{"id": "ELSA-2015-1682", "bulletinFamily": "unix", "title": "thunderbird security update", "description": "[38.2.0-4.0.1.el6_7]\n- Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js\n[38.2.0-4]\n- Update to 38.2.0\n[38.1.0-4]\n- Update to 38.1.0", "published": "2015-08-25T00:00:00", "modified": "2015-08-25T00:00:00", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "href": "http://linux.oracle.com/errata/ELSA-2015-1682.html", "reporter": "Oracle", "references": [], "cvelist": ["CVE-2015-4488", "CVE-2015-4489", "CVE-2015-4487", "CVE-2015-4473", "CVE-2015-4491"], "type": "oraclelinux", "lastseen": "2020-10-22T17:05:23", "edition": 5, "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "openvas", "idList": ["OPENVAS:1361412562310130054", "OPENVAS:1361412562310871438", "OPENVAS:1361412562310871425", "OPENVAS:1361412562310882264", "OPENVAS:1361412562310123019", "OPENVAS:1361412562310882260", "OPENVAS:1361412562310882262", "OPENVAS:1361412562310703333", "OPENVAS:703333", "OPENVAS:1361412562310842421"]}, {"type": "nessus", "idList": ["DEBIAN_DSA-3333.NASL", "CENTOS_RHSA-2015-1682.NASL", "REDHAT-RHSA-2015-1586.NASL", "ORACLELINUX_ELSA-2015-1682.NASL", "SL_20150825_THUNDERBIRD_ON_SL5_X.NASL", "SL_20150811_FIREFOX_ON_SL5_X.NASL", "SUSE_SU-2015-1528-1.NASL", "CENTOS_RHSA-2015-1586.NASL", "UBUNTU_USN-2712-1.NASL", "REDHAT-RHSA-2015-1682.NASL"]}, {"type": "redhat", "idList": ["RHSA-2015:1586", "RHSA-2015:1682"]}, {"type": "centos", "idList": ["CESA-2015:1586", "CESA-2015:1682", "CESA-2015:1694"]}, {"type": "ubuntu", "idList": ["USN-2702-1", "USN-2712-1", "USN-2722-1", "USN-2702-2", "USN-2702-3"]}, {"type": "cve", "idList": ["CVE-2015-4489", "CVE-2015-4491", "CVE-2015-4488", "CVE-2015-4473", "CVE-2015-4487"]}, {"type": "mozilla", "idList": ["MFSA2015-88", "MFSA2015-90"]}, {"type": "f5", "idList": ["F5:K76434343"]}, {"type": "debian", "idList": ["DEBIAN:DSA-3333-1:A97D1", "DEBIAN:DSA-3410-1:624AB", "DEBIAN:DSA-3337-1:F763C"]}, {"type": "oraclelinux", "idList": ["ELSA-2015-1694", "ELSA-2015-1586"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2018:2287-1", "OPENSUSE-SU-2015:1390-1", "SUSE-SU-2015:1528-1", "OPENSUSE-SU-2015:1389-1", "SUSE-SU-2015:1476-1"]}, {"type": "freebsd", "idList": ["C66A5632-708A-4727-8236-D65B2D5B2739"]}, {"type": "archlinux", "idList": ["ASA-201508-4"]}, {"type": "kaspersky", "idList": ["KLA10643"]}, {"type": "slackware", "idList": ["SSA-2015-244-01"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:32582"]}, {"type": "fedora", "idList": ["FEDORA:CB17960600CE", "FEDORA:6546F605DFD5", "FEDORA:D12326087B29", "FEDORA:003C0605DFF4"]}], "modified": "2020-10-22T17:05:23", "rev": 2}, "score": {"value": 8.3, "vector": "NONE", "modified": "2020-10-22T17:05:23", "rev": 2}, "vulnersScore": 8.3}, "affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "6", "arch": "x86_64", "operator": "lt", "packageFilename": "thunderbird-38.2.0-4.0.1.el6_7.x86_64.rpm", "packageName": "thunderbird", "packageVersion": "38.2.0-4.0.1.el6_7"}, {"OS": "Oracle Linux", "OSVersion": "5", "arch": "i386", "operator": "lt", "packageFilename": "thunderbird-38.2.0-4.0.1.el5_11.i386.rpm", "packageName": "thunderbird", "packageVersion": "38.2.0-4.0.1.el5_11"}, {"OS": "Oracle Linux", "OSVersion": "7", "arch": "x86_64", "operator": "lt", "packageFilename": "thunderbird-38.2.0-1.0.1.el7_1.x86_64.rpm", "packageName": "thunderbird", "packageVersion": "38.2.0-1.0.1.el7_1"}, {"OS": "Oracle Linux", "OSVersion": "5", "arch": "src", "operator": "lt", "packageFilename": "thunderbird-38.2.0-4.0.1.el5_11.src.rpm", "packageName": "thunderbird", "packageVersion": "38.2.0-4.0.1.el5_11"}, {"OS": "Oracle Linux", "OSVersion": "7", "arch": "src", "operator": "lt", "packageFilename": "thunderbird-38.2.0-1.0.1.el7_1.src.rpm", "packageName": "thunderbird", "packageVersion": "38.2.0-1.0.1.el7_1"}, {"OS": "Oracle Linux", "OSVersion": "6", "arch": "src", "operator": "lt", "packageFilename": "thunderbird-38.2.0-4.0.1.el6_7.src.rpm", "packageName": "thunderbird", "packageVersion": "38.2.0-4.0.1.el6_7"}, {"OS": "Oracle Linux", "OSVersion": "6", "arch": "src", "operator": "lt", "packageFilename": "thunderbird-38.2.0-4.0.1.el6_7.src.rpm", "packageName": "thunderbird", "packageVersion": "38.2.0-4.0.1.el6_7"}, {"OS": "Oracle Linux", "OSVersion": "6", "arch": "i686", "operator": "lt", "packageFilename": "thunderbird-38.2.0-4.0.1.el6_7.i686.rpm", "packageName": "thunderbird", "packageVersion": "38.2.0-4.0.1.el6_7"}], "scheme": null}

{"openvas": [{"lastseen": "2019-05-29T18:36:10", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-4488", "CVE-2015-4489", "CVE-2015-4487", "CVE-2015-4473", "CVE-2015-4491"], "description": "Oracle Linux Local Security Checks ELSA-2015-1682", "modified": "2018-09-28T00:00:00", "published": "2015-10-06T00:00:00", "id": "OPENVAS:1361412562310123019", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123019", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2015-1682", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2015-1682.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123019\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 09:46:43 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2015-1682\");\n script_tag(name:\"insight\", value:\"ELSA-2015-1682 - thunderbird security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2015-1682\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2015-1682.html\");\n script_cve_id(\"CVE-2015-4473\", \"CVE-2015-4487\", \"CVE-2015-4488\", \"CVE-2015-4489\", \"CVE-2015-4491\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux(7|5|6)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux7\")\n{\n if ((res = isrpmvuln(pkg:\"thunderbird\", rpm:\"thunderbird~38.2.0~1.0.1.el7_1\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"thunderbird\", rpm:\"thunderbird~38.2.0~4.0.1.el5_11\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"thunderbird\", rpm:\"thunderbird~38.2.0~4.0.1.el6_7\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:36:38", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-4488", "CVE-2015-4489", "CVE-2015-4487", "CVE-2015-4473", "CVE-2015-4491"], "description": "Check the version of thunderbird", "modified": "2019-03-08T00:00:00", "published": "2015-08-28T00:00:00", "id": "OPENVAS:1361412562310882262", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882262", "type": "openvas", "title": "CentOS Update for thunderbird CESA-2015:1682 centos5", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for thunderbird CESA-2015:1682 centos5\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882262\");\n script_version(\"$Revision: 14058 $\");\n script_cve_id(\"CVE-2015-4473\", \"CVE-2015-4487\", \"CVE-2015-4488\",\n \"CVE-2015-4489\", \"CVE-2015-4491\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-08-28 05:06:48 +0200 (Fri, 28 Aug 2015)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for thunderbird CESA-2015:1682 centos5\");\n script_tag(name:\"summary\", value:\"Check the version of thunderbird\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Thunderbird to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nThunderbird. (CVE-2015-4473, CVE-2015-4491, CVE-2015-4487, CVE-2015-4488,\nCVE-2015-4489)\n\nNote: All of the above issues cannot be exploited by a specially crafted\nHTML mail message because JavaScript is disabled by default for mail\nmessages. However, they could be exploited in other ways in Thunderbird\n(for example, by viewing the full remote content of an RSS feed).\n\nRed Hat would like to thank the Mozilla project for reporting these\nissues. Upstream acknowledges Gary Kwong, Christian Holler, Byron Campen,\nGustavo Grieco, and Ronald Crane as the original reporters of these issues.\n\nFor technical details regarding these flaws, refer to the Mozilla security\nadvisories for Thunderbird 38.2. You can find a link to the Mozilla\nadvisories in the References section of this erratum.\n\nAll Thunderbird users should upgrade to this updated package, which\ncontains Thunderbird version 38.2, which corrects these issues.\nAfter installing the update, Thunderbird must be restarted for the changes\nto take effect.