{"nessus": [{"lastseen": "2019-02-21T01:24:39", "bulletinFamily": "scanner", "description": "An updated thunderbird package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5, 6, and 7.\n\nRed Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2015-2724, CVE-2015-2725, CVE-2015-2731, CVE-2015-2734, CVE-2015-2735, CVE-2015-2736, CVE-2015-2737, CVE-2015-2738, CVE-2015-2739, CVE-2015-2740)\n\nIt was found that Thunderbird skipped key-pinning checks when handling an error that could be overridden by the user (for example an expired certificate error). This flaw allowed a user to override a pinned certificate, which is an action the user should not be able to perform. (CVE-2015-2741)\n\nNote: All of the above issues cannot be exploited by a specially crafted HTML mail message as JavaScript is disabled by default for mail messages. They could be exploited another way in Thunderbird, for example, when viewing the full remote content of an RSS feed.\n\nRed Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Bob Clary, Christian Holler, Bobby Holley, Andrew McCreight, Herre, Ronald Crane, and David Keeler as the original reporters of these issues.\n\nFor technical details regarding these flaws, refer to the Mozilla security advisories for Thunderbird 31.8. You can find a link to the Mozilla advisories in the References section of this erratum.\n\nAll Thunderbird users should upgrade to this updated package, which contains Thunderbird version 31.8, which corrects these issues. After installing the update, Thunderbird must be restarted for the changes to take effect.", "modified": "2018-12-27T00:00:00", "id": "REDHAT-RHSA-2015-1455.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=84893", "published": "2015-07-21T00:00:00", "title": "RHEL 5 / 6 / 7 : thunderbird (RHSA-2015:1455)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2015:1455. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(84893);\n script_version(\"2.16\");\n script_cvs_date(\"Date: 2018/12/27 10:05:36\");\n\n script_cve_id(\"CVE-2015-2724\", \"CVE-2015-2725\", \"CVE-2015-2731\", \"CVE-2015-2734\", \"CVE-2015-2735\", \"CVE-2015-2736\", \"CVE-2015-2737\", \"CVE-2015-2738\", \"CVE-2015-2739\", \"CVE-2015-2740\", \"CVE-2015-2741\");\n script_bugtraq_id(75541);\n script_xref(name:\"RHSA\", value:\"2015:1455\");\n\n script_name(english:\"RHEL 5 / 6 / 7 : thunderbird (RHSA-2015:1455)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated thunderbird package that fixes multiple security issues is\nnow available for Red Hat Enterprise Linux 5, 6, and 7.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Thunderbird to crash\nor, potentially, execute arbitrary code with the privileges of the\nuser running Thunderbird. (CVE-2015-2724, CVE-2015-2725,\nCVE-2015-2731, CVE-2015-2734, CVE-2015-2735, CVE-2015-2736,\nCVE-2015-2737, CVE-2015-2738, CVE-2015-2739, CVE-2015-2740)\n\nIt was found that Thunderbird skipped key-pinning checks when handling\nan error that could be overridden by the user (for example an expired\ncertificate error). This flaw allowed a user to override a pinned\ncertificate, which is an action the user should not be able to\nperform. (CVE-2015-2741)\n\nNote: All of the above issues cannot be exploited by a specially\ncrafted HTML mail message as JavaScript is disabled by default for\nmail messages. They could be exploited another way in Thunderbird, for\nexample, when viewing the full remote content of an RSS feed.\n\nRed Hat would like to thank the Mozilla project for reporting these\nissues. Upstream acknowledges Bob Clary, Christian Holler, Bobby\nHolley, Andrew McCreight, Herre, Ronald Crane, and David Keeler as the\noriginal reporters of these issues.\n\nFor technical details regarding these flaws, refer to the Mozilla\nsecurity advisories for Thunderbird 31.8. You can find a link to the\nMozilla advisories in the References section of this erratum.\n\nAll Thunderbird users should upgrade to this updated package, which\ncontains Thunderbird version 31.8, which corrects these issues. After\ninstalling the update, Thunderbird must be restarted for the changes\nto take effect.\"\n );\n # https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/#\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f3138c54\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2015:1455\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-2737\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-2740\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-2741\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-2739\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-2738\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-2735\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-2736\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-2734\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-2724\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-2725\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-2731\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected thunderbird and / or thunderbird-debuginfo\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:thunderbird-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/07/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/07/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(5|6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x / 6.x / 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2015:1455\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"thunderbird-31.8.0-1.el5_11\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"thunderbird-31.8.0-1.el5_11\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"thunderbird-debuginfo-31.8.0-1.el5_11\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"thunderbird-debuginfo-31.8.0-1.el5_11\")) flag++;\n\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"thunderbird-31.8.0-1.el6_6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"thunderbird-31.8.0-1.el6_6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"thunderbird-31.8.0-1.el6_6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"thunderbird-debuginfo-31.8.0-1.el6_6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"thunderbird-debuginfo-31.8.0-1.el6_6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"thunderbird-debuginfo-31.8.0-1.el6_6\")) flag++;\n\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"thunderbird-31.8.0-1.el7_1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"thunderbird-debuginfo-31.8.0-1.el7_1\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"thunderbird / thunderbird-debuginfo\");\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:24:39", "bulletinFamily": "scanner", "description": "An updated thunderbird package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5, 6, and 7.\n\nRed Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2015-2724, CVE-2015-2725, CVE-2015-2731, CVE-2015-2734, CVE-2015-2735, CVE-2015-2736, CVE-2015-2737, CVE-2015-2738, CVE-2015-2739, CVE-2015-2740)\n\nIt was found that Thunderbird skipped key-pinning checks when handling an error that could be overridden by the user (for example an expired certificate error). This flaw allowed a user to override a pinned certificate, which is an action the user should not be able to perform. (CVE-2015-2741)\n\nNote: All of the above issues cannot be exploited by a specially crafted HTML mail message as JavaScript is disabled by default for mail messages. They could be exploited another way in Thunderbird, for example, when viewing the full remote content of an RSS feed.\n\nRed Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Bob Clary, Christian Holler, Bobby Holley, Andrew McCreight, Herre, Ronald Crane, and David Keeler as the original reporters of these issues.\n\nFor technical details regarding these flaws, refer to the Mozilla security advisories for Thunderbird 31.8. You can find a link to the Mozilla advisories in the References section of this erratum.\n\nAll Thunderbird users should upgrade to this updated package, which contains Thunderbird version 31.8, which corrects these issues. After installing the update, Thunderbird must be restarted for the changes to take effect.", "modified": "2018-11-10T00:00:00", "id": "CENTOS_RHSA-2015-1455.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=84884", "published": "2015-07-21T00:00:00", "title": "CentOS 5 / 6 / 7 : thunderbird (CESA-2015:1455)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2015:1455 and \n# CentOS Errata and Security Advisory 2015:1455 respectively.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(84884);\n script_version(\"2.10\");\n script_cvs_date(\"Date: 2018/11/10 11:49:31\");\n\n script_cve_id(\"CVE-2015-2724\", \"CVE-2015-2725\", \"CVE-2015-2731\", \"CVE-2015-2734\", \"CVE-2015-2735\", \"CVE-2015-2736\", \"CVE-2015-2737\", \"CVE-2015-2738\", \"CVE-2015-2739\", \"CVE-2015-2740\", \"CVE-2015-2741\");\n script_bugtraq_id(75541);\n script_xref(name:\"RHSA\", value:\"2015:1455\");\n\n script_name(english:\"CentOS 5 / 6 / 7 : thunderbird (CESA-2015:1455)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated thunderbird package that fixes multiple security issues is\nnow available for Red Hat Enterprise Linux 5, 6, and 7.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Thunderbird to crash\nor, potentially, execute arbitrary code with the privileges of the\nuser running Thunderbird. (CVE-2015-2724, CVE-2015-2725,\nCVE-2015-2731, CVE-2015-2734, CVE-2015-2735, CVE-2015-2736,\nCVE-2015-2737, CVE-2015-2738, CVE-2015-2739, CVE-2015-2740)\n\nIt was found that Thunderbird skipped key-pinning checks when handling\nan error that could be overridden by the user (for example an expired\ncertificate error). This flaw allowed a user to override a pinned\ncertificate, which is an action the user should not be able to\nperform. (CVE-2015-2741)\n\nNote: All of the above issues cannot be exploited by a specially\ncrafted HTML mail message as JavaScript is disabled by default for\nmail messages. They could be exploited another way in Thunderbird, for\nexample, when viewing the full remote content of an RSS feed.\n\nRed Hat would like to thank the Mozilla project for reporting these\nissues. Upstream acknowledges Bob Clary, Christian Holler, Bobby\nHolley, Andrew McCreight, Herre, Ronald Crane, and David Keeler as the\noriginal reporters of these issues.\n\nFor technical details regarding these flaws, refer to the Mozilla\nsecurity advisories for Thunderbird 31.8. You can find a link to the\nMozilla advisories in the References section of this erratum.\n\nAll Thunderbird users should upgrade to this updated package, which\ncontains Thunderbird version 31.8, which corrects these issues. After\ninstalling the update, Thunderbird must be restarted for the changes\nto take effect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2015-July/021250.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?cfaf199d\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2015-July/021251.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a51b4204\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2015-July/021252.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?de364f80\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected thunderbird package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/07/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/07/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"thunderbird-31.8.0-1.el5.centos\")) flag++;\n\nif (rpm_check(release:\"CentOS-6\", reference:\"thunderbird-31.8.0-1.el6.centos\")) flag++;\n\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"thunderbird-31.8.0-1.el7.centos\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:24:29", "bulletinFamily": "scanner", "description": "The version of Thunderbird installed on the remote Windows host is prior to 38.1. It is, therefore, affected by multiple vulnerabilities :\n\n - A security downgrade vulnerability exists due to a flaw in Network Security Services (NSS). When a client allows for a ECDHE_ECDSA exchange, but the server does not send a ServerKeyExchange message, the NSS client will take the EC key from the ECDSA certificate. A remote attacker can exploit this to silently downgrade the exchange to a non-forward secret mixed-ECDH exchange. (CVE-2015-2721)\n\n - Multiple memory corruption issues exist that allow an attacker to cause a denial of service condition or potentially execute arbitrary code. (CVE-2015-2724, CVE-2015-2725)\n\n - A use-after-free error exists in the CSPService::ShouldLoad() function when modifying the Document Object Model to remove a DOM object. An attacker can exploit this to dereference already freed memory, potentially resulting in the execution of arbitrary code. (CVE-2015-2731)\n\n - An uninitialized memory use issue exists in the CairoTextureClientD3D9::BorrowDrawTarget() function, the ::d3d11::SetBufferData() function, and the YCbCrImageDataDeserializer::ToDataSourceSurface() function. The impact is unspecified. (CVE-2015-2734, CVE-2015-2737, CVE-2015-2738)\n\n - A memory corruption issue exists in the nsZipArchive::GetDataOffset() function due to improper string length checks. An attacker can exploit this, via a crafted ZIP archive, to potentially execute arbitrary code. (CVE-2015-2735)\n\n - A memory corruption issue exists in the nsZipArchive::BuildFileList() function due to improper validation of user-supplied input. An attacker can exploit this, via a crafted ZIP archive, to potentially execute arbitrary code. (CVE-2015-2736)\n\n - An unspecified memory corruption issue exists in the ArrayBufferBuilder::append() function due to improper validation of user-supplied input. An attacker can exploit this to potentially execute arbitrary code.\n (CVE-2015-2739)\n\n - A buffer overflow condition exists in the nsXMLHttpRequest::AppendToResponseText() function due to improper validation of user-supplied input. An attacker can exploit this to potentially execute arbitrary code.\n (CVE-2015-2740)\n\n - A security bypass vulnerability exists due to a flaw in certificate pinning checks. Key pinning is not enforced upon encountering an X.509 certificate problem that generates a user dialog. A man-in-the-middle attacker can exploit this to bypass intended access restrictions.\n (CVE-2015-2741)\n\n - A man-in-the-middle vulnerability, known as Logjam, exists due to a flaw in the SSL/TLS protocol. A remote attacker can exploit this flaw to downgrade connections using ephemeral Diffie-Hellman key exchange to 512-bit export-grade cryptography. (CVE-2015-4000)", "modified": "2018-07-16T00:00:00", "id": "MOZILLA_THUNDERBIRD_38_1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=84582", "published": "2015-07-07T00:00:00", "title": "Mozilla Thunderbird < 38.1 Multiple Vulnerabilities (Logjam)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(84582);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2018/07/16 14:09:15\");\n\n script_cve_id(\n \"CVE-2015-2721\",\n \"CVE-2015-2724\",\n \"CVE-2015-2725\",\n \"CVE-2015-2731\",\n \"CVE-2015-2734\",\n \"CVE-2015-2735\",\n \"CVE-2015-2736\",\n \"CVE-2015-2737\",\n \"CVE-2015-2738\",\n \"CVE-2015-2739\",\n \"CVE-2015-2740\",\n \"CVE-2015-2741\",\n \"CVE-2015-4000\"\n );\n script_bugtraq_id(74733);\n\n script_name(english:\"Mozilla Thunderbird < 38.1 Multiple Vulnerabilities (Logjam)\");\n script_summary(english:\"Checks the version of Thunderbird.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host contains a mail client that is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Thunderbird installed on the remote Windows host is\nprior to 38.1. It is, therefore, affected by multiple\nvulnerabilities :\n\n - A security downgrade vulnerability exists due to a flaw\n in Network Security Services (NSS). When a client allows\n for a ECDHE_ECDSA exchange, but the server does not send \n a ServerKeyExchange message, the NSS client will take\n the EC key from the ECDSA certificate. A remote attacker \n can exploit this to silently downgrade the exchange to a\n non-forward secret mixed-ECDH exchange. (CVE-2015-2721)\n\n - Multiple memory corruption issues exist that allow an\n attacker to cause a denial of service condition or\n potentially execute arbitrary code. (CVE-2015-2724,\n CVE-2015-2725)\n\n - A use-after-free error exists in the\n CSPService::ShouldLoad() function when modifying the\n Document Object Model to remove a DOM object. An\n attacker can exploit this to dereference already freed\n memory, potentially resulting in the execution of\n arbitrary code. (CVE-2015-2731)\n\n - An uninitialized memory use issue exists in the\n CairoTextureClientD3D9::BorrowDrawTarget() function, the\n ::d3d11::SetBufferData() function, and the\n YCbCrImageDataDeserializer::ToDataSourceSurface()\n function. The impact is unspecified. (CVE-2015-2734,\n CVE-2015-2737, CVE-2015-2738)\n\n - A memory corruption issue exists in the\n nsZipArchive::GetDataOffset() function due to improper\n string length checks. An attacker can exploit this, via\n a crafted ZIP archive, to potentially execute arbitrary\n code. (CVE-2015-2735)\n\n - A memory corruption issue exists in the\n nsZipArchive::BuildFileList() function due to improper\n validation of user-supplied input. An attacker can\n exploit this, via a crafted ZIP archive, to potentially\n execute arbitrary code. (CVE-2015-2736)\n\n - An unspecified memory corruption issue exists in the\n ArrayBufferBuilder::append() function due to improper\n validation of user-supplied input. An attacker can\n exploit this to potentially execute arbitrary code.\n (CVE-2015-2739)\n\n - A buffer overflow condition exists in the\n nsXMLHttpRequest::AppendToResponseText() function due to\n improper validation of user-supplied input. An attacker\n can exploit this to potentially execute arbitrary code.\n (CVE-2015-2740)\n\n - A security bypass vulnerability exists due to a flaw in\n certificate pinning checks. Key pinning is not enforced\n upon encountering an X.509 certificate problem that\n generates a user dialog. A man-in-the-middle attacker\n can exploit this to bypass intended access restrictions.\n (CVE-2015-2741)\n\n - A man-in-the-middle vulnerability, known as Logjam,\n exists due to a flaw in the SSL/TLS protocol. A remote\n attacker can exploit this flaw to downgrade connections\n using ephemeral Diffie-Hellman key exchange to 512-bit\n export-grade cryptography. (CVE-2015-4000)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org//en-US/security/advisories/mfsa2015-59/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org//en-US/security/advisories/mfsa2015-63/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org//en-US/security/advisories/mfsa2015-66/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org//en-US/security/advisories/mfsa2015-67/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org//en-US/security/advisories/mfsa2015-70/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org//en-US/security/advisories/mfsa2015-71/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://weakdh.org/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Thunderbird 38.1 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/05/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/07/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/07/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:thunderbird\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"mozilla_org_installed.nasl\");\n script_require_keys(\"Mozilla/Thunderbird/Version\");\n\n exit(0);\n}\n\ninclude(\"mozilla_version.inc\");\n\nport = get_kb_item(\"SMB/transport\");\nif (!port) port = 445;\n\ninstalls = get_kb_list(\"SMB/Mozilla/Thunderbird/*\");\nif (isnull(installs)) audit(AUDIT_NOT_INST, \"Thunderbird\");\n\nmozilla_check_version(installs:installs, product:'thunderbird', esr:FALSE, fix:'38.1', min:'38.0', severity:SECURITY_HOLE);\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:24:39", "bulletinFamily": "scanner", "description": "Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2015-2724, CVE-2015-2725, CVE-2015-2731, CVE-2015-2734, CVE-2015-2735, CVE-2015-2736, CVE-2015-2737, CVE-2015-2738, CVE-2015-2739, CVE-2015-2740)\n\nIt was found that Thunderbird skipped key-pinning checks when handling an error that could be overridden by the user (for example an expired certificate error). This flaw allowed a user to override a pinned certificate, which is an action the user should not be able to perform. (CVE-2015-2741)\n\nNote: All of the above issues cannot be exploited by a specially crafted HTML mail message as JavaScript is disabled by default for mail messages. They could be exploited another way in Thunderbird, for example, when viewing the full remote content of an RSS feed.