered that using Firebug to profile a JavaScript file with many functions would cause Firefox to crash. An attacker might be able to exploit this without using the debugging APIs, which could potentially remotely crash Thunderbird, resulting in a denial of service. (CVE-2011-3650)\n\nJason Orendorff, Boris Zbarsky, Gregg Tavares, Mats Palmgren, Christian Holler, Jesse Ruderman, Simona Marcu, Bob Clary, and William McCloskey discovered multiple memory safety bugs in the browser engine used in Thunderbird and other Mozilla-based products. An attacker might be able to use these flaws to execute arbitrary code with the privileges of the user invoking Thunderbird or possibly crash Thunderbird resulting in a denial of service. (CVE-2011-3651)\n\nIt was discovered that Thunderbird could be caused to crash under certain conditions, due to an unchecked allocation failure, resulting in a denial of service. It might also be possible to execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2011-3652)\n\nAki Helin discovered that Thunderbird does not properly handle links from SVG mpath elements to non-SVG elements. An attacker could use this vulnerability to crash Thunderbird, resulting in a denial of service, or possibly execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2011-3654)\n\nIt was discovered that an internal privilege check failed to respect the NoWaiverWrappers introduced with Thunderbird 5. An attacker could possibly use this to gain elevated privileges within Thunderbird for web content. (CVE-2011-3655)", "edition": 3, "reporter": "Ubuntu", "published": "2011-11-28T00:00:00", "title": "Thunderbird vulnerabilities", "type": "ubuntu", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2011-3648", "CVE-2011-3654", "CVE-2011-3652", "CVE-2011-3650", "CVE-2011-3651", "CVE-2011-3655"], "modified": "2011-11-28T00:00:00", "id": "USN-1282-1", "href": "https://usn.ubuntu.com/1282-1/", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "freebsd": [{"lastseen": "2018-08-31T01:15:12", "references": ["http://www.mozilla.org/security/announce/2011/mfsa2011-50.html", "http://www.mozilla.org/security/announce/2011/mfsa2011-49.html", "http://www.mozilla.org/security/announce/2011/mfsa2011-47.html", "http://www.mozilla.org/security/announce/2011/mfsa2011-46.html", "http://www.mozilla.org/security/announce/2011/mfsa2011-51.html", "http://www.mozilla.org/security/announce/2011/mfsa2011-52.html", "http://www.mozilla.org/security/announce/2011/mfsa2011-48.html"], "affectedPackage": [{"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "8.0", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-thunderbird", "operator": "lt"}, {"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "1.9.2.24", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libxul", "operator": "lt"}, {"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "8.0,1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "firefox", "operator": "lt"}, {"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "8.0,1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-firefox", "operator": "lt"}, {"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "8.0", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "thunderbird", "operator": "lt"}], "description": "\nThe Mozilla Project reports:\n\nMFSA 2011-46 loadSubScript unwraps XPCNativeWrapper scope\n\t parameter (1.9.2 branch)\nMFSA 2011-47 Potential XSS against sites using Shift-JIS\nMFSA 2011-48 Miscellaneous memory safety hazards (rv:8.0)\nMFSA 2011-49 Memory corruption while profiling using Firebug\nMFSA 2011-50 Cross-origin data theft using canvas and Windows\n\t D2D\nMFSA 2011-51 Cross-origin image theft on Mac with integrated\n\t Intel GPU\nMFSA 2011-52 Code execution via NoWaiverWrapper\n\n", "edition": 3, "reporter": "FreeBSD", "published": "2011-11-08T00:00:00", "title": "mozilla -- multiple vulnerabilities", "type": "freebsd", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "bulletinFamily": "unix", "cvelist": ["CVE-2011-3648", "CVE-2011-3654", "CVE-2011-3652", "CVE-2011-3650", "CVE-2011-3647", "CVE-2011-3653", "CVE-2011-3649", "CVE-2011-3651", "CVE-2011-3655"], "modified": "2011-11-08T00:00:00", "id": "6C8AD3E8-0A30-11E1-9580-4061862B8C22", "href": "https://vuxml.freebsd.org/freebsd/6c8ad3e8-0a30-11e1-9580-4061862b8c22.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:13", "references": ["https://bugs.gentoo.org/show_bug.cgi?id=404437", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2998", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3073", "https://bugs.gentoo.org/show_bug.cgi?id=312645", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1937", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3665", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0078", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2764", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3650", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1121", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2751", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0177", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1952", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3400", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3661", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1187", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0165", "https://bugs.gentoo.org/show_bug.cgi?id=439586", "https://bugs.gentoo.org/show_bug.cgi?id=324735", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5510", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1307", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1712", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0442", "https://bugs.gentoo.org/show_bug.cgi?id=290892", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1202", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0447", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5354", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3373", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4183", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1392", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5513", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0172", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3958", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1311", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0055", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4208", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1196", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0061", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