\");\n script_tag(name:\"affected\", value:\"thunderbird on CentOS 5\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_xref(name:\"CESA\", value:\"2015:1682\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2015-August/021349.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"thunderbird\", rpm:\"thunderbird~38.2.0~4.el5.centos\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:36:58", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-4488", "CVE-2015-4489", "CVE-2015-4487", "CVE-2015-4473", "CVE-2015-4491"], "description": "Check the version of thunderbird", "modified": "2019-03-08T00:00:00", "published": "2015-08-28T00:00:00", "id": "OPENVAS:1361412562310882260", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882260", "type": "openvas", "title": "CentOS Update for thunderbird CESA-2015:1682 centos6", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for thunderbird CESA-2015:1682 centos6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882260\");\n script_version(\"$Revision: 14058 $\");\n script_cve_id(\"CVE-2015-4473\", \"CVE-2015-4487\", \"CVE-2015-4488\",\n \"CVE-2015-4489\", \"CVE-2015-4491\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-08-28 05:05:22 +0200 (Fri, 28 Aug 2015)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for thunderbird CESA-2015:1682 centos6\");\n script_tag(name:\"summary\", value:\"Check the version of thunderbird\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Thunderbird to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nThunderbird. (CVE-2015-4473, CVE-2015-4491, CVE-2015-4487, CVE-2015-4488,\nCVE-2015-4489)\n\nNote: All of the above issues cannot be exploited by a specially crafted\nHTML mail message because JavaScript is disabled by default for mail\nmessages. However, they could be exploited in other ways in Thunderbird\n(for example, by viewing the full remote content of an RSS feed).\n\nRed Hat would like to thank the Mozilla project for reporting these\nissues. Upstream acknowledges Gary Kwong, Christian Holler, Byron Campen,\nGustavo Grieco, and Ronald Crane as the original reporters of these issues.\n\nFor technical details regarding these flaws, refer to the Mozilla security\nadvisories for Thunderbird 38.2. You can find a link to the Mozilla\nadvisories in the References section of this erratum.\n\nAll Thunderbird users should upgrade to this updated package, which\ncontains Thunderbird version 38.2, which corrects these issues.\nAfter installing the update, Thunderbird must be restarted for the changes\nto take effect.\");\n script_tag(name:\"affected\", value:\"thunderbird on CentOS 6\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_xref(name:\"CESA\", value:\"2015:1682\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2015-August/021348.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS6\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"thunderbird\", rpm:\"thunderbird~38.2.0~4.el6.centos\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:36:53", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-4488", "CVE-2015-4489", "CVE-2015-4487", "CVE-2015-4473", "CVE-2015-4491"], "description": "The remote host is missing an update for the ", "modified": "2018-11-23T00:00:00", "published": "2015-08-26T00:00:00", "id": "OPENVAS:1361412562310871438", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871438", "type": "openvas", "title": "RedHat Update for thunderbird RHSA-2015:1682-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for thunderbird RHSA-2015:1682-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871438\");\n script_version(\"$Revision: 12497 $\");\n script_cve_id(\"CVE-2015-4473\", \"CVE-2015-4487\", \"CVE-2015-4488\",\n \"CVE-2015-4489\", \"CVE-2015-4491\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-08-26 09:18:00 +0200 (Wed, 26 Aug 2015)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for thunderbird RHSA-2015:1682-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'thunderbird'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Thunderbird to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nThunderbird. (CVE-2015-4473, CVE-2015-4491, CVE-2015-4487, CVE-2015-4488,\nCVE-2015-4489)\n\nNote: All of the above issues cannot be exploited by a specially crafted\nHTML mail message because JavaScript is disabled by default for mail\nmessages. However, they could be exploited in other ways in Thunderbird\n(for example, by viewing the full remote content of an RSS feed).\n\nRed Hat would like to thank the Mozilla project for reporting these\nissues. Upstream acknowledges Gary Kwong, Christian Holler, Byron Campen,\nGustavo Grieco, and Ronald Crane as the original reporters of these issues.\n\nFor technical details regarding these flaws, refer to the Mozilla security\nadvisories for Thunderbird 38.2. You can find a link to the Mozilla\nadvisories in the References section of this erratum.\n\nAll Thunderbird users should upgrade to this updated package, which\ncontains Thunderbird version 38.2, which corrects these issues.\nAfter installing the update, Thunderbird must be restarted for the changes\nto take effect.\");\n script_tag(name:\"affected\", value:\"thunderbird on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_xref(name:\"RHSA\", value:\"2015:1682-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2015-August/msg00061.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_6\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"thunderbird\", rpm:\"thunderbird~38.2.0~4.el6_7\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"thunderbird-debuginfo\", rpm:\"thunderbird-debuginfo~38.2.0~4.el6_7\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:58", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-4488", "CVE-2015-4489", "CVE-2015-4487", "CVE-2015-4473", "CVE-2015-4491"], "description": "Mageia Linux Local Security Checks mgasa-2015-0330", "modified": "2018-09-28T00:00:00", "published": "2015-10-15T00:00:00", "id": "OPENVAS:1361412562310130054", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310130054", "type": "openvas", "title": "Mageia Linux Local Check: mgasa-2015-0330", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: mgasa-2015-0330.nasl 11692 2018-09-28 16:55:19Z cfischer $\n#\n# Mageia Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://www.solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.130054\");\n script_version(\"$Revision: 11692 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-15 10:42:06 +0300 (Thu, 15 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 18:55:19 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Mageia Linux Local Check: mgasa-2015-0330\");\n script_tag(name:\"insight\", value:\"Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird (CVE-2015-4473, CVE-2015-4491, CVE-2015-4487, CVE-2015-4488, CVE-2015-4489).\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://advisories.mageia.org/MGASA-2015-0330.html\");\n script_cve_id(\"CVE-2015-4473\", \"CVE-2015-4487\", \"CVE-2015-4488\", \"CVE-2015-4489\", \"CVE-2015-4491\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mageia_linux\", \"ssh/login/release\", re:\"ssh/login/release=MAGEIA5\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Mageia Linux Local Security Checks mgasa-2015-0330\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Mageia Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"MAGEIA5\")\n{\nif ((res = isrpmvuln(pkg:\"thunderbird\", rpm:\"thunderbird~38.2.0~1.mga5\", rls:\"MAGEIA5\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"thunderbird-l10n\", rpm:\"thunderbird-l10n~38.2.0~1.mga5\", rls:\"MAGEIA5\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:36:17", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-4488", "CVE-2015-4489", "CVE-2015-4487", "CVE-2015-4473", "CVE-2015-4491"], "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2015-08-26T00:00:00", "id": "OPENVAS:1361412562310842421", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842421", "type": "openvas", "title": "Ubuntu Update for thunderbird USN-2712-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for thunderbird USN-2712-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842421\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-08-26 09:23:18 +0200 (Wed, 26 Aug 2015)\");\n script_cve_id(\"CVE-2015-4473\", \"CVE-2015-4487\", \"CVE-2015-4488\", \"CVE-2015-4489\",\n \"CVE-2015-4491\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for thunderbird USN-2712-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'thunderbird'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Gary Kwong, Christian Holler, and Byron\nCampen discovered multiple memory safety issues in Thunderbird. If a user were\ntricked in to opening a specially crafted message, an attacker could potentially\nexploit these to cause a denial of service via application crash, or execute\narbitrary code with the privileges of the user invoking Thunderbird.