\n\nAfter installing the update, Thunderbird must be restarted for the changes to take effect.", "modified": "2018-12-28T00:00:00", "id": "SL_20150720_THUNDERBIRD_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=84895", "published": "2015-07-21T00:00:00", "title": "Scientific Linux Security Update : thunderbird on SL5.x, SL6.x, SL7.x i386/x86_64", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(84895);\n script_version(\"2.5\");\n script_cvs_date(\"Date: 2018/12/28 10:10:36\");\n\n script_cve_id(\"CVE-2015-2724\", \"CVE-2015-2725\", \"CVE-2015-2731\", \"CVE-2015-2734\", \"CVE-2015-2735\", \"CVE-2015-2736\", \"CVE-2015-2737\", \"CVE-2015-2738\", \"CVE-2015-2739\", \"CVE-2015-2740\", \"CVE-2015-2741\");\n\n script_name(english:\"Scientific Linux Security Update : thunderbird on SL5.x, SL6.x, SL7.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Thunderbird to crash\nor, potentially, execute arbitrary code with the privileges of the\nuser running Thunderbird. (CVE-2015-2724, CVE-2015-2725,\nCVE-2015-2731, CVE-2015-2734, CVE-2015-2735, CVE-2015-2736,\nCVE-2015-2737, CVE-2015-2738, CVE-2015-2739, CVE-2015-2740)\n\nIt was found that Thunderbird skipped key-pinning checks when handling\nan error that could be overridden by the user (for example an expired\ncertificate error). This flaw allowed a user to override a pinned\ncertificate, which is an action the user should not be able to\nperform. (CVE-2015-2741)\n\nNote: All of the above issues cannot be exploited by a specially\ncrafted HTML mail message as JavaScript is disabled by default for\nmail messages. They could be exploited another way in Thunderbird, for\nexample, when viewing the full remote content of an RSS feed.\n\nAfter installing the update, Thunderbird must be restarted for the\nchanges to take effect.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1507&L=scientific-linux-errata&F=&S=&P=9353\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1f4fab9f\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected thunderbird and / or thunderbird-debuginfo\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/07/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/07/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"thunderbird-31.8.0-1.el5_11\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"thunderbird-debuginfo-31.8.0-1.el5_11\")) flag++;\n\nif (rpm_check(release:\"SL6\", reference:\"thunderbird-31.8.0-1.el6_6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"thunderbird-debuginfo-31.8.0-1.el6_6\")) flag++;\n\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"thunderbird-31.8.0-1.el7_1\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"thunderbird-debuginfo-31.8.0-1.el7_1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:24:39", "bulletinFamily": "scanner", "description": "From Red Hat Security Advisory 2015:1455 :\n\nAn updated thunderbird package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5, 6, and 7.\n\nRed Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2015-2724, CVE-2015-2725, CVE-2015-2731, CVE-2015-2734, CVE-2015-2735, CVE-2015-2736, CVE-2015-2737, CVE-2015-2738, CVE-2015-2739, CVE-2015-2740)\n\nIt was found that Thunderbird skipped key-pinning checks when handling an error that could be overridden by the user (for example an expired certificate error). This flaw allowed a user to override a pinned certificate, which is an action the user should not be able to perform. (CVE-2015-2741)\n\nNote: All of the above issues cannot be exploited by a specially crafted HTML mail message as JavaScript is disabled by default for mail messages. They could be exploited another way in Thunderbird, for example, when viewing the full remote content of an RSS feed.\n\nRed Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Bob Clary, Christian Holler, Bobby Holley, Andrew McCreight, Herre, Ronald Crane, and David Keeler as the original reporters of these issues.\n\nFor technical details regarding these flaws, refer to the Mozilla security advisories for Thunderbird 31.8. You can find a link to the Mozilla advisories in the References section of this erratum.\n\nAll Thunderbird users should upgrade to this updated package, which contains Thunderbird version 31.8, which corrects these issues. After installing the update, Thunderbird must be restarted for the changes to take effect.", "modified": "2018-07-18T00:00:00", "id": "ORACLELINUX_ELSA-2015-1455.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=84890", "published": "2015-07-21T00:00:00", "title": "Oracle Linux 6 / 7 : thunderbird (ELSA-2015-1455)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2015:1455 and \n# Oracle Linux Security Advisory ELSA-2015-1455 respectively.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(84890);\n script_version(\"2.5\");\n script_cvs_date(\"Date: 2018/07/18 17:43:58\");\n\n script_cve_id(\"CVE-2015-2724\", \"CVE-2015-2725\", \"CVE-2015-2731\", \"CVE-2015-2734\", \"CVE-2015-2735\", \"CVE-2015-2736\", \"CVE-2015-2737\", \"CVE-2015-2738\", \"CVE-2015-2739\", \"CVE-2015-2740\", \"CVE-2015-2741\");\n script_bugtraq_id(75541);\n script_xref(name:\"RHSA\", value:\"2015:1455\");\n\n script_name(english:\"Oracle Linux 6 / 7 : thunderbird (ELSA-2015-1455)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2015:1455 :\n\nAn updated thunderbird package that fixes multiple security issues is\nnow available for Red Hat Enterprise Linux 5, 6, and 7.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Thunderbird to crash\nor, potentially, execute arbitrary code with the privileges of the\nuser running Thunderbird. (CVE-2015-2724, CVE-2015-2725,\nCVE-2015-2731, CVE-2015-2734, CVE-2015-2735, CVE-2015-2736,\nCVE-2015-2737, CVE-2015-2738, CVE-2015-2739, CVE-2015-2740)\n\nIt was found that Thunderbird skipped key-pinning checks when handling\nan error that could be overridden by the user (for example an expired\ncertificate error). This flaw allowed a user to override a pinned\ncertificate, which is an action the user should not be able to\nperform. (CVE-2015-2741)\n\nNote: All of the above issues cannot be exploited by a specially\ncrafted HTML mail message as JavaScript is disabled by default for\nmail messages. They could be exploited another way in Thunderbird, for\nexample, when viewing the full remote content of an RSS feed.\n\nRed Hat would like to thank the Mozilla project for reporting these\nissues. Upstream acknowledges Bob Clary, Christian Holler, Bobby\nHolley, Andrew McCreight, Herre, Ronald Crane, and David Keeler as the\noriginal reporters of these issues.\n\nFor technical details regarding these flaws, refer to the Mozilla\nsecurity advisories for Thunderbird 31.8. You can find a link to the\nMozilla advisories in the References section of this erratum.\n\nAll Thunderbird users should upgrade to this updated package, which\ncontains Thunderbird version 31.8, which corrects these issues. After\ninstalling the update, Thunderbird must be restarted for the changes\nto take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2015-July/005214.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2015-July/005215.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected thunderbird package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/07/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/07/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6 / 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", reference:\"thunderbird-31.8.0-1.0.1.el6_6\")) flag++;\n\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"thunderbird-31.8.0-1.0.1.el7_1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"thunderbird\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:24:29", "bulletinFamily": "scanner", "description": "The version of Thunderbird installed on the remote Mac OS X host is prior to 38.1. It is, therefore, affected by multiple vulnerabilities :\n\n - A security downgrade vulnerability exists due to a flaw in Network Security Services (NSS). When a client allows for a ECDHE_ECDSA exchange, but the server does not send a ServerKeyExchange message, the NSS client will take the EC key from the ECDSA certificate. A remote attacker can exploit this to silently downgrade the exchange to a non-forward secret mixed-ECDH exchange. (CVE-2015-2721)\n\n - Multiple memory corruption issues exist that allow an attacker to cause a denial of service condition or potentially execute arbitrary code. (CVE-2015-2724, CVE-2015-2725)\n\n - A use-after-free error exists in the CSPService::ShouldLoad() function when modifying the Document Object Model to remove a DOM object. An attacker can exploit this to dereference already freed memory, potentially resulting in the execution of arbitrary code. (CVE-2015-2731)\n\n - An uninitialized memory use issue exists in the CairoTextureClientD3D9::BorrowDrawTarget() function, the ::d3d11::SetBufferData() function, and the YCbCrImageDataDeserializer::ToDataSourceSurface() function. The impact is unspecified. (CVE-2015-2734, CVE-2015-2737, CVE-2015-2738)\n\n - A memory corruption issue exists in the nsZipArchive::GetDataOffset() function due to improper string length checks. An attacker can exploit this, via a crafted ZIP archive, to potentially execute arbitrary code. (CVE-2015-2735)\n\n - A memory corruption issue exists in the nsZipArchive::BuildFileList() function due to improper validation of user-supplied input. An attacker can exploit this, via a crafted ZIP archive, to potentially execute arbitrary code. (CVE-2015-2736)\n\n - An unspecified memory corruption issue exists in the ArrayBufferBuilder::append() function due to improper validation of user-supplied input. An attacker can exploit this to potentially execute arbitrary code.\n (CVE-2015-2739)\n\n - A buffer overflow condition exists in the nsXMLHttpRequest::AppendToResponseText() function due to improper validation of user-supplied input. An attacker can exploit this to potentially execute arbitrary code.\n (CVE-2015-2740)\n\n - A security bypass vulnerability exists due to a flaw in certificate pinning checks. Key pinning is not enforced upon encountering an X.509 certificate problem that generates a user dialog. A man-in-the-middle attacker can exploit this to bypass intended access restrictions.\n (CVE-2015-2741)\n\n - A man-in-the-middle vulnerability, known as Logjam, exists due to a flaw in the SSL/TLS protocol. A remote attacker can exploit this flaw to downgrade connections using ephemeral Diffie-Hellman key exchange to 512-bit export-grade cryptography. (CVE-2015-4000)", "modified": "2018-07-14T00:00:00", "id": "MACOSX_THUNDERBIRD_38_1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=84578", "published": "2015-07-07T00:00:00", "title": "Mozilla Thunderbird < 38.1 Multiple Vulnerabilities (Mac OS X) (Logjam)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(84578);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2018/07/14 1:59:36\");\n\n script_cve_id(\n \"CVE-2015-2721\",\n \"CVE-2015-2724\",\n \"CVE-2015-2725\",\n \"CVE-2015-2731\",\n \"CVE-2015-2734\",\n \"CVE-2015-2735\",\n \"CVE-2015-2736\",\n \"CVE-2015-2737\",\n \"CVE-2015-2738\",\n \"CVE-2015-2739\",\n \"CVE-2015-2740\",\n \"CVE-2015-2741\",\n \"CVE-2015-4000\"\n );\n script_bugtraq_id(74733);\n\n script_name(english:\"Mozilla Thunderbird < 38.1 Multiple Vulnerabilities (Mac OS X) (Logjam)\");\n script_summary(english:\"Checks the version of Thunderbird.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Mac OS X host contains a mail client that is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Thunderbird installed on the remote Mac OS X host is\nprior to 38.1. It is, therefore, affected by multiple\nvulnerabilities :\n\n - A security downgrade vulnerability exists due to a flaw\n in Network Security Services (NSS). When a client allows\n for a ECDHE_ECDSA exchange, but the server does not send \n a ServerKeyExchange message, the NSS client will take\n the EC key from the ECDSA certificate. A remote attacker\n can exploit this to silently downgrade the exchange to a\n non-forward secret mixed-ECDH exchange. (CVE-2015-2721)\n\n - Multiple memory corruption issues exist that allow an\n attacker to cause a denial of service condition or\n potentially execute arbitrary code. (CVE-2015-2724,\n CVE-2015-2725)\n\n - A use-after-free error exists in the\n CSPService::ShouldLoad() function when modifying the\n Document Object Model to remove a DOM object. An\n attacker can exploit this to dereference already freed\n memory, potentially resulting in the execution of\n arbitrary code. (CVE-2015-2731)\n\n - An uninitialized memory use issue exists in the\n CairoTextureClientD3D9::BorrowDrawTarget() function, the\n ::d3d11::SetBufferData() function, and the\n YCbCrImageDataDeserializer::ToDataSourceSurface()\n function. The impact is unspecified. (CVE-2015-2734,\n CVE-2015-2737, CVE-2015-2738)\n\n - A memory corruption issue exists in the\n nsZipArchive::GetDataOffset() function due to improper\n string length checks. An attacker can exploit this, via\n a crafted ZIP archive, to potentially execute arbitrary\n code. (CVE-2015-2735)\n\n - A memory corruption issue exists in the\n nsZipArchive::BuildFileList() function due to improper\n validation of user-supplied input. An attacker can\n exploit this, via a crafted ZIP archive, to potentially\n execute arbitrary code. (CVE-2015-2736)\n\n - An unspecified memory corruption issue exists in the\n ArrayBufferBuilder::append() function due to improper\n validation of user-supplied input. An attacker can\n exploit this to potentially execute arbitrary code.\n (CVE-2015-2739)\n\n - A buffer overflow condition exists in the\n nsXMLHttpRequest::AppendToResponseText() function due to\n improper validation of user-supplied input. An attacker\n can exploit this to potentially execute arbitrary code.\n (CVE-2015-2740)\n\n - A security bypass vulnerability exists due to a flaw in\n certificate pinning checks. Key pinning is not enforced\n upon encountering an X.509 certificate problem that\n generates a user dialog. A man-in-the-middle attacker\n can exploit this to bypass intended access restrictions.\n (CVE-2015-2741)\n\n - A man-in-the-middle vulnerability, known as Logjam,\n exists due to a flaw in the SSL/TLS protocol. A remote\n attacker can exploit this flaw to downgrade connections\n using ephemeral Diffie-Hellman key exchange to 512-bit\n export-grade cryptography. (CVE-2015-4000)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org//en-US/security/advisories/mfsa2015-59/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org//en-US/security/advisories/mfsa2015-63/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org//en-US/security/advisories/mfsa2015-66/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org//en-US/security/advisories/mfsa2015-67/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org//en-US/security/advisories/mfsa2015-70/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org//en-US/security/advisories/mfsa2015-71/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://weakdh.org/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Thunderbird 38.1 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/05/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/07/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/07/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:thunderbird\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"macosx_thunderbird_installed.nasl\");\n script_require_keys(\"MacOSX/Thunderbird/Installed\");\n\n exit(0);\n}\n\ninclude(\"mozilla_version.inc\");\n\nkb_base = \"MacOSX/Thunderbird\";\nget_kb_item_or_exit(kb_base+\"/Installed\");\n\nversion = get_kb_item_or_exit(kb_base+\"/Version\", exit_code:1);\npath = get_kb_item_or_exit(kb_base+\"/Path\", exit_code:1);\n\nif (get_kb_item(kb_base + '/is_esr')) exit(0, 'The Mozilla Thunderbird install is in the ESR branch.');\n\nmozilla_check_version(product:'thunderbird', version:version, path:path, esr:FALSE, fix:'38.1', min:'38.0', severity:SECURITY_HOLE);\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:24:27", "bulletinFamily": "scanner", "description": "Multiple security issues have been found in Iceweasel, Debian's version of the Mozilla Firefox web browser: Multiple memory safety errors, use-after-frees and other implementation errors may lead to the execution of arbitrary code or denial of service. This update also addresses a vulnerability in DHE key processing commonly known as the 'LogJam' vulnerability.", "modified": "2018-11-10T00:00:00", "id": "DEBIAN_DSA-3300.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=84510", "published": "2015-07-06T00:00:00", "title": "Debian DSA-3300-1 : iceweasel - security update (Logjam)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3300. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(84510);\n script_version(\"2.19\");\n script_cvs_date(\"Date: 2018/11/10 11:49:37\");\n\n script_cve_id(\"CVE-2015-2724\", \"CVE-2015-2728\", \"CVE-2015-2731\", \"CVE-2015-2734\", \"CVE-2015-2735\", \"CVE-2015-2736\", \"CVE-2015-2737\", \"CVE-2015-2738\", \"CVE-2015-2739\", \"CVE-2015-2740\", \"CVE-2015-2743\", \"CVE-2015-4000\");\n script_bugtraq_id(75541);\n script_xref(name:\"DSA\", value:\"3300\");\n\n script_name(english:\"Debian DSA-3300-1 : iceweasel - security update (Logjam)\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple security issues have been found in Iceweasel, Debian's\nversion of the Mozilla Firefox web browser: Multiple memory safety\nerrors, use-after-frees and other implementation errors may lead to\nthe execution of arbitrary code or denial of service. This update also\naddresses a vulnerability in DHE key processing commonly known as the\n'LogJam' vulnerability.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/iceweasel\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/iceweasel\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2015/dsa-3300\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the iceweasel packages.\n\nFor the oldstable distribution (wheezy), this problem has been fixed\nin version 31.8.0esr-1~deb7u1.\n\nFor the stable distribution (jessie), this problem has been fixed in\nversion 31.8.0esr-1~deb8u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/07/04\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/07/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel\", reference:\"31.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-dbg\", reference:\"31.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-dev\", reference:\"31.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-ach\", reference:\"31.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-af\", reference:\"31.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-all\", reference:\"31.