3002", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0468", "https://bugs.gentoo.org/show_bug.cgi?id=373595", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2654", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2376", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4187", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3966", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4191", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3987", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0479", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3985", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3773", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5842", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4181", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3963", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3984", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1976", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4184", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3655", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1202", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0017", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1962", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2997", "https://bugs.gentoo.org/show_bug.cgi?id=207261", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2065", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3005", "https://bugs.gentoo.org/show_bug.cgi?id=267234", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0473", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0474", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0167", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2988", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4188", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0170", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1309", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0470", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5511", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0775", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2980", "https://bugs.gentoo.org/show_bug.cgi?id=313003", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0457", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0173", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5024", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3004", "https://bugs.gentoo.org/show_bug.cgi?id=261386", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5021", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1973", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0451", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3660", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1834", "https://bugs.gentoo.org/show_bug.cgi?id=305689", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0353", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3076", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3964", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1841", "https://bugs.gentoo.org/show_bug.cgi?id=395431", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3977", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0449", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4067", "https://bugs.gentoo.org/show_bug.cgi?id=257577", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0084", "https://bugs.gentoo.org/show_bug.cgi?id=255687", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3182", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1953", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4205", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0062", "https://bugs.gentoo.org/show_bug.cgi?id=311021", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3767", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1840", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1964", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3069", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2991", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0016", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1197", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0076", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3765", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4180", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2981", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2754", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0065", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3175", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0773", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4066", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0079", "https://bugs.gentoo.org/show_bug.cgi?id=360055", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3994", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3375", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2378", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1970", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2471", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3982", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0163", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0071", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5506", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1994", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3663", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1833", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0160", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5512", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2769", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2477", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2374", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1945", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5015", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5022", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5500", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0648", "https://bugs.gentoo.org/show_bug.cgi?id=348316", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3167", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1972", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1975", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3836", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3981", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3995", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0469", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3962", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3382", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0460", "https://bugs.gentoo.org/show_bug.cgi?id=260062", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1306", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2535", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3654", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0067", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0774", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3972", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1305", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1211", "https://bugs.gentoo.org/show_bug.cgi?id=388045", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3178", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2404", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3984", "https://bugs.gentoo.org/show_bug.cgi?id=413657", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1974", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2044", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3957", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0171", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1199", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3978", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3768", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2210", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2983", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0070", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0458", "http://www.mozilla.org/security/announce/2011/mfsa2011-34.html", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3079", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3555", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5052", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1954", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1957", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0080", "http://www.mozilla.org/security/announce/2011/mfsa2011-11.html", "https://bugs.gentoo.org/show_bug.cgi?id=238535", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0077", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2436", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4196", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2466", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2467", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1946", "https://bugs.gentoo.org/show_bug.cgi?id=312651", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0073", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3991", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0164", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0083", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3380", "https://bugs.gentoo.org/show_bug.cgi?id=365323", "https://bugs.gentoo.org/show_bug.cgi?id=379549", "https://bugs.gentoo.org/show_bug.cgi?id=390771", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2479", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2996", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4212", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0452", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0475", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1585", "https://bugs.gentoo.org/show_bug.cgi?id=427224", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3988", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4202", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4582", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1836", "https://bugs.gentoo.org/show_bug.cgi?id=403183", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0776", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0220", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1839", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1308", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0168", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4508", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3975", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3967", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2370", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3174", "https://bugs.gentoo.org/show_bug.cgi?id=444318", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1209", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2987", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3980", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5833", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0182", "https://bugs.gentoo.org/show_bug.cgi?id=297532", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2465", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0771", "https://bugs.gentoo.org/show_bug.cgi?id=433383", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0455", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1313", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4063", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1044", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2770", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0085", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3837", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0352", "https://bugs.gentoo.org/show_bug.cgi?id=255221", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1947", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3985", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4210", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5016", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0462", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2470", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2752", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1169", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5508", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1201", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3640", "https://bugs.gentoo.org/show_bug.cgi?id=312675", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3379", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2993", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2478", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4190", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2464", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0444", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0181", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3078", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2462", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1835", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4215", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1828", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3026", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3990", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0450", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0461", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3071", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5839", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0477", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5505", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1949", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0057", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0066", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3647", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1028", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4070", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1213", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1966", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3070", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2365", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1210", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2995", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0463", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2469", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5507", "https://bugs.gentoo.org/show_bug.cgi?id=326341", "https://bugs.gentoo.org/show_bug.cgi?id=312763", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0159", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3003", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4195", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2989", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4216", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4207", "https://bugs.gentoo.org/show_bug.cgi?id=336396", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3993", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0445", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2437", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2753", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0054", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1960", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1563", "https://bugs.gentoo.org/show_bug.cgi?id=360315", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-5074", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2982", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2463", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2372", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4194", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5504", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3131", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2760", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5913", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4064", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3232", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3775", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1958", "https://bugs.gentoo.org/show_bug.cgi?id=357057", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5012", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0358", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1304", "https://bugs.gentoo.org/show_bug.cgi?id=307045", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4186", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3766", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0179", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3835", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3659", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0183", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1214", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3389", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3389", "https://bugs.gentoo.org/show_bug.cgi?id=408161", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2763", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5018", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5014", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3982", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0652", "https://bugs.gentoo.org/show_bug.cgi?id=439960", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3372", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0058", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3961", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3971", "https://bugs.gentoo.org/show_bug.cgi?id=381245", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1310", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3956", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3771", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2766", "https://bugs.gentoo.org/show_bug.cgi?id=292034", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3986", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3866", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0068", "https://bugs.gentoo.org/show_bug.cgi?id=282549", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4062", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1967", "https://bugs.gentoo.org/show_bug.cgi?id=437780", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3062", "https://bugs.gentoo.org/show_bug.cgi?id=280226", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3652", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0082", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3177", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3653", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4185", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4058", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2664", "https://bugs.gentoo.org/show_bug.cgi?id=251322", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4206", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2362", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3388", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3170", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1212", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1832", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0176", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0175", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3074", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3670", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5843", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