\n(CVE-2015-4473)\n\nRonald Crane reported 3 security issues. If a user were tricked in to\nopening a specially crafted message, an attacker could potentially\nexploit these, in combination with another security vulnerability, to\ncause a denial of service via application crash, or execute arbitrary\ncode with the privileges of the user invoking Thunderbird. (CVE-2015-4487,\nCVE-2015-4488, CVE-2015-4489)\n\nGustavo Grieco discovered a heap overflow in gdk-pixbuf. If a user were\ntricked in to opening a specially crafted message, an attacker could\npotentially exploit this to cause a denial of service via application\ncrash or execute arbitrary code with the privileges of the user invoking\nThunderbird. (CVE-2015-4491)\");\n script_tag(name:\"affected\", value:\"thunderbird on Ubuntu 14.04 LTS,\n Ubuntu 12.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_xref(name:\"USN\", value:\"2712-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2712-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|12\\.04 LTS)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"thunderbird\", ver:\"1:38.2.0+build1-0ubuntu0.14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"thunderbird\", ver:\"1:38.2.0+build1-0ubuntu0.12.04.2\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:36:04", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-4488", "CVE-2015-4489", "CVE-2015-4487", "CVE-2015-4473", "CVE-2015-4491"], "description": "Check the version of thunderbird", "modified": "2019-03-08T00:00:00", "published": "2015-08-28T00:00:00", "id": "OPENVAS:1361412562310882264", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882264", "type": "openvas", "title": "CentOS Update for thunderbird CESA-2015:1682 centos7", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for thunderbird CESA-2015:1682 centos7\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882264\");\n script_version(\"$Revision: 14058 $\");\n script_cve_id(\"CVE-2015-4473\", \"CVE-2015-4487\", \"CVE-2015-4488\",\n \"CVE-2015-4489\", \"CVE-2015-4491\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-08-28 05:07:16 +0200 (Fri, 28 Aug 2015)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for thunderbird CESA-2015:1682 centos7\");\n script_tag(name:\"summary\", value:\"Check the version of thunderbird\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Thunderbird to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nThunderbird. (CVE-2015-4473, CVE-2015-4491, CVE-2015-4487, CVE-2015-4488,\nCVE-2015-4489)\n\nNote: All of the above issues cannot be exploited by a specially crafted\nHTML mail message because JavaScript is disabled by default for mail\nmessages. However, they could be exploited in other ways in Thunderbird\n(for example, by viewing the full remote content of an RSS feed).\n\nRed Hat would like to thank the Mozilla project for reporting these\nissues. Upstream acknowledges Gary Kwong, Christian Holler, Byron Campen,\nGustavo Grieco, and Ronald Crane as the original reporters of these issues.\n\nFor technical details regarding these flaws, refer to the Mozilla security\nadvisories for Thunderbird 38.2. You can find a link to the Mozilla\nadvisories in the References section of this erratum.\n\nAll Thunderbird users should upgrade to this updated package, which\ncontains Thunderbird version 38.2, which corrects these issues.\nAfter installing the update, Thunderbird must be restarted for the changes\nto take effect.\");\n script_tag(name:\"affected\", value:\"thunderbird on CentOS 7\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_xref(name:\"CESA\", value:\"2015:1682\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2015-August/021347.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS7\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS7\")\n{\n\n if ((res = isrpmvuln(pkg:\"thunderbird\", rpm:\"thunderbird~38.2.0~1.el7.centos\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:36:23", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-4478", "CVE-2015-4488", "CVE-2015-4489", "CVE-2015-4480", "CVE-2015-4484", "CVE-2015-4479", "CVE-2015-4492", "CVE-2015-4493", "CVE-2015-4487", "CVE-2015-4473"], "description": "Multiple security issues have been found in Iceweasel, Debian", "modified": "2019-03-18T00:00:00", "published": "2015-08-12T00:00:00", "id": "OPENVAS:1361412562310703333", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703333", "type": "openvas", "title": "Debian Security Advisory DSA 3333-1 (iceweasel - security update)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3333.nasl 14278 2019-03-18 14:47:26Z cfischer $\n# Auto-generated from advisory DSA 3333-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703333\");\n script_version(\"$Revision: 14278 $\");\n script_cve_id(\"CVE-2015-4473\", \"CVE-2015-4478\", \"CVE-2015-4479\", \"CVE-2015-4480\",\n \"CVE-2015-4484\", \"CVE-2015-4487\", \"CVE-2015-4488\", \"CVE-2015-4489\",\n \"CVE-2015-4492\", \"CVE-2015-4493\");\n script_name(\"Debian Security Advisory DSA 3333-1 (iceweasel - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:47:26 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-08-12 00:00:00 +0200 (Wed, 12 Aug 2015)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2015/dsa-3333.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB(7|8)\");\n script_tag(name:\"affected\", value:\"iceweasel on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the oldstable distribution (wheezy), these problems have been fixed\nin version 38.2.0esr-1~deb7u1.\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 38.2.0esr-1~deb8u1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 38.2.0esr-1.\n\nWe recommend that you upgrade your iceweasel packages.\");\n script_tag(name:\"summary\", value:\"Multiple security issues have been found in Iceweasel, Debian's version\nof the Mozilla Firefox web browser: Multiple memory safety errors,\ninteger overflows, buffer overflows, use-after-frees and other\nimplementation errors may lead to the execution of arbitrary code,\nbypass of the same-origin policy or denial of service.\n\nDebian follows the extended support releases (ESR) of Firefox. Support\nfor the 31.x series has ended, so starting with this update we're now\nfollowing the 38.x releases.