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-an\", reference:\"31.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-ar\", reference:\"31.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-as\", reference:\"31.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-ast\", reference:\"31.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-be\", reference:\"31.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-bg\", reference:\"31.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-bn-bd\", reference:\"31.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-bn-in\", reference:\"31.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-br\", reference:\"31.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-bs\", reference:\"31.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-ca\", reference:\"31.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-cs\", reference:\"31.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-csb\", reference:\"31.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-cy\", reference:\"31.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-da\", reference:\"31.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-de\", reference:\"31.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-el\", reference:\"31.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-en-gb\", reference:\"31.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-en-za\", reference:\"31.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-eo\", reference:\"31.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-es-ar\", reference:\"31.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-es-cl\", reference:\"31.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-es-es\", reference:\"31.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-es-mx\", reference:\"31.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-et\", reference:\"31.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-eu\", reference:\"31.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-fa\", reference:\"31.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-ff\", reference:\"31.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-fi\", reference:\"31.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-fr\", reference:\"31.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-fy-nl\", reference:\"31.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-ga-ie\", reference:\"31.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-gd\", reference:\"31.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-gl\", reference:\"31.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-gu-in\", reference:\"31.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-he\", reference:\"31.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-hi-in\", reference:\"31.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-hr\", reference:\"31.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-hsb\", reference:\"31.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-hu\", reference:\"31.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-hy-am\", reference:\"31.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-id\", reference:\"31.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-is\", reference:\"31.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-it\", reference:\"31.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-ja\", reference:\"31.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-kk\", reference:\"31.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-km\", reference:\"31.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-kn\", reference:\"31.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-ko\", reference:\"31.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-ku\", reference:\"31.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-lij\", reference:\"31.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-lt\", reference:\"31.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-lv\", reference:\"31.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-mai\", reference:\"31.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-mk\", reference:\"31.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-ml\", reference:\"31.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-mr\", reference:\"31.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-ms\", reference:\"31.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-nb-no\", reference:\"31.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-nl\", reference:\"31.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-nn-no\", reference:\"31.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-or\", reference:\"31.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-pa-in\", reference:\"31.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-pl\", reference:\"31.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-pt-br\", reference:\"31.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-pt-pt\", reference:\"31.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-rm\", reference:\"31.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-ro\", reference:\"31.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-ru\", reference:\"31.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-si\", reference:\"31.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-sk\", reference:\"31.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-sl\", reference:\"31.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-son\", reference:\"31.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-sq\", reference:\"31.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-sr\", reference:\"31.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-sv-se\", reference:\"31.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-ta\", reference:\"31.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-te\", reference:\"31.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-th\", reference:\"31.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-tr\", reference:\"31.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-uk\", reference:\"31.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-vi\", reference:\"31.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-xh\", reference:\"31.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-zh-cn\", reference:\"31.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-zh-tw\", reference:\"31.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-zu\", reference:\"31.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel\", reference:\"31.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-dbg\", reference:\"31.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-dev\", reference:\"31.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-ach\", reference:\"31.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-af\", reference:\"31.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-all\", reference:\"31.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-an\", reference:\"31.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-ar\", reference:\"31.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-as\", reference:\"31.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-ast\", reference:\"31.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-be\", reference:\"31.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-bg\", reference:\"31.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-bn-bd\", reference:\"31.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-bn-in\", reference:\"31.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-br\", reference:\"31.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-bs\", reference:\"31.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-ca\", reference:\"31.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-cs\", reference:\"31.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-csb\", reference:\"31.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-cy\", reference:\"31.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-da\", reference:\"31.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-de\", reference:\"31.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-el\", reference:\"31.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-en-gb\", reference:\"31.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-en-za\", reference:\"31.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-eo\", reference:\"31.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-es-ar\", reference:\"31.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-es-cl\", reference:\"31.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-es-es\", reference:\"31.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-es-mx\", reference:\"31.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-et\", reference:\"31.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-eu\", reference:\"31.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-fa\", reference:\"31.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-ff\", reference:\"31.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-fi\", reference:\"31.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-fr\", reference:\"31.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-fy-nl\", reference:\"31.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-ga-ie\", reference:\"31.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-gd\", reference:\"31.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-gl\", reference:\"31.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-gu-in\", reference:\"31.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-he\", reference:\"31.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-hi-in\", reference:\"31.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-hr\", reference:\"31.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-hsb\", reference:\"31.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-hu\", reference:\"31.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-hy-am\", reference:\"31.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-id\", reference:\"31.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-is\", reference:\"31.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-it\", reference:\"31.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-ja\", reference:\"31.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-kk\", reference:\"31.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-km\", reference:\"31.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-kn\", reference:\"31.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-ko\", reference:\"31.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-ku\", reference:\"31.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-lij\", reference:\"31.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-lt\", reference:\"31.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-lv\", reference:\"31.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-mai\", reference:\"31.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-mk\", reference:\"31.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-ml\", reference:\"31.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-mr\", reference:\"31.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-ms\", reference:\"31.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-nb-no\", reference:\"31.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-nl\", reference:\"31.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-nn-no\", reference:\"31.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-or\", reference:\"31.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-pa-in\", reference:\"31.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-pl\", reference:\"31.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-pt-br\", reference:\"31.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-pt-pt\", reference:\"31.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-rm\", reference:\"31.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-ro\", reference:\"31.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-ru\", reference:\"31.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-si\", reference:\"31.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-sk\", reference:\"31.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-sl\", reference:\"31.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-son\", reference:\"31.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-sq\", reference:\"31.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-sr\", reference:\"31.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-sv-se\", reference:\"31.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-ta\", reference:\"31.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-te\", reference:\"31.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-th\", reference:\"31.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-tr\", reference:\"31.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-uk\", reference:\"31.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-vi\", reference:\"31.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-xh\", reference:\"31.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-zh-cn\", reference:\"31.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-zh-tw\", reference:\"31.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-zu\", reference:\"31.8.0esr-1~deb8u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:24:39", "bulletinFamily": "scanner", "description": "Karthikeyan Bhargavan discovered that NSS incorrectly handled state transitions for the TLS state machine. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to skip the ServerKeyExchange message and remove the forward-secrecy property. (CVE-2015-2721)\n\nBob Clary, Christian Holler, Bobby Holley, and Andrew McCreight discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2015-2724)\n\nRonald Crane discovered multiple security vulnerabilities. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2015-2734, CVE-2015-2735, CVE-2015-2736, CVE-2015-2737, CVE-2015-2738, CVE-2015-2739, CVE-2015-2740)\n\nMatthew Green discovered a DHE key processing issue in NSS where a MITM could force a server to downgrade TLS connections to 512-bit export-grade cryptography. An attacker could potentially exploit this to impersonate the server. (CVE-2015-4000).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2018-12-01T00:00:00", "id": "UBUNTU_USN-2673-1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=84900", "published": "2015-07-21T00:00:00", "title": "Ubuntu 12.04 LTS / 14.04 LTS / 14.10 / 15.04 : thunderbird vulnerabilities (USN-2673-1) (Logjam)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2673-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(84900);\n script_version(\"2.16\");\n script_cvs_date(\"Date: 2018/12/01 15:12:39\");\n\n script_cve_id(\"CVE-2015-2721\", \"CVE-2015-2724\", \"CVE-2015-2734\", \"CVE-2015-2735\", \"CVE-2015-2736\", \"CVE-2015-2737\", \"CVE-2015-2738\", \"CVE-2015-2739\", \"CVE-2015-2740\", \"CVE-2015-4000\");\n script_bugtraq_id(74733);\n script_xref(name:\"USN\", value:\"2673-1\");\n\n script_name(english:\"Ubuntu 12.04 LTS / 14.04 LTS / 14.10 / 15.04 : thunderbird vulnerabilities (USN-2673-1) (Logjam)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Karthikeyan Bhargavan discovered that NSS incorrectly handled state\ntransitions for the TLS state machine. If a remote attacker were able\nto perform a man-in-the-middle attack, this flaw could be exploited to\nskip the ServerKeyExchange message and remove the forward-secrecy\nproperty. (CVE-2015-2721)\n\nBob Clary, Christian Holler, Bobby Holley, and Andrew McCreight\ndiscovered multiple memory safety issues in Thunderbird. If a user\nwere tricked in to opening a specially crafted website in a browsing\ncontext, an attacker could potentially exploit these to cause a denial\nof service via application crash, or execute arbitrary code with the\nprivileges of the user invoking Thunderbird. (CVE-2015-2724)\n\nRonald Crane discovered multiple security vulnerabilities. If a user\nwere tricked in to opening a specially crafted website in a browsing\ncontext, an attacker could potentially exploit these to cause a denial\nof service via application crash, or execute arbitrary code with the\nprivileges of the user invoking Thunderbird. (CVE-2015-2734,\nCVE-2015-2735, CVE-2015-2736, CVE-2015-2737, CVE-2015-2738,\nCVE-2015-2739, CVE-2015-2740)\n\nMatthew Green discovered a DHE key processing issue in NSS where a\nMITM could force a server to downgrade TLS connections to 512-bit\nexport-grade cryptography. An attacker could potentially exploit this\nto impersonate the server. (CVE-2015-4000).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2673-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected thunderbird package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:15.04\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/07/20\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/07/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2015-2018 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(12\\.04|14\\.04|14\\.10|15\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04 / 14.04 / 14.10 / 15.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"thunderbird\", pkgver:\"1:31.8.0+build1-0ubuntu0.12.04.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"thunderbird\", pkgver:\"1:31.8.0+build1-0ubuntu0.14.04.1\")) flag++;\nif (ubuntu_check(osver:\"14.10\", pkgname:\"thunderbird\", pkgver:\"1:31.8.0+build1-0ubuntu0.14.10.1\")) flag++;\nif (ubuntu_check(osver:\"15.04\", pkgname:\"thunderbird\", pkgver:\"1:31.8.0+build1-0ubuntu0.15.04.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"thunderbird\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:24:46", "bulletinFamily": "scanner", "description": "Multiple security issues have been found in Icedove, Debian's version of the Mozilla Thunderbird mail client: multiple memory safety errors, use-after-frees and other implementation errors may lead to the execution of arbitrary code or denial of service. This update also addresses a vulnerability in DHE key processing commonly known as the 'LogJam' vulnerability.", "modified": "2018-11-10T00:00:00", "id": "DEBIAN_DSA-3324.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=85163", "published": "2015-08-03T00:00:00", "title": "Debian DSA-3324-1 : icedove - security update (Logjam)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3324. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(85163);\n script_version(\"2.13\");\n script_cvs_date(\"Date: 2018/11/10 11:49:37\");\n\n script_cve_id(\"CVE-2015-2721\", \"CVE-2015-2724\", \"CVE-2015-2734\", \"CVE-2015-2735\", \"CVE-2015-2736\", \"CVE-2015-2737\", \"CVE-2015-2738\", \"CVE-2015-2739\", \"CVE-2015-2740\", \"CVE-2015-4000\");\n script_xref(name:\"DSA\", value:\"3324\");\n\n script_name(english:\"Debian DSA-3324-1 : icedove - security update (Logjam)\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple security issues have been found in Icedove, Debian's version\nof the Mozilla Thunderbird mail client: multiple memory safety errors,\nuse-after-frees and other implementation errors may lead to the\nexecution of arbitrary code or denial of service. This update also\naddresses a vulnerability in DHE key processing commonly known as the\n'LogJam' vulnerability.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/icedove\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/icedove\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2015/dsa-3324\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the icedove packages.\n\nFor the oldstable distribution (wheezy), these problems have been\nfixed in version 31.8.0-1~deb7u1.