3179", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3171", "https://bugs.gentoo.org/show_bug.cgi?id=342847", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3381", "https://bugs.gentoo.org/show_bug.cgi?id=262704", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5501", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2999", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3376", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0441", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3377", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5013", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3969", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2768", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3776", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1939", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1303", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5019", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2990", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3075", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4059", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4068", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3989", "https://bugs.gentoo.org/show_bug.cgi?id=280234", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4182", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1963", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0056", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2755", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0053", "https://bugs.gentoo.org/show_bug.cgi?id=284439", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3973", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3176", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4061", "https://bugs.gentoo.org/show_bug.cgi?id=180159", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1971", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0356", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5017", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1951", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2061", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5822", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2363", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3399", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0069", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3001", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2373", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0446", "https://bugs.gentoo.org/show_bug.cgi?id=401701", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1203", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0777", "http://blog.mozilla.org/security/2011/03/22/firefox-blocking-fraudulent-certificates/", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1838", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3965", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5835", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3770", "https://bugs.gentoo.org/show_bug.cgi?id=273918", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5838", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0074", "https://bugs.gentoo.org/show_bug.cgi?id=280393", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2364", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0459", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2765", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3983", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3274", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1948", "https://bugs.gentoo.org/show_bug.cgi?id=312361", "https://bugs.gentoo.org/show_bug.cgi?id=329279", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2375", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0456", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0071", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3769", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3180", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1837", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1950", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0162", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2043", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3772", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3979", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1955", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0174", "https://bugs.gentoo.org/show_bug.cgi?id=286721", "https://bugs.gentoo.org/show_bug.cgi?id=341821", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0467", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3173", "https://bugs.gentoo.org/show_bug.cgi?id=419917", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1215", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0178", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5023", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5836", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0357", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3168", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3960", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1940", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3651", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2377", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2472", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2665", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4065", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2671", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0443", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1965", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1208", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3649", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3000", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0471", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3978", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0075", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3166", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3378", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4179", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3383", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1198", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4209", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5840", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1961", "https://bugs.gentoo.org/show_bug.cgi?id=181361", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