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"iceweasel\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-dbg\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-dev\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-ach\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-af\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-ak\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-all\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-an\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-ar\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-as\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-ast\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-az\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-be\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-bg\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-bn-bd\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-bn-in\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-br\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-bs\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-ca\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-cs\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-csb\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-cy\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-da\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-de\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-dsb\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-el\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-en-gb\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-en-za\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-eo\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-es-ar\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-es-cl\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-es-es\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-es-mx\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-et\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-eu\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-fa\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-ff\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-fi\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-fr\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-fy-nl\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-ga-ie\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-gd\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-gl\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-gu-in\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-he\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-hi-in\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-hr\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-hsb\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-hu\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-hy-am\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-id\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-is\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-it\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-ja\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-kk\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-km\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-kn\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-ko\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-ku\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-lg\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-lij\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-lt\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-lv\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-mai\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-mk\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-ml\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-mr\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-ms\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-nb-no\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-nl\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-nn-no\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-nso\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-or\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-pa-in\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-pl\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-pt-br\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-pt-pt\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-rm\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-ro\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-ru\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-si\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-sk\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-sl\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-son\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-sq\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-sr\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-sv-se\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-ta\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-ta-lk\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-te\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-th\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-tr\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-uk\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-uz\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-vi\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-xh\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-zh-cn\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-zh-tw\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-zu\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmozjs-dev\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmozjs17d\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmozjs17d-dbg\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"spidermonkey-bin\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"xulrunner-17.0\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"xulrunner-17.0-dbg\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"xulrunner-dev\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel\", ver:\"38.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-dbg\", ver:\"38.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-dev\", ver:\"38.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-ach\", ver:\"38.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-af\", ver:\"38.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-all\", ver:\"38.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-an\", ver:\"38.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-ar\", ver:\"38.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-as\", ver:\"38.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-ast\", ver:\"38.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-az\", ver:\"38.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-be\", ver:\"38.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-bg\", ver:\"38.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-bn-bd\", ver:\"38.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-bn-in\", ver:\"38.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-br\", ver:\"38.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-bs\", ver:\"38.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-ca\", ver:\"38.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-cs\", ver:\"38.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-cy\", ver:\"38.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-da\", ver:\"38.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-de\", ver:\"38.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-dsb\", ver:\"38.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-el\", ver:\"38.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-en-gb\", ver:\"38.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-en-za\", ver:\"38.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-eo\", ver:\"38.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-es-ar\", ver:\"38.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-es-cl\", ver:\"38.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-es-es\", ver:\"38.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-es-mx\", ver:\"38.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-et\", ver:\"38.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-eu\", ver:\"38.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-fa\", ver:\"38.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-ff\", ver:\"38.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-fi\", ver:\"38.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-fr\", ver:\"38.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-fy-nl\", ver:\"38.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-ga-ie\", ver:\"38.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-gd\", ver:\"38.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-gl\", ver:\"38.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-gu-in\", ver:\"38.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-he\", ver:\"38.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-hi-in\", ver:\"38.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-hr\", ver:\"38.