\n\nFor the stable distribution (jessie), these problems have been fixed\nin version 31.8.0-1~deb8u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/08/01\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/08/03\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"calendar-google-provider\", reference:\"31.8.0-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"icedove\", reference:\"31.8.0-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"icedove-dbg\", reference:\"31.8.0-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"icedove-dev\", reference:\"31.8.0-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceowl-extension\", reference:\"31.8.0-1~deb7u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"calendar-google-provider\", reference:\"31.8.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove\", reference:\"31.8.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove-dbg\", reference:\"31.8.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove-dev\", reference:\"31.8.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceowl-extension\", reference:\"31.8.0-1~deb8u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:24:27", "bulletinFamily": "scanner", "description": "Updated firefox packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5, 6, and 7.\n\nRed Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nMozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox.\n\nSeveral flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2015-2724, CVE-2015-2725, CVE-2015-2722, CVE-2015-2727, CVE-2015-2728, CVE-2015-2729, CVE-2015-2731, CVE-2015-2733, CVE-2015-2734, CVE-2015-2735, CVE-2015-2736, CVE-2015-2737, CVE-2015-2738, CVE-2015-2739, CVE-2015-2740)\n\nIt was found that Firefox skipped key-pinning checks when handling an error that could be overridden by the user (for example an expired certificate error). This flaw allowed a user to override a pinned certificate, which is an action the user should not be able to perform. (CVE-2015-2741)\n\nA flaw was discovered in Mozilla's PDF.js PDF file viewer. When combined with another vulnerability, it could allow execution of arbitrary code with the privileges of the user running Firefox.\n(CVE-2015-2743)\n\nRed Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Bob Clary, Christian Holler, Bobby Holley, Andrew McCreight, Terrence Cole, Steve Fink, Mats Palmgren, Wes Kocher, Andreas Pehrson, Jann Horn, Paul Bandha, Holger Fuhrmannek, Herre, Looben Yan, Ronald Crane, and Jonas Jenwald as the original reporters of these issues.\n\nAll Firefox users should upgrade to these updated packages, which contain Firefox version 38.1 ESR, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect.", "modified": "2018-12-27T00:00:00", "id": "REDHAT-RHSA-2015-1207.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=84535", "published": "2015-07-06T00:00:00", "title": "RHEL 5 / 6 / 7 : firefox (RHSA-2015:1207)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2015:1207. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(84535);\n script_version(\"2.17\");\n script_cvs_date(\"Date: 2018/12/27 10:05:36\");\n\n script_cve_id(\"CVE-2015-2722\", \"CVE-2015-2724\", \"CVE-2015-2725\", \"CVE-2015-2727\", \"CVE-2015-2728\", \"CVE-2015-2729\", \"CVE-2015-2731\", \"CVE-2015-2733\", \"CVE-2015-2734\", \"CVE-2015-2735\", \"CVE-2015-2736\", \"CVE-2015-2737\", \"CVE-2015-2738\", \"CVE-2015-2739\", \"CVE-2015-2740\", \"CVE-2015-2741\", \"CVE-2015-2743\");\n script_bugtraq_id(75541);\n script_xref(name:\"RHSA\", value:\"2015:1207\");\n\n script_name(english:\"RHEL 5 / 6 / 7 : firefox (RHSA-2015:1207)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated firefox packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 5, 6, and 7.\n\nRed Hat Product Security has rated this update as having Critical\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nMozilla Firefox is an open source web browser. XULRunner provides the\nXUL Runtime environment for Mozilla Firefox.\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning Firefox. (CVE-2015-2724, CVE-2015-2725, CVE-2015-2722,\nCVE-2015-2727, CVE-2015-2728, CVE-2015-2729, CVE-2015-2731,\nCVE-2015-2733, CVE-2015-2734, CVE-2015-2735, CVE-2015-2736,\nCVE-2015-2737, CVE-2015-2738, CVE-2015-2739, CVE-2015-2740)\n\nIt was found that Firefox skipped key-pinning checks when handling an\nerror that could be overridden by the user (for example an expired\ncertificate error). This flaw allowed a user to override a pinned\ncertificate, which is an action the user should not be able to\nperform. (CVE-2015-2741)\n\nA flaw was discovered in Mozilla's PDF.js PDF file viewer. When\ncombined with another vulnerability, it could allow execution of\narbitrary code with the privileges of the user running Firefox.\n(CVE-2015-2743)\n\nRed Hat would like to thank the Mozilla project for reporting these\nissues. Upstream acknowledges Bob Clary, Christian Holler, Bobby\nHolley, Andrew McCreight, Terrence Cole, Steve Fink, Mats Palmgren,\nWes Kocher, Andreas Pehrson, Jann Horn, Paul Bandha, Holger\nFuhrmannek, Herre, Looben Yan, Ronald Crane, and Jonas Jenwald as the\noriginal reporters of these issues.\n\nAll Firefox users should upgrade to these updated packages, which\ncontain Firefox version 38.1 ESR, which corrects these issues. After\ninstalling the update, Firefox must be restarted for the changes to\ntake effect.\"\n );\n # https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-esr/#\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8b5eaff4\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2015:1207\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-2737\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-2733\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-2743\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-2740\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-2741\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-2728\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-2729\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-2739\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-2738\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-2735\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-2736\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-2722\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-2734\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-2724\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-2725\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-2731\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-2727\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected firefox and / or firefox-debuginfo packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:firefox-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/07/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/07/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(5|6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x / 6.x / 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2015:1207\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", reference:\"firefox-38.1.0-1.el5_11\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"firefox-debuginfo-38.1.0-1.el5_11\")) flag++;\n\n\n if (rpm_check(release:\"RHEL6\", reference:\"firefox-38.1.0-1.el6_6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"firefox-debuginfo-38.1.0-1.el6_6\")) flag++;\n\n\n if (rpm_check(release:\"RHEL7\", reference:\"firefox-38.1.0-1.el7_1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"firefox-debuginfo-38.1.0-1.el7_1\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox / firefox-debuginfo\");\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "redhat": [{"lastseen": "2018-12-11T19:42:38", "bulletinFamily": "unix", "description": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Thunderbird to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nThunderbird. (CVE-2015-2724, CVE-2015-2725, CVE-2015-2731, CVE-2015-2734,\nCVE-2015-2735, CVE-2015-2736, CVE-2015-2737, CVE-2015-2738, CVE-2015-2739,\nCVE-2015-2740)\n\nIt was found that Thunderbird skipped key-pinning checks when handling an\nerror that could be overridden by the user (for example an expired\ncertificate error). This flaw allowed a user to override a pinned\ncertificate, which is an action the user should not be able to perform.\n(CVE-2015-2741)\n\nNote: All of the above issues cannot be exploited by a specially crafted\nHTML mail message as JavaScript is disabled by default for mail messages.\nThey could be exploited another way in Thunderbird, for example, when\nviewing the full remote content of an RSS feed.\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Bob Clary, Christian Holler, Bobby Holley, Andrew\nMcCreight, Herre, Ronald Crane, and David Keeler as the original reporters\nof these issues.\n\nFor technical details regarding these flaws, refer to the Mozilla security\nadvisories for Thunderbird 31.8. You can find a link to the Mozilla\nadvisories in the References section of this erratum.\n\nAll Thunderbird users should upgrade to this updated package, which\ncontains Thunderbird version 31.8, which corrects these issues.\nAfter installing the update, Thunderbird must be restarted for the changes\nto take effect.\n", "modified": "2018-06-06T20:24:36", "published": "2015-07-20T04:00:00", "id": "RHSA-2015:1455", "href": "https://access.redhat.com/errata/RHSA-2015:1455", "type": "redhat", "title": "(RHSA-2015:1455) Important: thunderbird security update", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-12-11T19:41:53", "bulletinFamily": "unix", "description": "Mozilla Firefox is an open source web browser. XULRunner provides the XUL\nRuntime environment for Mozilla Firefox.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nFirefox. (CVE-2015-2724, CVE-2015-2725, CVE-2015-2722, CVE-2015-2727,\nCVE-2015-2728, CVE-2015-2729, CVE-2015-2731, CVE-2015-2733, CVE-2015-2734,\nCVE-2015-2735, CVE-2015-2736, CVE-2015-2737, CVE-2015-2738, CVE-2015-2739,\nCVE-2015-2740)\n\nIt was found that Firefox skipped key-pinning checks when handling an error\nthat could be overridden by the user (for example an expired certificate\nerror). This flaw allowed a user to override a pinned certificate, which is\nan action the user should not be able to perform. (CVE-2015-2741)\n\nA flaw was discovered in Mozilla's PDF.js PDF file viewer. When combined\nwith another vulnerability, it could allow execution of arbitrary code with\nthe privileges of the user running Firefox. (CVE-2015-2743)\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Bob Clary, Christian Holler, Bobby Holley, Andrew\nMcCreight, Terrence Cole, Steve Fink, Mats Palmgren, Wes Kocher, Andreas\nPehrson, Jann Horn, Paul Bandha, Holger Fuhrmannek, Herre, Looben Yan,\nRonald Crane, and Jonas Jenwald as the original reporters of these issues.\n\nAll Firefox users should upgrade to these updated packages, which contain\nFirefox version 38.1 ESR, which corrects these issues. After installing the\nupdate, Firefox must be restarted for the changes to take effect.\n", "modified": "2018-06-06T20:24:05", "published": "2015-07-02T04:00:00", "id": "RHSA-2015:1207", "href": "https://access.redhat.com/errata/RHSA-2015:1207", "type": "redhat", "title": "(RHSA-2015:1207) Critical: firefox security update", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "openvas": [{"lastseen": "2018-09-01T23:52:15", "bulletinFamily": "scanner", "description": "Check the version of thunderbird", "modified": "2017-07-10T00:00:00", "published": "2015-07-21T00:00:00", "id": "OPENVAS:1361412562310882229", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882229", "title": "CentOS Update for thunderbird CESA-2015:1455 centos5 ", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for thunderbird CESA-2015:1455 centos5 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882229\");\n script_version(\"$Revision: 6657 $\");\n script_cve_id(\"CVE-2015-2724\", \"CVE-2015-2725\", \"CVE-2015-2731\", \"CVE-2015-2734\",\n \"CVE-2015-2735\", \"CVE-2015-2736\", \"CVE-2015-2737\", \"CVE-2015-2738\",\n \"CVE-2015-2739\", \"CVE-2015-2740\", \"CVE-2015-2741\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:50:44 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2015-07-21 06:36:36 +0200 (Tue, 21 Jul 2015)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for thunderbird CESA-2015:1455 centos5 \");\n script_tag(name: \"summary\", value: \"Check the version of thunderbird\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help of detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Thunderbird to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nThunderbird. (CVE-2015-2724, CVE-2015-2725, CVE-2015-2731, CVE-2015-2734,\nCVE-2015-2735, CVE-2015-2736, CVE-2015-2737, CVE-2015-2738, CVE-2015-2739,\nCVE-2015-2740)\n\nIt was found that Thunderbird skipped key-pinning checks when handling an\nerror that could be overridden by the user (for example an expired\ncertificate error). This flaw allowed a user to override a pinned\ncertificate, which is an action the user should not be able to perform.\n(CVE-2015-2741)\n\nNote: All of the above issues cannot be exploited by a specially crafted\nHTML mail message as JavaScript is disabled by default for mail messages.\nThey could be exploited another way in Thunderbird, for example, when\nviewing the full remote content of an RSS feed.\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Bob Clary, Christian Holler, Bobby Holley, Andrew\nMcCreight, Herre, Ronald Crane, and David Keeler as the original reporters\nof these issues.\n\nFor technical details regarding these flaws, refer to the Mozilla security\nadvisories for Thunderbird 31.8. You can find a link to the Mozilla\nadvisories in the References section of this erratum.\n\nAll Thunderbird users should upgrade to this updated package, which\ncontains Thunderbird version 31.8, which corrects these issues.\nAfter installing the update, Thunderbird must be restarted for the changes\nto take effect.\n\");\n script_tag(name: \"affected\", value: \"thunderbird on CentOS 5\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n script_xref(name: \"CESA\", value: \"2015:1455\");\n script_xref(name: \"URL\" , value: \"http://lists.centos.org/pipermail/centos-announce/2015-July/021252.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"thunderbird\", rpm:\"thunderbird~31.8.0~1.el5.centos\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-28T18:25:13", "bulletinFamily": "scanner", "description": "Oracle Linux Local Security Checks ELSA-2015-1455", "modified": "2018-09-28T00:00:00", "published": "2015-10-06T00:00:00", "id": "OPENVAS:1361412562310123074", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123074", "title": "Oracle Linux Local Check: ELSA-2015-1455", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2015-1455.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123074\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 13:59:00 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2015-1455\");\n script_tag(name:\"insight\", value:\"ELSA-2015-1455 - thunderbird security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2015-1455\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2015-1455.html\");\n script_cve_id(\"CVE-2015-2724\", \"CVE-2015-2725\", \"CVE-2015-2731\", \"CVE-2015-2734\", \"CVE-2015-2735\", \"CVE-2015-2736\", \"CVE-2015-2737\", \"CVE-2015-2738\", \"CVE-2015-2739\", \"CVE-2015-2740\", \"CVE-2015-2741\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux(7|5|6)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux7\")\n{\n if ((res = isrpmvuln(pkg:\"thunderbird\", rpm:\"thunderbird~31.8.0~1.0.1.el7_1\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"thunderbird\", rpm:\"thunderbird~31.8.0~1.0.1.el5_11\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"thunderbird\", rpm:\"thunderbird~31.8.0~1.0.1.el6_6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-11-23T15:12:47", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2018-11-23T00:00:00", "published": "2015-07-21T00:00:00", "id": "OPENVAS:1361412562310871393", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871393", "title": "RedHat Update for thunderbird RHSA-2015:1455-01", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for thunderbird RHSA-2015:1455-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871393\");\n script_version(\"$Revision: 12497 $\");\n script_cve_id(\"CVE-2015-2724\", \"CVE-2015-2725\", \"CVE-2015-2731\", \"CVE-2015-2734\",\n \"CVE-2015-2735\", \"CVE-2015-2736\", \"CVE-2015-2737\", \"CVE-2015-2738\",\n \"CVE-2015-2739\", \"CVE-2015-2740\", \"CVE-2015-2741\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-07-21 06:33:39 +0200 (Tue, 21 Jul 2015)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for thunderbird RHSA-2015:1455-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'thunderbird'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Mozilla Thunderbird is a standalone mail\n and newsgroup client.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Thunderbird to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nThunderbird. (CVE-2015-2724, CVE-2015-2725, CVE-2015-2731, CVE-2015-2734,\nCVE-2015-2735, CVE-2015-2736, CVE-2015-2737, CVE-2015-2738, CVE-2015-2739,\nCVE-2015-2740)\n\nIt was found that Thunderbird skipped key-pinning checks when handling an\nerror that could be overridden by the user (for example an expired\ncertificate error). This flaw allowed a user to override a pinned\ncertificate, which is an action the user should not be able to perform.\n(CVE-2015-2741)\n\nNote: All of the above issues cannot be exploited by a specially crafted\nHTML mail message as JavaScript is disabled by default for mail messages.\nThey could be exploited another way in Thunderbird, for example, when\nviewing the full remote content of an RSS feed.\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Bob Clary, Christian Holler, Bobby Holley, Andrew\nMcCreight, Herre, Ronald Crane, and David Keeler as the original reporters\nof these issues.\n\nFor technical details regarding these flaws, refer to the Mozilla security\nadvisories for Thunderbird 31.8. You can find a link to the Mozilla\nadvisories in the References section of this erratum.\n\nAll Thunderbird users should upgrade to this updated package, which\ncontains Thunderbird version 31.8, which corrects these issues.\nAfter installing the update, Thunderbird must be restarted for the changes\nto take effect.\");\n script_tag(name:\"affected\", value:\"thunderbird on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_xref(name:\"RHSA\", value:\"2015:1455-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2015-July/msg00017.