1205", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1959", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3986", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0051", "https://bugs.gentoo.org/show_bug.cgi?id=312679", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3778", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2662", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3970", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3648", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3183", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3101", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1938", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0464", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5841", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5829", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0059", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0169", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1200", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3072", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3374", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3169", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2371", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2985", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0654", "https://bugs.gentoo.org/show_bug.cgi?id=255234", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4201", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5502", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3988", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2369", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2408", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1207", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4060", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1941", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1312", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0478", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1206", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1302", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3976", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3371", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0367", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3777", "https://bugs.gentoo.org/show_bug.cgi?id=277752", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3968", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0354", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0166", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1956", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2767", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3077", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4688", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0072", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4204", "https://bugs.gentoo.org/show_bug.cgi?id=246602", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2762", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3959", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3992", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0355", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4069", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3658", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0772", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3980", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2984", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1571", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2986", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1125", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0081", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-6961", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5830", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2605", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3774", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4192", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4193", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5503"], "affectedPackage": [{"OS": "Gentoo", "OSVersion": "any", "packageVersion": "2.14", "packageFilename": "UNKNOWN", "packageName": "www-client/seamonkey-bin", "arch": "all", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "10.0.11", "packageFilename": "UNKNOWN", "packageName": "www-client/firefox", "arch": "all", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "10.0.11", "packageFilename": "UNKNOWN", "packageName": "mail-client/thunderbird-bin", "arch": "all", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "3.0", "packageFilename": "UNKNOWN", "packageName": "mail-client/mozilla-thunderbird-bin", "arch": "all", "operator": "le"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "3.5.6", "packageFilename": "UNKNOWN", "packageName": "www-client/mozilla-firefox-bin", "arch": "all", "operator": "le"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "10.0-r1", "packageFilename": "UNKNOWN", "packageName": "www-client/icecat", "arch": "all", "operator": "le"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "3.6.8", "packageFilename": "UNKNOWN", "packageName": "www-client/mozilla-firefox", "arch": "all", "operator": "le"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "3.0.4-r1", "packageFilename": "UNKNOWN", "packageName": "mail-client/mozilla-thunderbird", "arch": "all", "operator": "le"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "1.8.1.19", "packageFilename": "UNKNOWN", "packageName": "net-libs/xulrunner-bin", "arch": "all", "operator": "le"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "3.14", "packageFilename": "UNKNOWN", "packageName": "dev-libs/nss", "arch": "all", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "2.0-r1", "packageFilename": "UNKNOWN", "packageName": "net-libs/xulrunner", "arch": "all", "operator": "le"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "2.14-r1", "packageFilename": "UNKNOWN", "packageName": "www-client/seamonkey", "arch": "all", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "10.0.11", "packageFilename": "UNKNOWN", "packageName": "mail-client/thunderbird", "arch": "all", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "10.0.11", "packageFilename": "UNKNOWN", "packageName": "www-client/firefox-bin", "arch": "all", "operator": "lt"}], "description": "### Background\n\nMozilla Firefox is an open-source web browser and Mozilla Thunderbird an open-source email client, both from the Mozilla Project. The SeaMonkey project is a community