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-hsb\", ver:\"38.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-hu\", ver:\"38.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-hy-am\", ver:\"38.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-id\", ver:\"38.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-is\", ver:\"38.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-it\", ver:\"38.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-ja\", ver:\"38.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-kk\", ver:\"38.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-km\", ver:\"38.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-kn\", ver:\"38.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-ko\", ver:\"38.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-lij\", ver:\"38.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-lt\", ver:\"38.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-lv\", ver:\"38.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-mai\", ver:\"38.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-mk\", ver:\"38.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-ml\", ver:\"38.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-mr\", ver:\"38.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-ms\", ver:\"38.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-nb-no\", ver:\"38.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-nl\", ver:\"38.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-nn-no\", ver:\"38.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-or\", ver:\"38.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-pa-in\", ver:\"38.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-pl\", ver:\"38.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-pt-br\", ver:\"38.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-pt-pt\", ver:\"38.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-rm\", ver:\"38.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-ro\", ver:\"38.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-ru\", ver:\"38.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-si\", ver:\"38.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-sk\", ver:\"38.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-sl\", ver:\"38.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-son\", ver:\"38.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-sq\", ver:\"38.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-sr\", ver:\"38.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-sv-se\", ver:\"38.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-ta\", ver:\"38.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-te\", ver:\"38.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-th\", ver:\"38.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-tr\", ver:\"38.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-uk\", ver:\"38.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-uz\", ver:\"38.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-vi\", ver:\"38.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-xh\", ver:\"38.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-zh-cn\", ver:\"38.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-zh-tw\", ver:\"38.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-24T12:53:15", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-4478", "CVE-2015-4488", "CVE-2015-4489", "CVE-2015-4480", "CVE-2015-4484", "CVE-2015-4479", "CVE-2015-4492", "CVE-2015-4493", "CVE-2015-4487", "CVE-2015-4473"], "description": "Multiple security issues have been found in Iceweasel, Debian", "modified": "2017-07-07T00:00:00", "published": "2015-08-12T00:00:00", "id": "OPENVAS:703333", "href": "http://plugins.openvas.org/nasl.php?oid=703333", "type": "openvas", "title": "Debian Security Advisory DSA 3333-1 (iceweasel - security update)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3333.nasl 6609 2017-07-07 12:05:59Z cfischer $\n# Auto-generated from advisory DSA 3333-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703333);\n script_version(\"$Revision: 6609 $\");\n script_cve_id(\"CVE-2015-4473\", \"CVE-2015-4478\", \"CVE-2015-4479\", \"CVE-2015-4480\",\n \"CVE-2015-4484\", \"CVE-2015-4487\", \"CVE-2015-4488\", \"CVE-2015-4489\",\n \"CVE-2015-4492\", \"CVE-2015-4493\");\n script_name(\"Debian Security Advisory DSA 3333-1 (iceweasel - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-07 14:05:59 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value: \"2015-08-12 00:00:00 +0200 (Wed, 12 Aug 2015)\");\n script_tag(name: \"cvss_base\", value: \"10.0\");\n script_tag(name: \"cvss_base_vector\", value: \"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2015/dsa-3333.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"iceweasel on Debian Linux\");\n script_tag(name: \"insight\", value: \"Iceweasel is Firefox, rebranded. It is a powerful, extensible web browser\nwith support for modern web application technologies.\");\n script_tag(name: \"solution\", value: \"For the oldstable distribution (wheezy), these problems have been fixed\nin version 38.2.0esr-1~deb7u1.\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 38.2.0esr-1~deb8u1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 38.2.0esr-1.\n\nWe recommend that you upgrade your iceweasel packages.\");\n script_tag(name: \"summary\", value: \"Multiple security issues have been found in Iceweasel, Debian's version\nof the Mozilla Firefox web browser: Multiple memory safety errors,\ninteger overflows, buffer overflows, use-after-frees and other\nimplementation errors may lead to the execution of arbitrary code,\nbypass of the same-origin policy or denial of service.\n\nDebian follows the extended support releases (ESR) of Firefox. Support\nfor the 31.x series has ended, so starting with this update we're now\nfollowing the 38.x releases.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software version using the apt package manager.\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"iceweasel\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-dbg\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-dev\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ach\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-af\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ak\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-all\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-an\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ar\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-as\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ast\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-az\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-be\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-bg\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-bn-bd\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-bn-in\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-br\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-bs\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ca\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-cs\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-csb\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-cy\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-da\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-de\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-dsb\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-el\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-en-gb\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-en-za\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-eo\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-es-ar\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-es-cl\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-es-es\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-es-mx\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-et\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-eu\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-fa\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ff\