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_6\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"thunderbird\", rpm:\"thunderbird~31.8.0~1.el6_6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"thunderbird-debuginfo\", rpm:\"thunderbird-debuginfo~31.8.0~1.el6_6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:53:04", "bulletinFamily": "scanner", "description": "Check the version of thunderbird", "modified": "2017-07-10T00:00:00", "published": "2015-07-21T00:00:00", "id": "OPENVAS:1361412562310882226", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882226", "title": "CentOS Update for thunderbird CESA-2015:1455 centos7 ", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for thunderbird CESA-2015:1455 centos7 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882226\");\n script_version(\"$Revision: 6657 $\");\n script_cve_id(\"CVE-2015-2724\", \"CVE-2015-2725\", \"CVE-2015-2731\", \"CVE-2015-2734\",\n \"CVE-2015-2735\", \"CVE-2015-2736\", \"CVE-2015-2737\", \"CVE-2015-2738\",\n \"CVE-2015-2739\", \"CVE-2015-2740\", \"CVE-2015-2741\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:50:44 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2015-07-21 06:35:23 +0200 (Tue, 21 Jul 2015)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for thunderbird CESA-2015:1455 centos7 \");\n script_tag(name: \"summary\", value: \"Check the version of thunderbird\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help of detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Thunderbird to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nThunderbird. (CVE-2015-2724, CVE-2015-2725, CVE-2015-2731, CVE-2015-2734,\nCVE-2015-2735, CVE-2015-2736, CVE-2015-2737, CVE-2015-2738, CVE-2015-2739,\nCVE-2015-2740)\n\nIt was found that Thunderbird skipped key-pinning checks when handling an\nerror that could be overridden by the user (for example an expired\ncertificate error). This flaw allowed a user to override a pinned\ncertificate, which is an action the user should not be able to perform.\n(CVE-2015-2741)\n\nNote: All of the above issues cannot be exploited by a specially crafted\nHTML mail message as JavaScript is disabled by default for mail messages.\nThey could be exploited another way in Thunderbird, for example, when\nviewing the full remote content of an RSS feed.\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Bob Clary, Christian Holler, Bobby Holley, Andrew\nMcCreight, Herre, Ronald Crane, and David Keeler as the original reporters\nof these issues.\n\nFor technical details regarding these flaws, refer to the Mozilla security\nadvisories for Thunderbird 31.8. You can find a link to the Mozilla\nadvisories in the References section of this erratum.\n\nAll Thunderbird users should upgrade to this updated package, which\ncontains Thunderbird version 31.8, which corrects these issues.\nAfter installing the update, Thunderbird must be restarted for the changes\nto take effect.\n\");\n script_tag(name: \"affected\", value: \"thunderbird on CentOS 7\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n script_xref(name: \"CESA\", value: \"2015:1455\");\n script_xref(name: \"URL\" , value: \"http://lists.centos.org/pipermail/centos-announce/2015-July/021250.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS7\")\n{\n\n if ((res = isrpmvuln(pkg:\"thunderbird\", rpm:\"thunderbird~31.8.0~1.el7.centos\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-10-22T16:40:09", "bulletinFamily": "scanner", "description": "This host is installed with Mozilla\n Thunderbird and is prone to multiple vulnerabilities.", "modified": "2018-10-19T00:00:00", "published": "2015-07-09T00:00:00", "id": "OPENVAS:1361412562310805914", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310805914", "title": "Mozilla Thunderbird Multiple Vulnerabilities-01 Jul15 (Mac OS X)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_mozilla_thunderbird_mult_vuln01_jul15_macosx.nasl 11975 2018-10-19 06:54:12Z cfischer $\n#\n# Mozilla Thunderbird Multiple Vulnerabilities-01 Jul15 (Mac OS X)\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:mozilla:thunderbird\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.805914\");\n script_version(\"$Revision: 11975 $\");\n script_cve_id(\"CVE-2015-2740\", \"CVE-2015-2739\", \"CVE-2015-2738\", \"CVE-2015-2737\",\n \"CVE-2015-2736\", \"CVE-2015-2735\", \"CVE-2015-2734\", \"CVE-2015-2724\",\n \"CVE-2015-2721\", \"CVE-2015-2725\", \"CVE-2015-2741\", \"CVE-2015-2731\",\n \"CVE-2015-4000\");\n script_bugtraq_id(75541, 74733);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-19 08:54:12 +0200 (Fri, 19 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-07-09 13:45:29 +0530 (Thu, 09 Jul 2015)\");\n script_name(\"Mozilla Thunderbird Multiple Vulnerabilities-01 Jul15 (Mac OS X)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Mozilla\n Thunderbird and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exist due to,\n\n - Buffer overflow error in the 'nsXMLHttpRequest::AppendToResponseText' function.\n\n - An error in the 'rx::d3d11::SetBufferData' function in the Direct3D 11\n implementation.\n\n - An error in the 'YCbCrImageDataDeserializer::ToDataSourceSurface' function\n in the YCbCr implementation.\n\n - An error in 'ArrayBufferBuilder::append' function.\n\n - An error in the 'CairoTextureClientD3D9::BorrowDrawTarget' function in the\n Direct3D 9 implementation.\n\n - An error in 'nsZipArchive::BuildFileList' function.\n\n - Unspecified error in nsZipArchive.cpp script.\n\n - Multiple unspecified memory related errors.\n\n - Multiple errors within Network Security Services (NSS).\n\n - An use-after-free vulnerabilities.\n\n - An overridable error allowing for skipping pinning checks.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to execute arbitrary code, obtain sensitive information, conduct\n man-in-the-middle attack, conduct denial-of-service attack and other\n unspecified impacts.\");\n\n script_tag(name:\"affected\", value:\"Mozilla Thunderbird before version 38.1\n on Mac OS X\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Mozilla Thunderbird version\n 38.1 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2015-66\");\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2015-67\");\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2015-70\");\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2015-63\");\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2015-71\");\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2015-59\");\n\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"General\");\n script_dependencies(\"gb_mozilla_prdts_detect_macosx.nasl\");\n script_mandatory_keys(\"ThunderBird/MacOSX/Version\");\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/thunderbird\");\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!tbVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:tbVer, test_version:\"38.1\"))\n{\n report = 'Installed version: ' + tbVer + '\\n' +\n 'Fixed version: 38.1\\n';\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-10-22T16:39:00", "bulletinFamily": "scanner", "description": "This host is installed with Mozilla\n Thunderbird and is prone to multiple vulnerabilities.", "modified": "2018-10-19T00:00:00", "published": "2015-07-08T00:00:00", "id": "OPENVAS:1361412562310805913", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310805913", "title": "Mozilla Thunderbird Multiple Vulnerabilities-01 Jul15 (Windows)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_mozilla_thunderbird_mult_vuln01_jul15_win.nasl 11975 2018-10-19 06:54:12Z cfischer $\n#\n# Mozilla Thunderbird Multiple Vulnerabilities-01 Jul15 (Windows)\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:mozilla:thunderbird\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.805913\");\n script_version(\"$Revision: 11975 $\");\n script_cve_id(\"CVE-2015-2740\", \"CVE-2015-2739\", \"CVE-2015-2738\", \"CVE-2015-2737\",\n \"CVE-2015-2736\", \"CVE-2015-2735\", \"CVE-2015-2734\", \"CVE-2015-2724\",\n \"CVE-2015-2721\", \"CVE-2015-2725\", \"CVE-2015-2741\", \"CVE-2015-2731\",\n \"CVE-2015-4000\");\n script_bugtraq_id(75541, 74733);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-19 08:54:12 +0200 (Fri, 19 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-07-08 15:59:57 +0530 (Wed, 08 Jul 2015)\");\n script_name(\"Mozilla Thunderbird Multiple Vulnerabilities-01 Jul15 (Windows)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Mozilla\n Thunderbird and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exist due to,\n\n - Buffer overflow error in the 'nsXMLHttpRequest::AppendToResponseText' function.\n\n - An error in the 'rx::d3d11::SetBufferData' function in the Direct3D 11\n implementation.\n\n - An error in the 'YCbCrImageDataDeserializer::ToDataSourceSurface' function\n in the YCbCr implementation.\n\n - An error in 'ArrayBufferBuilder::append' function.\n\n - An error in the 'CairoTextureClientD3D9::BorrowDrawTarget' function in the\n Direct3D 9 implementation.\n\n - An error in 'nsZipArchive::BuildFileList' function.\n\n - Unspecified error in nsZipArchive.cpp script.\n\n - Multiple unspecified memory related errors.\n\n - Multiple errors within Network Security Services (NSS).\n\n - An use-after-free vulnerabilities.\n\n - An overridable error allowing for skipping pinning checks.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to execute arbitrary code, obtain sensitive information, conduct\n man-in-the-middle attack, conduct denial-of-service attack and other\n unspecified impacts.\");\n\n script_tag(name:\"affected\", value:\"Mozilla Thunderbird before version 38.1\n on Windows\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Mozilla Thunderbird version\n 38.1 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2015-66\");\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2015-67\");\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2015-70\");\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2015-63\");\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2015-71\");\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2015-59\");\n\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"General\");\n script_dependencies(\"gb_thunderbird_detect_portable_win.nasl\");\n script_mandatory_keys(\"Thunderbird/Win/Ver\");\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/thunderbird\");\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!tbVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:tbVer, test_version:\"38.1\"))\n{\n report = 'Installed version: ' + tbVer + '\\n' +\n 'Fixed version: 38.1\\n';\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:52:32", "bulletinFamily": "scanner", "description": "Check the version of thunderbird", "modified": "2017-07-10T00:00:00", "published": "2015-07-21T00:00:00", "id": "OPENVAS:1361412562310882228", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882228", "title": "CentOS Update for thunderbird CESA-2015:1455 centos6 ", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for thunderbird CESA-2015:1455 centos6 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882228\");\n script_version(\"$Revision: 6657 $\");\n script_cve_id(\"CVE-2015-2724\", \"CVE-2015-2725\", \"CVE-2015-2731\", \"CVE-2015-2734\",\n \"CVE-2015-2735\", \"CVE-2015-2736\", \"CVE-2015-2737\", \"CVE-2015-2738\",\n \"CVE-2015-2739\", \"CVE-2015-2740\", \"CVE-2015-2741\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:50:44 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2015-07-21 06:36:22 +0200 (Tue, 21 Jul 2015)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for thunderbird CESA-2015:1455 centos6 \");\n script_tag(name: \"summary\", value: \"Check the version of thunderbird\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help of detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Thunderbird to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nThunderbird. (CVE-2015-2724, CVE-2015-2725, CVE-2015-2731, CVE-2015-2734,\nCVE-2015-2735, CVE-2015-2736, CVE-2015-2737, CVE-2015-2738, CVE-2015-2739,\nCVE-2015-2740)\n\nIt was found that Thunderbird skipped key-pinning checks when handling an\nerror that could be overridden by the user (for example an expired\ncertificate error). This flaw allowed a user to override a pinned\ncertificate, which is an action the user should not be able to perform.\n(CVE-2015-2741)\n\nNote: All of the above issues cannot be exploited by a specially crafted\nHTML mail message as JavaScript is disabled by default for mail messages.\nThey could be exploited another way in Thunderbird, for example, when\nviewing the full remote content of an RSS feed.\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Bob Clary, Christian Holler, Bobby Holley, Andrew\nMcCreight, Herre, Ronald Crane, and David Keeler as the original reporters\nof these issues.\n\nFor technical details regarding these flaws, refer to the Mozilla security\nadvisories for Thunderbird 31.8. You can find a link to the Mozilla\nadvisories in the References section of this erratum.\n\nAll Thunderbird users should upgrade to this updated package, which\ncontains Thunderbird version 31.8, which corrects these issues.\nAfter installing the update, Thunderbird must be restarted for the changes\nto take effect.\n\");\n script_tag(name: \"affected\", value: \"thunderbird on CentOS 6\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n script_xref(name: \"CESA\", value: \"2015:1455\");\n script_xref(name: \"URL\" , value: \"http://lists.centos.org/pipermail/centos-announce/2015-July/021251.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"thunderbird\", rpm:\"thunderbird~31.8.0~1.el6.centos\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-10-01T10:29:04", "bulletinFamily": "scanner", "description": "Mageia Linux Local Security Checks mgasa-2015-0284", "modified": "2018-09-28T00:00:00", "published": "2015-10-15T00:00:00", "id": "OPENVAS:1361412562310130094", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310130094", "title": "Mageia Linux Local Check: mgasa-2015-0284", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: mgasa-2015-0284.nasl 11692 2018-09-28 16:55:19Z cfischer $\n#\n# Mageia Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://www.solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.130094\");\n script_version(\"$Revision: 11692 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-15 10:42:37 +0300 (Thu, 15 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 18:55:19 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Mageia Linux Local Check: mgasa-2015-0284\");\n script_tag(name:\"insight\", value:\"Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird (CVE-2015-2724, CVE-2015-2734, CVE-2015-2735, CVE-2015-2736, CVE-2015-2737, CVE-2015-2738, CVE-2015-2739, CVE-2015-2740).\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://advisories.mageia.org/MGASA-2015-0284.html\");\n script_cve_id(\"CVE-2015-2724\", \"CVE-2015-2734\", \"CVE-2015-2735\", \"CVE-2015-2736\", \"CVE-2015-2737\", \"CVE-2015-2738\", \"CVE-2015-2739\", \"CVE-2015-2740\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mageia_linux\", \"ssh/login/release\", re:\"ssh/login/release=MAGEIA5\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Mageia Linux Local Security Checks mgasa-2015-0284\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Mageia Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"MAGEIA5\")\n{\nif ((res = isrpmvuln(pkg:\"thunderbird\", rpm:\"thunderbird~38.1.0~1.mga5\", rls:\"MAGEIA5\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"thunderbird-l10n\", rpm:\"thunderbird-l10n~38.1.0~1.mga5\", rls:\"MAGEIA5\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:48:58", "bulletinFamily": "scanner", "description": "Multiple security issues have been found\nin Iceweasel, Debian", "modified": "2018-04-06T00:00:00", "published": "2015-07-04T00:00:00", "id": "OPENVAS:1361412562310703300", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703300", "title": "Debian Security Advisory DSA 3300-1 (iceweasel - security update)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3300.nasl 9355 2018-04-06 07:16:07Z cfischer $\n# Auto-generated from advisory DSA 3300-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703300\");\n script_version(\"$Revision: 9355 $\");\n script_cve_id(\"CVE-2015-2724\", \"CVE-2015-2728\", \"CVE-2015-2731\", \"CVE-2015-2734\",\n \"CVE-2015-2735\", \"CVE-2015-2736\", \"CVE-2015-2737\", \"CVE-2015-2738\",\n \"CVE-2015-2739\", \"CVE-2015-2740\", \"CVE-2015-2743\", \"CVE-2015-4000\");\n script_name(\"Debian Security Advisory DSA 3300-1 (iceweasel - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2018-04-06 09:16:07 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name: \"creation_date\", value: \"2015-07-04 00:00:00 +0200 (Sat, 04 Jul 2015)\");\n script_tag(name: \"cvss_base\", value: \"10.0\");\n script_tag(name: \"cvss_base_vector\", value: \"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2015/dsa-3300.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"iceweasel on Debian Linux\");\n script_tag(name: \"insight\", value: \"Iceweasel is Firefox, rebranded. It is\na powerful, extensible web browser with support for modern web application\ntechnologies.\");\n script_tag(name: \"solution\", value: \"For the oldstable distribution (wheezy),\nthis problem has been fixed in version 31.8.0esr-1~deb7u1.\n\nFor the stable distribution (jessie), this problem has been fixed in\nversion 31.8.0esr-1~deb8u1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 38.1.0esr-1.\n\nWe recommend that you upgrade your iceweasel packages.\");\n script_tag(name: \"summary\", value: \"Multiple security issues have been found\nin Iceweasel, Debian's version of the Mozilla Firefox web browser: Multiple memory\nsafety errors, use-after-frees and other implementation errors may lead to the\nexecution of arbitrary code or denial of service. This update also\naddresses a vulnerability in DHE key processing commonly known as the LogJam \nvulnerability.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software\nversion using the apt package manager.\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"iceweasel\", ver:\"31.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-dbg\", ver:\"31.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-dev\", ver:\"31.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ach\", ver:\"31.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-af\", ver:\"31.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-all\", ver:\"31.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-an\", ver:\"31.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ar\", ver:\"31.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-as\", ver:\"31.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ast\", ver:\"31.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-be\", ver:\"31.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-bg\", ver:\"31.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-bn-bd\", ver:\"31.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-bn-in\", ver:\"31.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-br\", ver:\"31.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-bs\", ver:\"31.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ca\", ver:\"31.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-cs\", ver:\"31.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-csb\", ver:\"31.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-cy\", ver:\"31.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-da\", ver:\"31.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-de\", ver:\"31.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-el\", ver:\"31.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-en-gb\", ver:\"31.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-en-za\", ver:\"31.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-eo\", ver:\"31.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-es-ar\", ver:\"31.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-es-cl\", ver:\"31.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-es-es\", ver:\"31.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-es-mx\", ver:\"31.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-et\", ver:\"31.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-eu\", ver:\"31.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-fa\", ver:\"31.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ff\", ver:\"31.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-fi\", ver:\"31.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-fr\", ver:\"31.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-fy-nl\", ver:\"31.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ga-ie\", ver:\"31.