effort to deliver production-quality releases of code derived from the application formerly known as the \u2018Mozilla Application Suite\u2019. XULRunner is a Mozilla runtime package that can be used to bootstrap XUL+XPCOM applications such as Firefox and Thunderbird. NSS is Mozilla\u2019s Network Security Services library that implements PKI support. IceCat is the GNU version of Firefox. \n\n### Description\n\nMultiple vulnerabilities have been discovered in Mozilla Firefox, Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could entice a user to view a specially crafted web page or email, possibly resulting in execution of arbitrary code or a Denial of Service condition. Furthermore, a remote attacker may be able to perform Man-in-the-Middle attacks, obtain sensitive information, bypass restrictions and protection mechanisms, force file downloads, conduct XML injection attacks, conduct XSS attacks, bypass the Same Origin Policy, spoof URL\u2019s for phishing attacks, trigger a vertical scroll, spoof the location bar, spoof an SSL indicator, modify the browser\u2019s font, conduct clickjacking attacks, or have other unspecified impact. \n\nA local attacker could gain escalated privileges, obtain sensitive information, or replace an arbitrary downloaded file. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Mozilla Firefox users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/firefox-10.0.11\"\n \n\nAll users of the Mozilla Firefox binary package should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/firefox-bin-10.0.11\"\n \n\nAll Mozilla Thunderbird users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=mail-client/thunderbird-10.0.11\"\n \n\nAll users of the Mozilla Thunderbird binary package should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=mail-client/thunderbird-bin-10.0.11\"\n \n\nAll Mozilla SeaMonkey users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/seamonkey-2.14-r1\"\n \n\nAll users of the Mozilla SeaMonkey binary package should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/seamonkey-bin-2.14\"\n \n\nAll NSS users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-libs/nss-3.14\"\n \n\nThe \u201cwww-client/mozilla-firefox\u201d package has been merged into the \u201cwww-client/firefox\u201d package. To upgrade, please unmerge \u201cwww-client/mozilla-firefox\u201d and then emerge the latest \u201cwww-client/firefox\u201d package: \n \n \n # emerge --sync\n # emerge --unmerge \"www-client/mozilla-firefox\"\n # emerge --ask --oneshot --verbose \">=www-client/firefox-10.0.11\"\n \n\nThe \u201cwww-client/mozilla-firefox-bin\u201d package has been merged into the \u201cwww-client/firefox-bin\u201d package. To upgrade, please unmerge \u201cwww-client/mozilla-firefox-bin\u201d and then emerge the latest \u201cwww-client/firefox-bin\u201d package: \n \n \n # emerge --sync\n # emerge --unmerge \"www-client/mozilla-firefox-bin\"\n # emerge --ask --oneshot --verbose \">=www-client/firefox-bin-10.0.11\"\n \n\nThe \u201cmail-client/mozilla-thunderbird\u201d package has been merged into the \u201cmail-client/thunderbird\u201d package. To upgrade, please unmerge \u201cmail-client/mozilla-thunderbird\u201d and then emerge the latest \u201cmail-client/thunderbird\u201d package: \n \n \n # emerge --sync\n # emerge --unmerge \"mail-client/mozilla-thunderbird\"\n # emerge --ask --oneshot --verbose \">=mail-client/thunderbird-10.0.11\"\n \n\nThe \u201cmail-client/mozilla-thunderbird-bin\u201d package has been merged into the \u201cmail-client/thunderbird-bin\u201d package. To upgrade, please unmerge \u201cmail-client/mozilla-thunderbird-bin\u201d and then emerge the latest \u201cmail-client/thunderbird-bin\u201d package: \n \n \n # emerge --sync\n # emerge --unmerge \"mail-client/mozilla-thunderbird-bin\"\n # emerge --ask --oneshot --verbose\n \">=mail-client/thunderbird-bin-10.0.11\"\n \n\nGentoo discontinued support for GNU IceCat. We recommend that users unmerge GNU IceCat: \n \n \n # emerge --unmerge \"www-client/icecat\"\n \n\nGentoo discontinued support for XULRunner. We recommend that users unmerge XULRunner: \n \n \n # emerge --unmerge \"net-libs/xulrunner\"\n \n\nGentoo discontinued support for the XULRunner binary package. We recommend that users unmerge XULRunner: \n \n \n # emerge --unmerge \"net-libs/xulrunner-bin\"", "edition": 1, "reporter": "Gentoo Foundation", "published": "2013-01-08T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "type": "gentoo", "title": "Mozilla Products: Multiple vulnerabilities", "bulletinFamily": "unix", "cvelist": ["CVE-2012-1945", "CVE-2011-3648", "CVE-2009-0355", "CVE-2011-0061", "CVE-2011-0077", "CVE-2012-0478", "CVE-2012-4193", "CVE-2011-1202", "CVE-2012-0442", "CVE-2010-3772", "CVE-2011-0071", "CVE-2009-2470", "CVE-2010-0654", "CVE-2009-3388", "CVE-2012-1962", "CVE-2012-0443", "CVE-2011-3866", "CVE-2011-0068", "CVE-2012-5842", "CVE-2012-4212", "CVE-2009-2477", "CVE-2009-1563", "CVE-2010-0176", "CVE-2011-3640", "CVE-2011-0083", "CVE-2010-1203", "CVE-2009-3076", "CVE-2012-1970", "CVE-2009-3389", "CVE-2008-3835", "CVE-2012-3989", "CVE-2010-2762", "CVE-2012-5830", "CVE-2012-4210", "CVE-2009-1305", "CVE-2011-3026", "CVE-2009-3979", "CVE-2011-2370", "CVE-2012-0460", "CVE-2012-1973", "CVE-2009-3376", "CVE-2011-2369", "CVE-2011-2998", "CVE-2011-3654", "CVE-2011-2605", "CVE-2009-1833", "CVE-2010-0165", "CVE-2012-1974", "CVE-2010-0220", "CVE-2010-2766", "CVE-2011-2993", "CVE-2012-4195", "CVE-2010-0168", "CVE-2012-3986", "CVE-2010-0160", "CVE-2009-1169", "CVE-2011-2371", "CVE-2009-3379", "CVE-2012-4185", "CVE-2010-3777", "CVE-2012-3991", "CVE-2012-5354", "CVE-2012-4206", "CVE-2009-3071", "CVE-2012-3968", "CVE-2010-1214", "CVE-2012-3963", "CVE-2010-0174", "CVE-2010-0172", "CVE-2009-2535", "CVE-2012-0452", "CVE-2009-1312", "CVE-2012-1956", "CVE-2012-3978", "CVE-2012-3985", "CVE-2011-2995", "CVE-2012-5829", "CVE-2009-1571", "CVE-2008-5505", "CVE-2012-5838", "CVE-2011-2986", "CVE-2010-1205", "CVE-2009-2210", "CVE-2009-2478", "CVE-2008-6961", "CVE-2012-0479", "CVE-2012-0450", "CVE-2012-1940", "CVE-2012-3993", "CVE-2008-5500", "CVE-2012-5836", "CVE-2009-3274", "CVE-2010-1125", "CVE-2009-0772", "CVE-2012-3995", "CVE-2012-4201", "CVE-2010-0159", "CVE-2009-0773", "CVE-2011-3659", "CVE-2011-3663", "CVE-2010-3131", "CVE-2012-0470", "CVE-2012-0446", "CVE-2008-4063", "CVE-2012-3976", "CVE-2012-1972", "CVE-2010-1200", "CVE-2010-0175", "CVE-2010-0170", "CVE-2012-3988", "CVE-2012-0457", "CVE-2010-3778", "CVE-2012-3994", "CVE-2007-2436", "CVE-2012-3962", "CVE-2010-2770", "CVE-2010-3774", "CVE-2012-0459", "CVE-2011-2362", "CVE-2009-1304", "CVE-2010-1213", "CVE-2010-3177", "CVE-2012-5843", "CVE-2009-1835", "CVE-2011-0085", "CVE-2009-0352", "CVE-2009-3984", "CVE-2009-3380", "CVE-2008-5510", "CVE-2011-0080", "CVE-2012-1950", "CVE-2008-5502", "CVE-2009-3981", "CVE-2010-3765", "CVE-2010-0167", "CVE-2009-3373", "CVE-2009-3980", "CVE-2008-4070", "CVE-2012-4183", "CVE-2010-3178", "CVE-2012-1994", "CVE-2011-3661", "CVE-2009-3383", "CVE-2012-4181", "CVE-2011-3652", "CVE-2009-1311", "CVE-2011-1712", "CVE-2008-4067", "CVE-2010-1210", "CVE-2011-2364", "CVE-2009-2469", "CVE-2011-0073", "CVE-2010-1197", "CVE-2010-1207", "CVE-2009-0652", "CVE-2012-4186", "CVE-2012-1948", "CVE-2008-5012", "CVE-2011-2982", "CVE-2012-1938", "CVE-2012-0449", "CVE-2010-3769", "CVE-2012-3969", "CVE-2009-1838", "CVE-2012-1953", "CVE-2008-5013", "CVE-2012-1949", "CVE-2012-0456", "CVE-2011-2372", "CVE-2010-3773", "CVE-2009-1309", "CVE-2011-0079", "CVE-2010-3169", "CVE-2009-2662", "CVE-2012-3970", "CVE-2011-2997", "CVE-2011-0053", "CVE-2009-1832", "CVE-2012-5840", "CVE-2010-3176", "CVE-2012-4191", "CVE-2010-3174", "CVE-2012-1966", "CVE-2010-3768", "CVE-2009-3372", "CVE-2010-2763", "CVE-2011-0066", "CVE-2010-1212", "CVE-2009-1837", "CVE-2010-1206", "CVE-2010-1211", "CVE-2009-2464", "CVE-2011-2990", "CVE-2010-1121", "CVE-2009-0356", "CVE-2011-3389", "CVE-2010-0164", "CVE-2008-3836", "CVE-2010-3167", "CVE-2012-4202", "CVE-2007-2671", "CVE-2011-2984", "CVE-2010-3180", "CVE-2012-3957", "CVE-2011-3660", "CVE-2009-3986", "CVE-2012-1941", "CVE-2009-2408", "CVE-2010-3399", "CVE-2009-2665", "CVE-2008-4066", "CVE-2008-5018", "CVE-2009-3978", "CVE-2012-3984", "CVE-2009-0354", "CVE-2009-3079", "CVE-2011-0056", "CVE-2012-0444", "CVE-2011-3650", "CVE-2010-2753", "CVE-2012-1946", "CVE-2010-3776", "CVE-2010-1215", "CVE-2012-4182", "CVE-2011-2980", "CVE-2012-4187", "CVE-2008-4069", "CVE-2010-0166", "CVE-2011-3647", "CVE-2011-0065", "CVE-2011-0062", "CVE-2008-0016", "CVE-2009-0358", "CVE-2011-3101", "CVE-2010-3168", "CVE-2010-0173", "CVE-2009-1044", "CVE-2008-5513", "CVE-2008-4059", "CVE-2010-2764", "CVE-2011-0081", "CVE-2009-0771", "CVE-2009-1392", "CVE-2008-5504", "CVE-2008-5019", "CVE-2012-1954", "CVE-2009-0774", "CVE-2009-3375", "CVE-2012-0461", "CVE-2011-2376", "CVE-2009-2472", "CVE-2012-3958", "CVE-2009-0071", "CVE-2008-5023", "CVE-2012-0469", "CVE-2010-3171", "CVE-2009-3072", "CVE-2012-3973", "CVE-2008-5822", "CVE-2012-1975", "CVE-2011-0075", "CVE-2012-0464", "CVE-2012-1967", "CVE-2011-3653", "CVE-2010-0648", "CVE-2010-0178", "CVE-2010-3166", "CVE-2010-0177", "CVE-2011-0074", "CVE-2012-3956", "CVE-2010-2769", "CVE-2011-3649", "CVE-2012-3982", "CVE-2009-3555", "CVE-2011-2989", "CVE-2010-1196", "CVE-2008-3837", "CVE-2009-0357", "CVE-2008-5021", "CVE-2008-5017", "CVE-2012-3966", "CVE-2012-5839", "CVE-2011-2378", "CVE-2009-1308", "CVE-2010-3775", "CVE-2009-2467", "CVE-2012-1961", "CVE-2010-5074", "CVE-2011-2996", "CVE-2010-3173", "CVE-2012-4216", "CVE-2008-4062", "CVE-2010-3179", "CVE-2010-0182", "CVE-2012-3967", "CVE-2011-3651", "CVE-2008-4060", "CVE-2010-0181", "CVE-2012-1951", "CVE-2012-0475", "CVE-2012-3965", "CVE-2012-1952", "CVE-2010-1201", "CVE-2011-4688", "CVE-2009-1306", "CVE-2010-1585", "CVE-2009-2479", "CVE-2012-3959", "CVE-2012-0455", "CVE-2009-0777", "CVE-2010-2755", "CVE-2011-0084", "CVE-2011-0051", "CVE-2010-3767", "CVE-2012-1939", "CVE-2009-1834", "CVE-2010-3771", "CVE-2010-0183", "CVE-2012-0474", "CVE-2012-3975", "CVE-2010-2768", "CVE-2008-5014", "CVE-2008-0367", "CVE-2008-4058", "CVE-2011-3002", "CVE-2012-4184", "CVE-2011-0057", "CVE-2012-0447", "CVE-2011-3232", "CVE-2008-5913", "CVE-2007-3073", "CVE-2012-4205", "CVE-2010-2751", "CVE-2009-1836", "CVE-2011-0069", "CVE-2008-5022", "CVE-2008-5512", "CVE-2012-3992", "CVE-2009-3374", "CVE-2008-5501", "CVE-2008-4068", "CVE-2008-5016", "CVE-2011-3004", "CVE-2012-3980", "CVE-2008-5503", "CVE-2011-2374", "CVE-2012-1955", "CVE-2009-1839", "CVE-2012-1960", "CVE-2012-0445", "CVE-2009-3074", "CVE-2012-1965", "CVE-2011-3670", "CVE-2012-0462", "CVE-2010-1028", "CVE-2010-0162", "CVE-2011-2377", "CVE-2009-2463", "CVE-2009-2061", "CVE-2009-3070", "CVE-2012-3977", "CVE-2011-3000", "CVE-2010-2765", "CVE-2009-3069", "CVE-2010-0171", "CVE-2010-2767", "CVE-2009-0353", "CVE-2011-0078", "CVE-2012-3960", "CVE-2010-3175", "CVE-2009-0775", "CVE-2012-0451", "CVE-2011-3655", "CVE-2012-4180", "CVE-2009-2044", "CVE-2010-3182", "CVE-2009-0776", "CVE-2009-3371", "CVE-2009-3377", "CVE-2012-1959", "CVE-2011-2363", "CVE-2009-3075", "CVE-2010-0163", "CVE-2010-1208", "CVE-2011-0070", "CVE-2012-1947", "CVE-2009-1841", "CVE-2010-3170", "CVE-2011-3005", "CVE-2011-0059", "CVE-2012-1971", "CVE-2009-3983", "CVE-2012-4208", "CVE-2009-3987", "CVE-2011-3658", "CVE-2011-2373", "CVE-2008-5511", "CVE-2012-1957", "CVE-2012-1958", "CVE-2011-0054", "CVE-2012-4190", "CVE-2008-4064", "CVE-2012-1976", "CVE-2011-1187", "CVE-2012-5835", "CVE-2010-3183", "CVE-2009-2654", "CVE-2010-1202", "CVE-2012-0468", "CVE-2009-3982", "CVE-2009-3985", "CVE-2009-2065", "CVE-2009-1313", "CVE-2009-3382", "CVE-2008-5508", "CVE-2012-3972", "CVE-2012-4207", "CVE-2011-2988", "CVE-2010-3770", "CVE-2008-4061", "CVE-2010-1199", "CVE-2012-4204", "CVE-2008-0017", "CVE-2009-3988", "CVE-2010-3400", "CVE-2009-1302", "CVE-2011-2985", "CVE-2009-2466", "CVE-2012-4192", "CVE-2011-0058", "CVE-2011-2987", "CVE-2012-4188", "CVE-2012-0441", "CVE-2008-5024", "CVE-2011-0076", "CVE-2007-2437", "CVE-2012-5833", "CVE-2011-2999", "CVE-2012-3964", "CVE-2012-5841", "CVE-2010-0179", "CVE-2010-1209", "CVE-2010-2754", "CVE-2008-5507", "CVE-2009-2471", "CVE-2012-3990", "CVE-2011-2375", "CVE-2010-1198", "CVE-2008-4065", "CVE-2009-1840", "CVE-2011-3665", "CVE-2009-3381", "CVE-2011-0067", "CVE-2010-2760", "CVE-2012-1937", "CVE-2012-4215", "CVE-2009-2043", "CVE-2009-1307", "CVE-2009-2664", "CVE-2012-0463", "CVE-2010-4508", "CVE-2009-1310", "CVE-2009-3077", "CVE-2011-3003", "CVE-2011-2991", "CVE-2008-5015", "CVE-2011-0082", "CVE-2011-2983", "CVE-2012-4179", "CVE-2008-4582", "CVE-2011-3001", "CVE-2012-1964", "CVE-2009-2462", "CVE-2009-3378", "CVE-2011-3062", "CVE-2009-1303", "CVE-2012-0477", "CVE-2012-0473", "CVE-2012-4194", "CVE-2011-2365", "CVE-2012-4209", "CVE-2012-1963", "CVE-2012-4196", "CVE-2008-5506", "CVE-2009-2404", "CVE-2009-2465", "CVE-2012-0467", "CVE-2011-2981", "CVE-2012-0458", "CVE-2010-0169", "CVE-2010-2752", "CVE-2009-3078", "CVE-2012-0471", "CVE-2012-3961", "CVE-2010-3766", "CVE-2012-3971", "CVE-2008-5052", "CVE-2011-0055", "CVE-2009-1828", "CVE-2011-0072"], "modified": "2013-01-08T00:00:00", "id": "GLSA-201301-01", "href": "https://security.gentoo.org/glsa/201301-01", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