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-fi\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-fr\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-fy-nl\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ga-ie\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-gd\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-gl\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-gu-in\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-he\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-hi-in\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-hr\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-hsb\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-hu\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-hy-am\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-id\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-is\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-it\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ja\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-kk\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-km\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-kn\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ko\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ku\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-lg\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-lij\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-lt\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-lv\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-mai\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-mk\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ml\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-mr\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ms\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-nb-no\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-nl\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-nn-no\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-nso\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-or\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-pa-in\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-pl\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-pt-br\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-pt-pt\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-rm\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ro\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ru\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-si\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-sk\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-sl\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-son\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-sq\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-sr\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-sv-se\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ta\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ta-lk\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-te\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-th\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-tr\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-uk\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-uz\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-vi\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-xh\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-zh-cn\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-zh-tw\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-zu\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmozjs-dev\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmozjs17d\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmozjs17d-dbg\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"spidermonkey-bin\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xulrunner-17.0\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xulrunner-17.0-dbg\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xulrunner-dev\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel\", ver:\"38.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-dbg\", ver:\"38.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-dev\", ver:\"38.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ach\", ver:\"38.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-af\", ver:\"38.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-all\", ver:\"38.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-an\", ver:\"38.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ar\", ver:\"38.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-as\", ver:\"38.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ast\", ver:\"38.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-az\", ver:\"38.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-be\", ver:\"38.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-bg\", ver:\"38.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-bn-bd\", ver:\"38.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-bn-in\", ver:\"38.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-br\", ver:\"38.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-bs\", ver:\"38.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ca\", ver:\"38.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-cs\", ver:\"38.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-cy\", ver:\"38.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-da\", ver:\"38.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-de\", ver:\"38.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-dsb\", ver:\"38.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-el\", ver:\"38.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-en-gb\", ver:\"38.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-en-za\", ver:\"38.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-eo\", ver:\"38.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-es-ar\", ver:\"38.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-es-cl\", ver:\"38.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-es-es\", ver:\"38.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-es-mx\", ver:\"38.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-et\", ver:\"38.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-eu\", ver:\"38.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-fa\", ver:\"38.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ff\", ver:\"38.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-fi\", ver:\"38.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-fr\", ver:\"38.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-fy-nl\", ver:\"38.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ga-ie\", ver:\"38.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-gd\", ver:\"38.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-gl\", ver:\"38.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-gu-in\", ver:\"38.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-he\", ver:\"38.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-hi-in\", ver:\"38.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-hr\", ver:\"38.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-hsb\", ver:\"38.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-hu\", ver:\"38.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-hy-am\", ver:\"38.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-id\", ver:\"38.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-is\", ver:\"38.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-it\", ver:\"38.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ja\", ver:\"38.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-kk\", ver:\"38.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-km\", ver:\"38.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-kn\", ver:\"38.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ko\", ver:\"38.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-lij\", ver:\"38.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-lt\", ver:\"38.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-lv\", ver:\"38.