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-gd\", ver:\"31.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-gl\", ver:\"31.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-gu-in\", ver:\"31.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-he\", ver:\"31.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-hi-in\", ver:\"31.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-hr\", ver:\"31.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-hsb\", ver:\"31.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-hu\", ver:\"31.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-hy-am\", ver:\"31.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-id\", ver:\"31.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-is\", ver:\"31.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-it\", ver:\"31.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ja\", ver:\"31.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-kk\", ver:\"31.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-km\", ver:\"31.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-kn\", ver:\"31.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ko\", ver:\"31.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ku\", ver:\"31.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-lij\", ver:\"31.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-lt\", ver:\"31.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-lv\", ver:\"31.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-mai\", ver:\"31.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-mk\", ver:\"31.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ml\", ver:\"31.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-mr\", ver:\"31.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ms\", ver:\"31.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-nb-no\", ver:\"31.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-nl\", ver:\"31.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-nn-no\", ver:\"31.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-or\", ver:\"31.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-pa-in\", ver:\"31.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-pl\", ver:\"31.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-pt-br\", ver:\"31.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-pt-pt\", ver:\"31.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-rm\", ver:\"31.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ro\", ver:\"31.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ru\", ver:\"31.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-si\", ver:\"31.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-sk\", ver:\"31.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-sl\", ver:\"31.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-son\", ver:\"31.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-sq\", ver:\"31.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-sr\", ver:\"31.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-sv-se\", ver:\"31.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ta\", ver:\"31.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-te\", ver:\"31.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-th\", ver:\"31.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-tr\", ver:\"31.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-uk\", ver:\"31.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-vi\", ver:\"31.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-xh\", ver:\"31.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-zh-cn\", ver:\"31.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-zh-tw\", ver:\"31.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-zu\", ver:\"31.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmozjs17d\", ver:\"31.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmozjs17d-dbg\", ver:\"31.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xulrunner-17.0\", ver:\"31.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xulrunner-17.0-dbg\", ver:\"31.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:52:50", "bulletinFamily": "scanner", "description": "Multiple security issues have been found\nin Iceweasel, Debian", "modified": "2017-07-07T00:00:00", "published": "2015-07-04T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=703300", "id": "OPENVAS:703300", "title": "Debian Security Advisory DSA 3300-1 (iceweasel - security update)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3300.nasl 6609 2017-07-07 12:05:59Z cfischer $\n# Auto-generated from advisory DSA 3300-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703300);\n script_version(\"$Revision: 6609 $\");\n script_cve_id(\"CVE-2015-2724\", \"CVE-2015-2728\", \"CVE-2015-2731\", \"CVE-2015-2734\",\n \"CVE-2015-2735\", \"CVE-2015-2736\", \"CVE-2015-2737\", \"CVE-2015-2738\",\n \"CVE-2015-2739\", \"CVE-2015-2740\", \"CVE-2015-2743\", \"CVE-2015-4000\");\n script_name(\"Debian Security Advisory DSA 3300-1 (iceweasel - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-07 14:05:59 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value: \"2015-07-04 00:00:00 +0200 (Sat, 04 Jul 2015)\");\n script_tag(name: \"cvss_base\", value: \"10.0\");\n script_tag(name: \"cvss_base_vector\", value: \"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2015/dsa-3300.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"iceweasel on Debian Linux\");\n script_tag(name: \"insight\", value: \"Iceweasel is Firefox, rebranded. It is\na powerful, extensible web browser with support for modern web application\ntechnologies.\");\n script_tag(name: \"solution\", value: \"For the oldstable distribution (wheezy),\nthis problem has been fixed in version 31.8.0esr-1~deb7u1.\n\nFor the stable distribution (jessie), this problem has been fixed in\nversion 31.8.0esr-1~deb8u1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 38.1.0esr-1.\n\nWe recommend that you upgrade your iceweasel packages.\");\n script_tag(name: \"summary\", value: \"Multiple security issues have been found\nin Iceweasel, Debian's version of the Mozilla Firefox web browser: Multiple memory\nsafety errors, use-after-frees and other implementation errors may lead to the\nexecution of arbitrary code or denial of service. This update also\naddresses a vulnerability in DHE key processing commonly known as the LogJam \nvulnerability.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software\nversion using the apt package manager.\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"iceweasel\", ver:\"31.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-dbg\", ver:\"31.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-dev\", ver:\"31.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ach\", ver:\"31.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-af\", ver:\"31.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-all\", ver:\"31.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-an\", ver:\"31.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ar\", ver:\"31.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-as\", ver:\"31.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ast\", ver:\"31.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-be\", ver:\"31.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-bg\", ver:\"31.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-bn-bd\", ver:\"31.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-bn-in\", ver:\"31.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-br\", ver:\"31.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-bs\", ver:\"31.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ca\", ver:\"31.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-cs\", ver:\"31.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-csb\", ver:\"31.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-cy\", ver:\"31.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-da\", ver:\"31.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-de\", ver:\"31.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-el\", ver:\"31.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-en-gb\", ver:\"31.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-en-za\", ver:\"31.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-eo\", ver:\"31.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-es-ar\", ver:\"31.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-es-cl\", ver:\"31.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-es-es\", ver:\"31.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-es-mx\", ver:\"31.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-et\", ver:\"31.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-eu\", ver:\"31.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-fa\", ver:\"31.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ff\", ver:\"31.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-fi\", ver:\"31.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-fr\", ver:\"31.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-fy-nl\", ver:\"31.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ga-ie\", ver:\"31.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-gd\", ver:\"31.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-gl\", ver:\"31.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-gu-in\", ver:\"31.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-he\", ver:\"31.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-hi-in\", ver:\"31.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-hr\", ver:\"31.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-hsb\", ver:\"31.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-hu\", ver:\"31.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-hy-am\", ver:\"31.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-id\", ver:\"31.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-is\", ver:\"31.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-it\", ver:\"31.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ja\", ver:\"31.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-kk\", ver:\"31.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-km\", ver:\"31.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-kn\", ver:\"31.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ko\", ver:\"31.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ku\", ver:\"31.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-lij\", ver:\"31.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-lt\", ver:\"31.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-lv\", ver:\"31.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-mai\", ver:\"31.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-mk\", ver:\"31.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ml\", ver:\"31.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-mr\", ver:\"31.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ms\", ver:\"31.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-nb-no\", ver:\"31.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-nl\", ver:\"31.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-nn-no\", ver:\"31.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-or\", ver:\"31.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-pa-in\", ver:\"31.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-pl\", ver:\"31.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-pt-br\", ver:\"31.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-pt-pt\", ver:\"31.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-rm\", ver:\"31.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ro\", ver:\"31.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ru\", ver:\"31.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-si\", ver:\"31.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-sk\", ver:\"31.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-sl\", ver:\"31.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-son\", ver:\"31.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-sq\", ver:\"31.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-sr\", ver:\"31.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-sv-se\", ver:\"31.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ta\", ver:\"31.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-te\", ver:\"31.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-th\", ver:\"31.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-tr\", ver:\"31.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-uk\", ver:\"31.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-vi\", ver:\"31.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-xh\", ver:\"31.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-zh-cn\", ver:\"31.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-zh-tw\", ver:\"31.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-zu\", ver:\"31.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmozjs17d\", ver:\"31.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmozjs17d-dbg\", ver:\"31.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xulrunner-17.0\", ver:\"31.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xulrunner-17.0-dbg\", ver:\"31.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "centos": [{"lastseen": "2017-10-03T18:25:41", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2015:1455\n\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Thunderbird to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nThunderbird. (CVE-2015-2724, CVE-2015-2725, CVE-2015-2731, CVE-2015-2734,\nCVE-2015-2735, CVE-2015-2736, CVE-2015-2737, CVE-2015-2738, CVE-2015-2739,\nCVE-2015-2740)\n\nIt was found that Thunderbird skipped key-pinning checks when handling an\nerror that could be overridden by the user (for example an expired\ncertificate error). This flaw allowed a user to override a pinned\ncertificate, which is an action the user should not be able to perform.\n(CVE-2015-2741)\n\nNote: All of the above issues cannot be exploited by a specially crafted\nHTML mail message as JavaScript is disabled by default for mail messages.\nThey could be exploited another way in Thunderbird, for example, when\nviewing the full remote content of an RSS feed.\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Bob Clary, Christian Holler, Bobby Holley, Andrew\nMcCreight, Herre, Ronald Crane, and David Keeler as the original reporters\nof these issues.\n\nFor technical details regarding these flaws, refer to the Mozilla security\nadvisories for Thunderbird 31.8. You can find a link to the Mozilla\nadvisories in the References section of this erratum.\n\nAll Thunderbird users should upgrade to this updated package, which\ncontains Thunderbird version 31.8, which corrects these issues.\nAfter installing the update, Thunderbird must be restarted for the changes\nto take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2015-July/021250.html\nhttp://lists.centos.org/pipermail/centos-announce/2015-July/021251.html\nhttp://lists.centos.org/pipermail/centos-announce/2015-July/021252.html\n\n**Affected packages:**\nthunderbird\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2015-1455.html", "modified": "2015-07-21T00:50:09", "published": "2015-07-20T18:55:36", "href": "http://lists.centos.org/pipermail/centos-announce/2015-July/021250.html", "id": "CESA-2015:1455", "title": "thunderbird security update", "type": "centos", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-10-03T18:24:38", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2015:1207\n\n\nMozilla Firefox is an open source web browser. XULRunner provides the XUL\nRuntime environment for Mozilla Firefox.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nFirefox. (CVE-2015-2724, CVE-2015-2725, CVE-2015-2722, CVE-2015-2727,\nCVE-2015-2728, CVE-2015-2729, CVE-2015-2731, CVE-2015-2733, CVE-2015-2734,\nCVE-2015-2735, CVE-2015-2736, CVE-2015-2737, CVE-2015-2738, CVE-2015-2739,\nCVE-2015-2740)\n\nIt was found that Firefox skipped key-pinning checks when handling an error\nthat could be overridden by the user (for example an expired certificate\nerror). This flaw allowed a user to override a pinned certificate, which is\nan action the user should not be able to perform. (CVE-2015-2741)\n\nA flaw was discovered in Mozilla's PDF.js PDF file viewer. When combined\nwith another vulnerability, it could allow execution of arbitrary code with\nthe privileges of the user running Firefox. (CVE-2015-2743)\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Bob Clary, Christian Holler, Bobby Holley, Andrew\nMcCreight, Terrence Cole, Steve Fink, Mats Palmgren, Wes Kocher, Andreas\nPehrson, Jann Horn, Paul Bandha, Holger Fuhrmannek, Herre, Looben Yan,\nRonald Crane, and Jonas Jenwald as the original reporters of these issues.\n\nAll Firefox users should upgrade to these updated packages, which contain\nFirefox version 38.1 ESR, which corrects these issues. After installing the\nupdate, Firefox must be restarted for the changes to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2015-July/021232.html\nhttp://lists.centos.org/pipermail/centos-announce/2015-July/021233.html\nhttp://lists.centos.org/pipermail/centos-announce/2015-July/021234.html\n\n**Affected packages:**\nfirefox\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2015-1207.html", "modified": "2015-07-06T17:16:58", "published": "2015-07-06T14:50:33", "href": "http://lists.centos.org/pipermail/centos-announce/2015-July/021232.html", "id": "CESA-2015:1207", "title": "firefox security update", "type": "centos", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "archlinux": [{"lastseen": "2016-09-02T18:44:41", "bulletinFamily": "unix", "description": "- CVE-2015-2724, CVE-2015-2725, CVE-2015-2726 (Miscellaneous memory\nsafety hazards):\n\nMozilla developers and community identified and fixed several memory\nsafety bugs in the browser engine used in Firefox and other\nMozilla-based products. Some of these bugs showed evidence of memory\ncorruption under certain circumstances, and we presume that with enough\neffort at least some of these could be exploited to run arbitrary code.\nIn general these flaws cannot be exploited through email in the\nThunderbird product because scripting is disabled, but are potentially a\nrisk in browser or browser-like contexts.\n\n- CVE-2015-2731 (Use-after-free in Content Policy due to microtask\nexecution error):\n\nSecurity researcher Herre reported a use-after-free vulnerability when a\nContent Policy modifies the Document Object Model to remove a DOM\nobject, which is then used afterwards due to an error in microtask\nimplementation. This leads to an exploitable crash.\nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a\nrisk in browser or browser-like contexts.\n\n- CVE-2015-2734, CVE-2015-2735, CVE-2015-2736, CVE-2015-2737,\nCVE-2015-2738, CVE-2015-2739, CVE-2015-2740 (Vulnerabilities found\nthrough code inspection):\n\nSecurity researcher Ronald Crane reported seven vulnerabilities\naffecting released code that he found through code inspection. These\nincluded three uses of uninitialized memory, one poor validation leading\nto an exploitable crash, one read of unowned memory in zip files, and\ntwo buffer overflows. These do not all have clear mechanisms to be\nexploited through web content but are vulnerable if a mechanism can be\nfound to trigger them.\n\n- CVE-2015-2741 (Key pinning is ignored when overridable errors are\nencountered):\n\nMozilla security engineer David Keeler reported that when an overridable\nerror is encountered, such as those for expired certificates or a host\nname does not match a certificate, pinning checks can be be skipped.\nThis would allow for a user to override a pinned certificate when they\nshould not be able to do so. This issue does not allow for third parties\nto cause a certificate to be overridden and the user would still have to\nmanually do so.\nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a\nrisk in browser or browser-like contexts.", "modified": "2015-07-11T00:00:00", "published": "2015-07-11T00:00:00", "href": "https://lists.archlinux.org/pipermail/arch-security/2015-July/000363.html", "id": "ASA-201507-9", "title": "thunderbird: multiple issues", "type": "archlinux", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-02T18:44:42", "bulletinFamily": "unix", "description": "- CVE-2015-2722, CVE-2015-2733 (Use-after-free in workers while using\nXMLHttpRequest):\n\nSecurity researcher Looben Yan used the Address Sanitizer tool to\ndiscover two related use-after-free vulnerabilities that occur when\nusing XMLHttpRequest in concert with either shared or dedicated workers.\nThese errors occur when the XMLHttpRequest object is attached to a\nworker but that object is incorrectly deleted while still in use. This\nresults in exploitable crashes.\n\n- CVE-2015-2724, CVE-2015-2725, CVE-2015-2726 (Miscellaneous memory\nsafety hazards):\n\nMozilla developers and community identified and fixed several memory\nsafety bugs in the browser engine used in Firefox and other\nMozilla-based products. Some of these bugs showed evidence of memory\ncorruption under certain circumstances, and we presume that with enough\neffort at least some of these could be exploited to run arbitrary code.\n\n- CVE-2015-2727 (Local files or privileged URLs in pages can be opened\ninto new tabs):\n\nSecurity researcher Jann Horn reported that when Mozilla Foundation\nSecurity Advisory 2015-25 was fixed in Firefox 37, an error was made\nthat caused the fix to not be applied to Firefox 38, effectively causing\nthe bug to be unfixed in Firefox 38 (and Firefox ESR38) once it shipped.\nAs Armin Razmdjou reported for that issue, opening hyperlinks on a page\nwith the mouse and specific keyboard key combinations could allow a\nChrome privileged URL to be opened without context restrictions being\npreserved. This could allow for local files or resources from a known\nlocation to be opened with local privileges, bypassing security protections.\n\n- CVE-2015-2728 (Type confusion in Indexed Database Manager):\n\nSecurity researcher Paul Bandha reported a type confusion error where\npart of IDBDatabase is read by the Indexed Database Manager and\nincorrectly used as a pointer when it shouldn't be used as such. This\nleads to memory corruption and the possibility of an exploitable crash.\n\n- CVE-2015-2729 (Out-of-bound read while computing an oscillator\nrendering range in Web Audio):\n\nSecurity researcher Holger Fuhrmannek used the Address Sanitizer tool to\ndiscover an out-of-bound read while computing an oscillator rendering\nrange in Web Audio. This could allow an attacker to infer the contents\nof four bytes of memory.\n\n- CVE-2015-2731 (Use-after-free in Content Policy due to microtask\nexecution error):\n\nSecurity researcher Herre reported a use-after-free vulnerability when a\nContent Policy modifies the Document Object Model to remove a DOM\nobject, which is then used afterwards due to an error in microtask\nimplementation. This leads to an exploitable crash.\n\n- CVE-2015-2734, CVE-2015-2735, CVE-2015-2736, CVE-2015-2737,\nCVE-2015-2738, CVE-2015-2739, CVE-2015-2740 (Vulnerabilities found\nthrough code inspection):\n\nSecurity researcher Ronald Crane reported seven vulnerabilities\naffecting released code that he found through code inspection. These\nincluded three uses of uninitialized memory, one poor validation leading\nto an exploitable crash, one read of unowned memory in zip files, and\ntwo buffer overflows. These do not all have clear mechanisms to be\nexploited through web content but are vulnerable if a mechanism can be\nfound to trigger them.\n\n- CVE-2015-2741 (Key pinning is ignored when overridable errors are\nencountered):\n\nMozilla security engineer David Keeler reported that when an overridable\nerror is encountered, such as those for expired certificates or a host\nname does not match a certificate, pinning checks can be be skipped.\nThis would allow for a user to override a pinned certificate when they\nshould not be able to do so. This issue does not allow for third parties\nto cause a certificate to be overridden and the user would still have to\nmanually do so.\n\n- CVE-2015-2743 (Privilege escalation in PDF.js):\n\nMozilla community member Jonas Jenwald reported broken behavior in\nMozilla's PDF.js PDF file viewer which led to the discovery that\ninternal Workers were incorrectly executed with high privilege. If this\nflaw were combined with a separate vulnerability allowing for\nsame-origin policy violation, it could be used to run arbitrary code.", "modified": "2015-07-03T00:00:00", "published": "2015-07-03T00:00:00", "href": "https://lists.archlinux.org/pipermail/arch-security/2015-July/000356.html", "id": "ASA-201507-2", "title": "firefox: multiple issues", "type": "archlinux", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "mozilla": [{"lastseen": "2016-09-05T13:37:51", "bulletinFamily": "software", "description": "Security researcher Ronald Crane reported seven\nvulnerabilities affecting released code that he found through code inspection.\nThese included three uses of uninitialized memory, one poor validation\nleading to an exploitable crash, one read of unowned memory in zip files, and\ntwo buffer overflows. These do not all have clear mechanisms to be exploited\nthrough web content but are vulnerable if a mechanism can be found to trigger\nthem.", "modified": "2015-07-02T00:00:00", "published": "2015-07-02T00:00:00", "id": "MFSA2015-66", "href": "http://www.mozilla.org/en-US/security/advisories/mfsa2015-66/", "type": "mozilla", "title": "Vulnerabilities found through code inspection", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-05T13:37:42", "bulletinFamily": "software", "description": "Mozilla security engineer David Keeler reported that when an\noverridable error is encountered, such as those for expired certificates or a\nhost name does not match a certificate, pinning checks can be be skipped. This\nwould allow for a user to override a pinned certificate when they should not be\nable to do so. This issue does not allow for third parties to cause a\ncertificate to be overridden and the user would still have to manually do so.\n\nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.", "modified": "2015-07-02T00:00:00", "published": "2015-07-02T00:00:00", "id": "MFSA2015-67", "href": "http://www.mozilla.org/en-US/security/advisories/mfsa2015-67/", "type": "mozilla", "title": "Key pinning is ignored when overridable errors are encountered", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2016-09-05T13:37:49", "bulletinFamily": "software", "description": "Security researcher Herre reported a use-after-free\nvulnerability when a Content Policy modifies the Document Object Model to\nremove a DOM object, which is then used afterwards due to an error in microtask\nimplementation. This leads to an exploitable crash.\n\nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.", "modified": "2015-07-02T00:00:00", "published": "2015-07-02T00:00:00", "id": "MFSA2015-63", "href": "http://www.mozilla.org/en-US/security/advisories/mfsa2015-63/", "type": "mozilla", "title": "Use-after-free in Content Policy due to microtask execution error", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "debian": [{"lastseen": "2018-10-18T13:49:04", "bulletinFamily": "unix", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3300-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nJuly 04, 2015 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : iceweasel\nCVE ID : CVE-2015-2743 CVE-2015-4000 CVE-2015-2734 CVE-2015-2735\n CVE-2015-2736 CVE-2015-2737 CVE-2015-2738 CVE-2015-2739\n CVE-2015-2740 CVE-2015-2728 CVE-2015-2731 CVE-2015-2724\n\nMultiple security issues have been found in Iceweasel, Debian's version\nof the Mozilla Firefox web browser: Multiple memory safety errors,\nuse-after-frees and other implementation errors may lead to the\nexecution of arbitrary code or denial of service. This update also\naddresses a vulnerability in DHE key processing commonly known as\nthe "LogJam" vulnerability.\n\nFor the oldstable distribution (wheezy), this problem has been fixed\nin version 31.8.0esr-1~deb7u1.\n\nFor the stable distribution (jessie), this problem has been fixed in\nversion 31.8.0esr-1~deb8u1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 38.1.0esr-1.\n\nWe recommend that you upgrade your iceweasel packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "modified": "2015-07-03T22:06:38", "published": "2015-07-03T22:06:38", "id": "DEBIAN:DSA-3300-1:1F74C", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2015/msg00196.html", "title": "[SECURITY] [DSA 3300-1] iceweasel security update", "type": "debian", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-10-16T22:13:38", "bulletinFamily": "unix", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3324-1 security@debian.org\nhttps://www.debian.org/security/ Alessandro Ghedini\nAugust 01, 2015 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : icedove\nCVE ID : CVE-2015-2721 CVE-2015-2724 CVE-2015-2734 CVE-2015-2735 \n CVE-2015-2736 CVE-2015-2737 CVE-2015-2738 CVE-2015-2739 \n CVE-2015-2740 CVE-2015-4000\n\nMultiple security issues have been found in Icedove, Debian's version\nof the Mozilla Thunderbird mail client: multiple memory safety errors,\nuse-after-frees and other implementation errors may lead to the\nexecution of arbitrary code or denial of service. This update also\naddresses a vulnerability in DHE key processing commonly known as\nthe "LogJam" vulnerability.\n\nFor the oldstable distribution (wheezy), these problems have been fixed\nin version 31.8.0-1~deb7u1.\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 31.8.0-1~deb8u1.\n\nFor the unstable distribution (sid), these problems will be fixed\nshortly.\n\nWe recommend that you upgrade your icedove packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "modified": "2015-08-01T17:10:07", "published": "2015-08-01T17:10:07", "id": "DEBIAN:DSA-3324-1:377E6", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2015/msg00220.html", "title": "[SECURITY] [DSA 3324-1] icedove security update", "type": "debian", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "ubuntu": [{"lastseen": "2018-08-31T00:08:49", "bulletinFamily": "unix", "description": "Karthikeyan Bhargavan discovered that NSS incorrectly handled state transitions for the TLS state machine. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to skip the ServerKeyExchange message and remove the forward-secrecy property. (CVE-2015-2721)\n\nBob Clary, Christian Holler, Bobby Holley, and Andrew McCreight discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2015-2724)\n\nRonald Crane discovered multiple security vulnerabilities. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2015-2734, CVE-2015-2735, CVE-2015-2736, CVE-2015-2737, CVE-2015-2738, CVE-2015-2739, CVE-2015-2740)\n\nMatthew Green discovered a DHE key processing issue in NSS where a MITM could force a server to downgrade TLS connections to 512-bit export-grade cryptography. An attacker could potentially exploit this to impersonate the server. (CVE-2015-4000)", "modified": "2015-07-20T00:00:00", "published": "2015-07-20T00:00:00", "id": "USN-2673-1", "href": "https://usn.ubuntu.com/2673-1/", "title": "Thunderbird vulnerabilities", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T00:09:09", "bulletinFamily": "unix", "description": "USN-2656-1 fixed vulnerabilities in Firefox for Ubuntu 14.04 LTS and later releases.\n\nThis update provides the corresponding update for Ubuntu 12.04 LTS.\n\nOriginal advisory details:\n\nKarthikeyan Bhargavan discovered that NSS incorrectly handled state transitions for the TLS state machine. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to skip the ServerKeyExchange message and remove the forward-secrecy property. (CVE-2015-2721)\n\nLooben Yan discovered 2 use-after-free issues when using XMLHttpRequest in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-2722, CVE-2015-2733)\n\nBob Clary, Christian Holler, Bobby Holley, Andrew McCreight, Terrence Cole, Steve Fink, Mats Palmgren, Wes Kocher, Andreas Pehrson, Tooru Fujisawa, Andrew Sutherland, and Gary Kwong discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-2724, CVE-2015-2725, CVE-2015-2726)\n\nArmin Razmdjou discovered that opening hyperlinks with specific mouse and key combinations could allow a Chrome privileged URL to be opened without context restrictions being preserved. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass security restrictions. (CVE-2015-2727)\n\nPaul Bandha discovered a type confusion bug in the Indexed DB Manager. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the priviliges of the user invoking Firefox. (CVE-2015-2728)\n\nHolger Fuhrmannek discovered an out-of-bounds read in Web Audio. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to obtain sensitive information. (CVE-2015-2729)\n\nWatson Ladd discovered that NSS incorrectly handled Elliptical Curve Cryptography (ECC) multiplication. A remote attacker could possibly use this issue to spoof ECDSA signatures. (CVE-2015-2730)\n\nA use-after-free was discovered when a Content Policy modifies the DOM to remove a DOM object. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the priviliges of the user invoking Firefox. (CVE-2015-2731)\n\nRonald Crane discovered multiple security vulnerabilities. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-2734, CVE-2015-2735, CVE-2015-2736, CVE-2015-2737, CVE-2015-2738, CVE-2015-2739, CVE-2015-2740)\n\nDavid Keeler discovered that key pinning checks can be skipped when an overridable certificate error occurs. This allows a user to manually override an error for a fake certificate, but cannot be exploited on its own. (CVE-2015-2741)\n\nJonas Jenwald discovered that some internal workers were incorrectly executed with a high privilege. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this in combination with another security vulnerability, to execute arbitrary code in a privileged scope. (CVE-2015-2743)\n\nMatthew Green discovered a DHE key processing issue in NSS where a MITM could force a server to downgrade TLS connections to 512-bit export-grade cryptography. An attacker could potentially exploit this to impersonate the server. (CVE-2015-4000)", "modified": "2015-07-15T00:00:00", "published": "2015-07-15T00:00:00", "id": "USN-2656-2", "href": "https://usn.ubuntu.com/2656-2/", "title": "Firefox vulnerabilities", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T00:09:41", "bulletinFamily": "unix", "description": "Karthikeyan Bhargavan discovered that NSS incorrectly handled state transitions for the TLS state machine. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to skip the ServerKeyExchange message and remove the forward-secrecy property. (CVE-2015-2721)\n\nLooben Yan discovered 2 use-after-free issues when using XMLHttpRequest in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-2722, CVE-2015-2733)\n\nBob Clary, Christian Holler, Bobby Holley, Andrew McCreight, Terrence Cole, Steve Fink, Mats Palmgren, Wes Kocher, Andreas Pehrson, Tooru Fujisawa, Andrew Sutherland, and Gary Kwong discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-2724, CVE-2015-2725, CVE-2015-2726)\n\nArmin Razmdjou discovered that opening hyperlinks with specific mouse and key combinations could allow a Chrome privileged URL to be opened without context restrictions being preserved. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass security restrictions. (CVE-2015-2727)\n\nPaul Bandha discovered a type confusion bug in the Indexed DB Manager. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the priviliges of the user invoking Firefox. (CVE-2015-2728)\n\nHolger Fuhrmannek discovered an out-of-bounds read in Web Audio. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to obtain sensitive information. (CVE-2015-2729)\n\nWatson Ladd discovered that NSS incorrectly handled Elliptical Curve Cryptography (ECC) multiplication. A remote attacker could possibly use this issue to spoof ECDSA signatures. (CVE-2015-2730)\n\nA use-after-free was discovered when a Content Policy modifies the DOM to remove a DOM object. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the priviliges of the user invoking Firefox. (CVE-2015-2731)\n\nRonald Crane discovered multiple security vulnerabilities. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-2734, CVE-2015-2735, CVE-2015-2736, CVE-2015-2737, CVE-2015-2738, CVE-2015-2739, CVE-2015-2740)\n\nDavid Keeler discovered that key pinning checks can be skipped when an overridable certificate error occurs. This allows a user to manually override an error for a fake certificate, but cannot be exploited on its own. (CVE-2015-2741)\n\nJonas Jenwald discovered that some internal workers were incorrectly executed with a high privilege. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this in combination with another security vulnerability, to execute arbitrary code in a privileged scope. (CVE-2015-2743)\n\nMatthew Green discovered a DHE key processing issue in NSS where a MITM could force a server to downgrade TLS connections to 512-bit export-grade cryptography. An attacker could potentially exploit this to impersonate the server. (CVE-2015-4000)", "modified": "2015-07-09T00:00:00", "published": "2015-07-09T00:00:00", "id": "USN-2656-1", "href": "https://usn.ubuntu.com/2656-1/", "title": "Firefox vulnerabilities", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "suse": [{"lastseen": "2016-09-04T12:13:39", "bulletinFamily": "unix", "description": "MozillaFirefox was updated to version 39.0 to fix 21 security issues.\n\n These security issues were fixed:\n - CVE-2015-2724/CVE-2015-2725/CVE-2015-2726: Miscellaneous memory safety\n hazards (bsc#935979).\n - CVE-2015-2727: Local files or privileged URLs in pages can be opened\n into new tabs (bsc#935979).\n - CVE-2015-2728: Type confusion in Indexed Database Manager (bsc#935979).\n - CVE-2015-2729: Out-of-bound read while computing an oscillator rendering\n range in Web Audio (bsc#935979).\n - CVE-2015-2731: Use-after-free in Content Policy due to microtask\n execution error (bsc#935979).\n - CVE-2015-2730: ECDSA signature validation fails to handle some\n signatures correctly (bsc#935979).\n - CVE-2015-2722/CVE-2015-2733: Use-after-free in workers while using\n XMLHttpRequest (bsc#935979).\n -\n CVE-2015-2734/CVE-2015-2735/CVE-2015-2736/CVE-2015-2737/CVE-2015-2738/CVE-2\n 015-2739/CVE-2015-2740: Vulnerabilities found through code inspection\n (bsc#935979).\n - CVE-2015-2741: Key pinning is ignored when overridable errors are\n encountered (bsc#935979).\n - CVE-2015-2743: Privilege escalation in PDF.js (bsc#935979).\n - CVE-2015-4000: NSS accepts export-length DHE keys with regular DHE\n cipher suites (bsc#935979).\n - CVE-2015-2721: NSS incorrectly permits skipping of ServerKeyExchange\n (bsc#935979).\n\n New features:\n - Share Hello URLs with social networks\n - Support for 'switch' role in ARIA 1.1 (web accessibility)\n - SafeBrowsing malware detection lookups enabled for downloads (Mac OS X\n and Linux)\n - Support for new Unicode 8.0 skin tone emoji\n - Removed support for insecure SSLv3 for network communications\n - Disable use of RC4 except for temporarily whitelisted hosts\n - NPAPI Plug-in performance improved via asynchronous initialization\n\n mozilla-nss was updated to version 3.19.2 to fix some of the security\n issues listed above.