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-mai\", ver:\"38.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-mk\", ver:\"38.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ml\", ver:\"38.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-mr\", ver:\"38.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ms\", ver:\"38.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-nb-no\", ver:\"38.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-nl\", ver:\"38.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-nn-no\", ver:\"38.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-or\", ver:\"38.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-pa-in\", ver:\"38.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-pl\", ver:\"38.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-pt-br\", ver:\"38.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-pt-pt\", ver:\"38.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-rm\", ver:\"38.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ro\", ver:\"38.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ru\", ver:\"38.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-si\", ver:\"38.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-sk\", ver:\"38.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-sl\", ver:\"38.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-son\", ver:\"38.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-sq\", ver:\"38.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-sr\", ver:\"38.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-sv-se\", ver:\"38.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ta\", ver:\"38.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-te\", ver:\"38.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-th\", ver:\"38.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-tr\", ver:\"38.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-uk\", ver:\"38.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-uz\", ver:\"38.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-vi\", ver:\"38.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-xh\", ver:\"38.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-zh-cn\", ver:\"38.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-zh-tw\", ver:\"38.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:36:37", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-4478", "CVE-2015-4485", "CVE-2015-4488", "CVE-2015-4489", "CVE-2015-4486", "CVE-2015-4480", "CVE-2015-4484", "CVE-2015-4479", "CVE-2015-4492", "CVE-2015-4493", "CVE-2015-4487", "CVE-2015-4473", "CVE-2015-4491", "CVE-2015-4475"], "description": "Check the version of firefox", "modified": "2019-03-08T00:00:00", "published": "2015-08-12T00:00:00", "id": "OPENVAS:1361412562310882243", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882243", "type": "openvas", "title": "CentOS Update for firefox CESA-2015:1586 centos7", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for firefox CESA-2015:1586 centos7\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882243\");\n script_version(\"$Revision: 14058 $\");\n script_cve_id(\"CVE-2015-4473\", \"CVE-2015-4475\", \"CVE-2015-4478\", \"CVE-2015-4479\",\n \"CVE-2015-4480\", \"CVE-2015-4484\", \"CVE-2015-4485\", \"CVE-2015-4486\",\n \"CVE-2015-4487\", \"CVE-2015-4488\", \"CVE-2015-4489\", \"CVE-2015-4491\",\n \"CVE-2015-4492\", \"CVE-2015-4493\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-08-12 05:07:48 +0200 (Wed, 12 Aug 2015)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for firefox CESA-2015:1586 centos7\");\n script_tag(name:\"summary\", value:\"Check the version of firefox\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Mozilla Firefox is an open source web\n browser. XULRunner provides the XUL\nRuntime environment for Mozilla Firefox.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nFirefox. (CVE-2015-4473, CVE-2015-4475, CVE-2015-4478, CVE-2015-4479,\nCVE-2015-4480, CVE-2015-4493, CVE-2015-4484, CVE-2015-4491, CVE-2015-4485,\nCVE-2015-4486, CVE-2015-4487, CVE-2015-4488, CVE-2015-4489, CVE-2015-4492)\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Gary Kwong, Christian Holler, Byron Campen, Aki\nHelin, Andre Bargull, Massimiliano Tomassoli, laf.intel, Massimiliano\nTomassoli, Tyson Smith, Jukka Jylanki, Gustavo Grieco, Abhishek Arya,\nRonald Crane, and Looben Yang as the original reporters of these issues.\n\nAll Firefox users should upgrade to these updated packages, which contain\nFirefox version 38.2 ESR, which corrects these issues. After installing the\nupdate, Firefox must be restarted for the changes to take effect.\");\n script_tag(name:\"affected\", value:\"firefox on CentOS 7\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_xref(name:\"CESA\", value:\"2015:1586\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2015-August/021305.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS7\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS7\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~38.2.0~4.el7.centos\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "redhat": [{"lastseen": "2019-08-13T18:45:12", "bulletinFamily": "unix", "cvelist": ["CVE-2015-4473", "CVE-2015-4487", "CVE-2015-4488", "CVE-2015-4489", "CVE-2015-4491"], "description": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Thunderbird to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nThunderbird. (CVE-2015-4473, CVE-2015-4491, CVE-2015-4487, CVE-2015-4488, \nCVE-2015-4489)\n\nNote: All of the above issues cannot be exploited by a specially crafted\nHTML mail message because JavaScript is disabled by default for mail\nmessages. However, they could be exploited in other ways in Thunderbird\n(for example, by viewing the full remote content of an RSS feed).\n\nRed Hat would like to thank the Mozilla project for reporting these\nissues. Upstream acknowledges Gary Kwong, Christian Holler, Byron Campen, \nGustavo Grieco, and Ronald Crane as the original reporters of these issues.\n\nFor technical details regarding these flaws, refer to the Mozilla security\nadvisories for Thunderbird 38.2. You can find a link to the Mozilla\nadvisories in the References section of this erratum.\n\nAll Thunderbird users should upgrade to this updated package, which\ncontains Thunderbird version 38.2, which corrects these issues.\nAfter installing the update, Thunderbird must be restarted for the changes\nto take effect.\n", "modified": "2018-06-06T20:24:06", "published": "2015-08-25T04:00:00", "id": "RHSA-2015:1682", "href": "https://access.redhat.com/errata/RHSA-2015:1682", "type": "redhat", "title": "(RHSA-2015:1682) Important: thunderbird security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:45:13", "bulletinFamily": "unix", "cvelist": ["CVE-2015-4473", "CVE-2015-4475", "CVE-2015-4478", "CVE-2015-4479", "CVE-2015-4480", "CVE-2015-4484", "CVE-2015-4485", "CVE-2015-4486", "CVE-2015-4487", "CVE-2015-4488", "CVE-2015-4489", "CVE-2015-4491", "CVE-2015-4492", "CVE-2015-4493"], "description": "Mozilla Firefox is an open source web browser. XULRunner provides the XUL\nRuntime environment for Mozilla Firefox.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nFirefox. (CVE-2015-4473, CVE-2015-4475, CVE-2015-4478, CVE-2015-4479,\nCVE-2015-4480, CVE-2015-4493, CVE-2015-4484, CVE-2015-4491, CVE-2015-4485,\nCVE-2015-4486, CVE-2015-4487, CVE-2015-4488, CVE-2015-4489, CVE-2015-4492)\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Gary Kwong, Christian Holler, Byron Campen, Aki\nHelin, Andre Bargull, Massimiliano Tomassoli, laf.intel, Massimiliano\nTomassoli, Tyson Smith, Jukka Jylanki, Gustavo Grieco, Abhishek Arya,\nRonald Crane, and Looben Yang as the original reporters of these issues.\n\nAll Firefox users should upgrade to these updated packages, which contain\nFirefox version 38.2 ESR, which corrects these issues. After installing the\nupdate, Firefox must be restarted for the changes to take effect.