\n\n", "modified": "2015-07-13T11:07:56", "published": "2015-07-13T11:07:56", "id": "OPENSUSE-SU-2015:1229-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00025.html", "title": "Security update for MozillaFirefox, mozilla-nss (important)", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:03:49", "bulletinFamily": "unix", "description": "MozillaFirefox, mozilla-nspr and mozilla-nss were updated to fix 17\n security issues.\n\n For more details please check the changelogs.\n\n These security issues were fixed:\n - CVE-2015-2724/CVE-2015-2725/CVE-2015-2726: Miscellaneous memory safety\n hazards (bsc#935979).\n - CVE-2015-2728: Type confusion in Indexed Database Manager (bsc#935979).\n - CVE-2015-2730: ECDSA signature validation fails to handle some\n signatures correctly (bsc#935979).\n - CVE-2015-2722/CVE-2015-2733: Use-after-free in workers while using\n XMLHttpRequest (bsc#935979).\n -\n CVE-2015-2734/CVE-2015-2735/CVE-2015-2736/CVE-2015-2737/CVE-2015-2738/CVE-2\n 015-2739/CVE-2015-2740: Vulnerabilities found through code inspection\n (bsc#935979).\n - CVE-2015-2743: Privilege escalation in PDF.js (bsc#935979).\n - CVE-2015-4000: NSS accepts export-length DHE keys with regular DHE\n cipher suites (bsc#935033).\n - CVE-2015-2721: NSS incorrectly permits skipping of ServerKeyExchange\n (bsc#935979).\n\n This non-security issue was fixed:\n - bsc#908275: Firefox did not print in landscape orientation.\n\n", "modified": "2015-07-20T12:09:44", "published": "2015-07-20T12:09:44", "id": "SUSE-SU-2015:1268-2", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00035.html", "title": "Security update for MozillaFirefox, mozilla-nspr, mozilla-nss (important)", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:20:21", "bulletinFamily": "unix", "description": "MozillaFirefox, mozilla-nspr and mozilla-nss were updated to fix 17\n security issues.\n\n For more details please check the changelogs.\n\n These security issues were fixed:\n - CVE-2015-2724/CVE-2015-2725/CVE-2015-2726: Miscellaneous memory safety\n hazards (bsc#935979).\n - CVE-2015-2728: Type confusion in Indexed Database Manager (bsc#935979).\n - CVE-2015-2730: ECDSA signature validation fails to handle some\n signatures correctly (bsc#935979).\n - CVE-2015-2722/CVE-2015-2733: Use-after-free in workers while using\n XMLHttpRequest (bsc#935979).\n -\n CVE-2015-2734/CVE-2015-2735/CVE-2015-2736/CVE-2015-2737/CVE-2015-2738/CVE-2\n 015-2739/CVE-2015-2740: Vulnerabilities found through code inspection\n (bsc#935979).\n - CVE-2015-2743: Privilege escalation in PDF.js (bsc#935979).\n - CVE-2015-4000: NSS accepts export-length DHE keys with regular DHE\n cipher suites (bsc#935033).\n - CVE-2015-2721: NSS incorrectly permits skipping of ServerKeyExchange\n (bsc#935979).\n\n This non-security issue was fixed:\n - bsc#908275: Firefox did not print in landscape orientation.\n\n", "modified": "2015-07-20T11:08:17", "published": "2015-07-20T11:08:17", "id": "SUSE-SU-2015:1268-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00033.html", "type": "suse", "title": "Security update for MozillaFirefox, mozilla-nspr, mozilla-nss (important)", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:23:40", "bulletinFamily": "unix", "description": "MozillaFirefox, mozilla-nspr and mozilla-nss were updated to fix 17\n security issues.\n\n For more details please check the changelogs.\n - CVE-2015-2724/CVE-2015-2725/CVE-2015-2726: Miscellaneous memory safety\n hazards (bsc#935979).\n - CVE-2015-2728: Type confusion in Indexed Database Manager (bsc#935979).\n - CVE-2015-2730: ECDSA signature validation fails to handle some\n signatures correctly (bsc#935979).\n - CVE-2015-2722/CVE-2015-2733: Use-after-free in workers while using\n XMLHttpRequest (bsc#935979).\n -\n CVE-2015-2734/CVE-2015-2735/CVE-2015-2736/CVE-2015-2737/CVE-2015-2738/CVE-2\n 015-2739/CVE-2015-2740: Vulnerabilities found through code inspection\n (bsc#935979).\n - CVE-2015-2743: Privilege escalation in PDF.js (bsc#935979).\n - CVE-2015-4000: NSS accepts export-length DHE keys with regular DHE\n cipher suites (bsc#935033).\n - CVE-2015-2721: NSS incorrectly permits skipping of ServerKeyExchange\n (bsc#935979).\n\n", "modified": "2015-07-20T12:08:39", "published": "2015-07-20T12:08:39", "id": "SUSE-SU-2015:1269-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00034.html", "type": "suse", "title": "Security update for MozillaFirefox, mozilla-nspr, mozilla-nss (important)", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:38:48", "bulletinFamily": "unix", "description": "Mozilla Firefox is being updated to the current Firefox 38ESR branch\n (specifically the 38.2.0ESR release).\n\n Security issues fixed:\n - MFSA 2015-78 / CVE-2015-4495: Same origin violation and local file\n stealing via PDF reader\n - MFSA 2015-79 / CVE-2015-4473/CVE-2015-4474: Miscellaneous memory safety\n hazards (rv:40.0 / rv:38.2)\n - MFSA 2015-80 / CVE-2015-4475: Out-of-bounds read with malformed MP3 file\n - MFSA 2015-82 / CVE-2015-4478: Redefinition of non-configurable\n JavaScript object properties\n - MFSA 2015-83 / CVE-2015-4479: Overflow issues in libstagefright\n - MFSA 2015-87 / CVE-2015-4484: Crash when using shared memory in\n JavaScript\n - MFSA 2015-88 / CVE-2015-4491: Heap overflow in gdk-pixbuf when scaling\n bitmap images\n - MFSA 2015-89 / CVE-2015-4485/CVE-2015-4486: Buffer overflows on Libvpx\n when decoding WebM video\n - MFSA 2015-90 / CVE-2015-4487/CVE-2015-4488/CVE-2015-4489:\n Vulnerabilities found through code inspection\n - MFSA 2015-92 / CVE-2015-4492: Use-after-free in XMLHttpRequest with\n shared workers\n\n The following vulnerabilities were fixed in ESR31 and are also included\n here:\n - CVE-2015-2724/CVE-2015-2725/CVE-2015-2726: Miscellaneous memory safety\n hazards (bsc#935979).\n - CVE-2015-2728: Type confusion in Indexed Database Manager (bsc#935979).\n - CVE-2015-2730: ECDSA signature validation fails to handle some\n signatures correctly (bsc#935979).\n - CVE-2015-2722/CVE-2015-2733: Use-after-free in workers while using\n XMLHttpRequest (bsc#935979).\n -\n CVE-2015-2734/CVE-2015-2735/CVE-2015-2736/CVE-2015-2737/CVE-2015-2738/CVE-2\n 015-2739/CVE-2015-2740: Vulnerabilities found through code inspection\n (bsc#935979).\n - CVE-2015-2743: Privilege escalation in PDF.js (bsc#935979).\n - CVE-2015-4000: NSS accepts export-length DHE keys with regular DHE\n cipher suites (bsc#935033).\n - CVE-2015-2721: NSS incorrectly permits skipping of ServerKeyExchange\n (bsc#935979).\n\n This update also contains a lot of feature improvements and bug fixes from\n 31ESR to 38ESR.\n\n Also the Mozilla NSS library switched its CKBI API from 1.98 to 2.4, which\n is what Firefox 38ESR uses.\n\n Mozilla Firefox and mozilla-nss were updated to fix 17 security issues.\n\n", "modified": "2015-08-28T16:10:19", "published": "2015-08-28T16:10:19", "id": "SUSE-SU-2015:1449-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html", "title": "Security update for MozillaFirefox, mozilla-nss (important)", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:57:23", "bulletinFamily": "unix", "description": "Combined Mozilla update:\n - Update Firefox to 31.8.0\n - Update Thunderbird to 31.8.0\n - Update mozilla-nspr to 4.10.6\n - Update mozilla-nss to 3.19.2 to fix several security issues.\n\n", "modified": "2015-07-18T19:07:56", "published": "2015-07-18T19:07:56", "id": "OPENSUSE-SU-2015:1266-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html", "type": "suse", "title": "Mozilla (Firefox/Thunderbird) updates to 31.8.0 (important)", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "oraclelinux": [{"lastseen": "2018-08-31T01:45:03", "bulletinFamily": "unix", "description": "[38.1.0-1.0.1.el7_1]\n- Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file\n[38.1.0-1]\n- Update to 38.1.0 ESR\n[38.0.1-2]\n- Fixed rhbz#1222807 by removing preun section", "modified": "2015-07-03T00:00:00", "published": "2015-07-03T00:00:00", "id": "ELSA-2015-1207", "href": "http://linux.oracle.com/errata/ELSA-2015-1207.html", "title": "firefox security update", "type": "oraclelinux", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "kaspersky": [{"lastseen": "2019-02-19T17:02:35", "bulletinFamily": "info", "description": "### *Detect date*:\n07/02/2015\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple serious vulnerabilities have been found in Mozilla products. Malicious users can exploit these vulnerabilities to bypass security restrictions, cause denial of service, execute arbitrary code or obtain sensitive information.\n\n### *Affected products*:\nMozilla Firefox versions earlier than 39 \nMozilla Firefox ESR versions earlier than 31.8 \nMozilla Firefox ESR versions earlier than 38.1 \nMozilla Thunderbird versions earlier than 38.1\n\n### *Solution*:\nUpdate to the latest version \n[Get Mozilla Thunderbird](<https://www.mozilla.org/en-US/thunderbird/>) \n[Get Mozilla Firefox ESR](<https://www.mozilla.org/en-US/firefox/organizations/faq/>) \n[Get Mozilla Firefox](<https://www.mozilla.org/en-US/firefox/new/>)\n\n### *Original advisories*:\n[Mozilla Foundation security Advisories](<https://www.mozilla.org/en-US/security/advisories/>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Mozilla Firefox](<https://threats.kaspersky.com/en/product/Mozilla-Firefox/>)\n\n### *CVE-IDS*:\n[CVE-2015-2731](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2731>) \n[CVE-2015-2734](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2734>) \n[CVE-2015-2742](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2742>) \n[CVE-2015-2739](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2739>) \n[CVE-2015-2738](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2738>) \n[CVE-2015-2735](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2735>) \n[CVE-2015-2743](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2743>) \n[CVE-2015-2721](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2721>) \n[CVE-2015-2730](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2730>) \n[CVE-2015-2740](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2740>) \n[CVE-2015-2741](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2741>) \n[CVE-2015-2728](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2728>) \n[CVE-2015-2727](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2727>) \n[CVE-2015-2725](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2725>) \n[CVE-2015-2726](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2726>) \n[CVE-2015-2733](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2733>) \n[CVE-2015-2724](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2724>) \n[CVE-2015-2729](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2729>) \n[CVE-2015-2722](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2722>) \n[CVE-2015-2737](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2737>) \n[CVE-2015-2736](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2736>)", "modified": "2019-02-15T00:00:00", "published": "2015-07-02T00:00:00", "id": "KLA10622", "href": "https://threats.kaspersky.com/en/vulnerability/KLA10622", "title": "\r KLA10622Multiple vulnerabilities in Mozilla products ", "type": "kaspersky", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "cve": [{"lastseen": "2017-04-18T15:56:32", "bulletinFamily": "NVD", "description": "Buffer overflow in the nsXMLHttpRequest::AppendToResponseText function in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 might allow remote attackers to cause a denial of service or have unspecified other impact via unknown vectors.", "modified": "2016-12-27T21:59:09", "published": "2015-07-05T22:01:08", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2740", "id": "CVE-2015-2740", "title": "CVE-2015-2740", "type": "cve", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-11-01T05:15:03", "bulletinFamily": "NVD", "description": "The YCbCrImageDataDeserializer::ToDataSourceSurface function in the YCbCr implementation in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 reads data from uninitialized memory locations, which has unspecified impact and attack vectors.", "modified": "2018-10-30T12:27:37", "published": "2015-07-05T22:01:07", "id": "CVE-2015-2738", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2738", "title": "CVE-2015-2738", "type": "cve", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-04-18T15:56:31", "bulletinFamily": "NVD", "description": "nsZipArchive.cpp in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 accesses unintended memory locations, which allows remote attackers to have an unspecified impact via a crafted ZIP archive.", "modified": "2016-12-27T21:59:09", "published": "2015-07-05T22:01:04", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2735", "id": "CVE-2015-2735", "title": "CVE-2015-2735", "type": "cve", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-11-01T05:15:03", "bulletinFamily": "NVD", "description": "The rx::d3d11::SetBufferData function in the Direct3D 11 implementation in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 reads data from uninitialized memory locations, which has unspecified impact and attack vectors.", "modified": "2018-10-30T12:27:37", "published": "2015-07-05T22:01:06", "id": "CVE-2015-2737", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2737", "title": "CVE-2015-2737", "type": "cve", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-04-18T15:56:31", "bulletinFamily": "NVD", "description": "Use-after-free vulnerability in the CSPService::ShouldLoad function in the microtask implementation in Mozilla Firefox before 39.0, Firefox ESR 38.x before 38.1, and Thunderbird before 38.1 allows remote attackers to execute arbitrary code by leveraging client-side JavaScript that triggers removal of a DOM object on the basis of a Content Policy.", "modified": "2016-12-27T21:59:08", "published": "2015-07-05T22:01:02", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2731", "id": "CVE-2015-2731", "title": "CVE-2015-2731", "type": "cve", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-04-18T15:56:32", "bulletinFamily": "NVD", "description": "Mozilla Firefox before 39.0, Firefox ESR 38.x before 38.1, and Thunderbird before 38.1 do not enforce key pinning upon encountering an X.509 certificate problem that generates a user dialog, which allows user-assisted man-in-the-middle attackers to bypass intended access restrictions by triggering a (1) expired certificate or (2) mismatched hostname for a domain with pinning enabled.", "modified": "2016-12-27T21:59:09", "published": "2015-07-05T22:01:09", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2741", "id": "CVE-2015-2741", "title": "CVE-2015-2741", "type": "cve", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-04-18T15:56:32", "bulletinFamily": "NVD", "description": "The nsZipArchive::BuildFileList function in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 accesses unintended memory locations, which allows remote attackers to have an unspecified impact via a crafted ZIP archive.", "modified": "2016-12-27T21:59:09", "published": "2015-07-05T22:01:05", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2736", "id": "CVE-2015-2736", "title": "CVE-2015-2736", "type": "cve", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-04-18T15:56:31", "bulletinFamily": "NVD", "description": "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.", "modified": "2016-12-27T21:59:08", "published": "2015-07-05T22:00:55", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2724", "id": "CVE-2015-2724", "title": "CVE-2015-2724", "type": "cve", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-04-18T15:56:31", "bulletinFamily": "NVD", "description": "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 39.0, Firefox ESR 38.x before 38.1, and Thunderbird before 38.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.", "modified": "2016-12-27T21:59:08", "published": "2015-07-05T22:00:56", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2725", "id": "CVE-2015-2725", "title": "CVE-2015-2725", "type": "cve", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-11-01T05:15:03", "bulletinFamily": "NVD", "description": "The CairoTextureClientD3D9::BorrowDrawTarget function in the Direct3D 9 implementation in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 reads data from uninitialized memory locations, which has unspecified impact and attack vectors.", "modified": "2018-10-30T12:27:37", "published": "2015-07-05T22:01:03", "id": "CVE-2015-2734", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2734", "title": "CVE-2015-2734", "type": "cve", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:01", "bulletinFamily": "software", "description": "Multiple NSS cryptography vulnerabilities, memory corruptions, restriction bypasses, information disclosure, privilege escalation.", "modified": "2015-07-13T00:00:00", "published": "2015-07-13T00:00:00", "id": "SECURITYVULNS:VULN:14573", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14573", "title": "Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "freebsd": [{"lastseen": "2018-08-31T01:14:37", "bulletinFamily": "unix", "description": "\nThe Mozilla Project reports:\n\nMFSA 2015-59 Miscellaneous memory safety hazards (rv:39.0\n\t / rv:31.8 / rv:38.1)\nMFSA 2015-60 Local files or privileged URLs in pages can\n\t be opened into new tabs\nMFSA 2015-61 Type confusion in Indexed Database\n\t Manager\nMFSA 2015-62 Out-of-bound read while computing an\n\t oscillator rendering range in Web Audio\nMFSA 2015-63 Use-after-free in Content Policy due to\n\t microtask execution error\nMFSA 2015-64 ECDSA signature validation fails to handle\n\t some signatures correctly\nMFSA 2015-65 Use-after-free in workers while using\n\t XMLHttpRequest\nMFSA 2015-66 Vulnerabilities found through code\n\t inspection\nMFSA 2015-67 Key pinning is ignored when overridable\n\t errors are encountered\nMFSA 2015-68 OS X crash reports may contain entered key\n\t press information\nMFSA 2015-69 Privilege escalation through internal\n\t workers\nMFSA 2015-70 NSS accepts export-length DHE keys with\n\t regular DHE cipher suites\nMFSA 2015-71 NSS incorrectly permits skipping of\n\t ServerKeyExchange\n\n", "modified": "2015-09-22T00:00:00", "published": "2015-07-02T00:00:00", "id": "44D9DAEE-940C-4179-86BB-6E3FFD617869", "href": "https://vuxml.freebsd.org/freebsd/44d9daee-940c-4179-86bb-6e3ffd617869.html", "title": "mozilla -- multiple vulnerabilities", "type": "freebsd", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:17", "bulletinFamily": "unix", "description": "### Background\n\nMozilla Firefox is an open-source web browser and Mozilla Thunderbird an open-source email client, both from the Mozilla Project. \n\n### Description\n\nMultiple vulnerabilities have been discovered in Mozilla Firefox and Mozilla Thunderbird. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could entice a user to view a specially crafted web page or email, possibly resulting in execution of arbitrary code or a Denial of Service condition. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Firefox users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/firefox-38.5.0\"\n \n\nAll Firefox-bin users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/firefox-bin-38.5.0\"\n \n\nAll Thunderbird users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=mail-client/thunderbird-38.5.0\"\n \n\nAll Thunderbird-bin users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=mail-client/thunderbird-bin-38.5.0\"", "modified": "2015-12-31T00:00:00", "published": "2015-12-30T00:00:00", "id": "GLSA-201512-10", "href": "https://security.gentoo.org/glsa/201512-10", "type": "gentoo", "title": "Mozilla Products: Multiple vulnerabilities", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}