\n", "modified": "2018-06-06T20:24:22", "published": "2015-08-11T04:00:00", "id": "RHSA-2015:1586", "href": "https://access.redhat.com/errata/RHSA-2015:1586", "type": "redhat", "title": "(RHSA-2015:1586) Critical: firefox security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:46:54", "bulletinFamily": "unix", "cvelist": ["CVE-2015-4491"], "description": "gdk-pixbuf is an image loading library that can be extended by loadable\nmodules for new image formats. It is used by toolkits such as GTK+ or\nclutter.\n\nAn integer overflow, leading to a heap-based buffer overflow, was found in\nthe way gdk-pixbuf, an image loading library for GNOME, scaled certain\nbitmap format images. An attacker could use a specially crafted BMP image\nfile that, when processed by an application compiled against the gdk-pixbuf\nlibrary, would cause that application to crash or execute arbitrary code\nwith the permissions of the user running the application. (CVE-2015-4491)\n\nRed Hat would like to thank the Mozilla project for reporting this issue.\nUpstream acknowledges Gustavo Grieco as the original reporter.\n\nAll gdk-pixbuf2 users are advised to upgrade to these updated packages,\nwhich contain a backported patch to correct this issue.\n", "modified": "2018-06-06T20:24:35", "published": "2015-08-31T04:00:00", "id": "RHSA-2015:1694", "href": "https://access.redhat.com/errata/RHSA-2015:1694", "type": "redhat", "title": "(RHSA-2015:1694) Moderate: gdk-pixbuf2 security update", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "centos": [{"lastseen": "2019-12-20T18:25:39", "bulletinFamily": "unix", "cvelist": ["CVE-2015-4488", "CVE-2015-4489", "CVE-2015-4487", "CVE-2015-4473", "CVE-2015-4491"], "description": "**CentOS Errata and Security Advisory** CESA-2015:1682\n\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Thunderbird to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nThunderbird. (CVE-2015-4473, CVE-2015-4491, CVE-2015-4487, CVE-2015-4488, \nCVE-2015-4489)\n\nNote: All of the above issues cannot be exploited by a specially crafted\nHTML mail message because JavaScript is disabled by default for mail\nmessages. However, they could be exploited in other ways in Thunderbird\n(for example, by viewing the full remote content of an RSS feed).\n\nRed Hat would like to thank the Mozilla project for reporting these\nissues. Upstream acknowledges Gary Kwong, Christian Holler, Byron Campen, \nGustavo Grieco, and Ronald Crane as the original reporters of these issues.\n\nFor technical details regarding these flaws, refer to the Mozilla security\nadvisories for Thunderbird 38.2. You can find a link to the Mozilla\nadvisories in the References section of this erratum.\n\nAll Thunderbird users should upgrade to this updated package, which\ncontains Thunderbird version 38.2, which corrects these issues.\nAfter installing the update, Thunderbird must be restarted for the changes\nto take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2015-August/033385.html\nhttp://lists.centos.org/pipermail/centos-announce/2015-August/033386.html\nhttp://lists.centos.org/pipermail/centos-announce/2015-August/033387.html\n\n**Affected packages:**\nthunderbird\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2015-1682.html", "edition": 3, "modified": "2015-08-25T23:21:00", "published": "2015-08-25T22:25:27", "href": "http://lists.centos.org/pipermail/centos-announce/2015-August/033385.html", "id": "CESA-2015:1682", "title": "thunderbird security update", "type": "centos", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-17T03:32:03", "bulletinFamily": "unix", "cvelist": ["CVE-2015-4478", "CVE-2015-4485", "CVE-2015-4488", "CVE-2015-4489", "CVE-2015-4486", "CVE-2015-4480", "CVE-2015-4484", "CVE-2015-4479", "CVE-2015-4492", "CVE-2015-4493", "CVE-2015-4487", "CVE-2015-4473", "CVE-2015-4491", "CVE-2015-4475"], "description": "**CentOS Errata and Security Advisory** CESA-2015:1586\n\n\nMozilla Firefox is an open source web browser. XULRunner provides the XUL\nRuntime environment for Mozilla Firefox.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nFirefox. (CVE-2015-4473, CVE-2015-4475, CVE-2015-4478, CVE-2015-4479,\nCVE-2015-4480, CVE-2015-4493, CVE-2015-4484, CVE-2015-4491, CVE-2015-4485,\nCVE-2015-4486, CVE-2015-4487, CVE-2015-4488, CVE-2015-4489, CVE-2015-4492)\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Gary Kwong, Christian Holler, Byron Campen, Aki\nHelin, Andre Bargull, Massimiliano Tomassoli, laf.intel, Massimiliano\nTomassoli, Tyson Smith, Jukka Jylanki, Gustavo Grieco, Abhishek Arya,\nRonald Crane, and Looben Yang as the original reporters of these issues.\n\nAll Firefox users should upgrade to these updated packages, which contain\nFirefox version 38.2 ESR, which corrects these issues. After installing the\nupdate, Firefox must be restarted for the changes to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2015-August/033343.html\nhttp://lists.centos.org/pipermail/centos-announce/2015-August/033344.html\nhttp://lists.centos.org/pipermail/centos-announce/2015-August/033346.html\n\n**Affected packages:**\nfirefox\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2015-1586.html", "edition": 5, "modified": "2015-08-12T03:00:24", "published": "2015-08-11T20:36:44", "href": "http://lists.centos.org/pipermail/centos-announce/2015-August/033343.html", "id": "CESA-2015:1586", "title": "firefox security update", "type": "centos", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-12-20T18:28:32", "bulletinFamily": "unix", "cvelist": ["CVE-2015-4491"], "description": "**CentOS Errata and Security Advisory** CESA-2015:1694\n\n\ngdk-pixbuf is an image loading library that can be extended by loadable\nmodules for new image formats. It is used by toolkits such as GTK+ or\nclutter.\n\nAn integer overflow, leading to a heap-based buffer overflow, was found in\nthe way gdk-pixbuf, an image loading library for GNOME, scaled certain\nbitmap format images. An attacker could use a specially crafted BMP image\nfile that, when processed by an application compiled against the gdk-pixbuf\nlibrary, would cause that application to crash or execute arbitrary code\nwith the permissions of the user running the application. (CVE-2015-4491)\n\nRed Hat would like to thank the Mozilla project for reporting this issue.\nUpstream acknowledges Gustavo Grieco as the original reporter.\n\nAll gdk-pixbuf2 users are advised to upgrade to these updated packages,\nwhich contain a backported patch to correct this issue.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2015-August/033393.html\nhttp://lists.centos.org/pipermail/centos-announce/2015-September/033398.html\n\n**Affected packages:**\ngdk-pixbuf2\ngdk-pixbuf2-devel\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2015-1694.html", "edition": 7, "modified": "2015-09-01T23:35:47", "published": "2015-08-31T16:41:33", "id": "CESA-2015:1694", "href": "http://lists.centos.org/pipermail/centos-announce/2015-August/033393.html", "title": "gdk security update", "type": "centos", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "ubuntu": [{"lastseen": "2020-07-02T11:38:50", "bulletinFamily": "unix", "cvelist": ["CVE-2015-4488", "CVE-2015-4489", "CVE-2015-4487", "CVE-2015-4473", "CVE-2015-4491"], "description": "Gary Kwong, Christian Holler, and Byron Campen discovered multiple memory \nsafety issues in Thunderbird. If a user were tricked in to opening a \nspecially crafted message, an attacker could potentially exploit these to \ncause a denial of service via application crash, or execute arbitrary code \nwith the privileges ofthe user invoking Thunderbird. (CVE-2015-4473)\n\nRonald Crane reported 3 security issues. If a user were tricked in to \nopening a specially crafted message, an attacker could potentially \nexploit these, in combination with another security vulnerability, to \ncause a denial of service via application crash, or execute arbitrary \ncode with the privileges of the user invoking Thunderbird. (CVE-2015-4487, \nCVE-2015-4488, CVE-2015-4489)\n\nGustavo Grieco discovered a heap overflow in gdk-pixbuf. If a user were \ntricked in to opening a specially crafted message, an attacker could \npotentially exploit this to cause a denial of service via application \ncrash or execute arbitrary code with the priviliges of the user invoking \nThunderbird. (CVE-2015-4491)", "edition": 5, "modified": "2015-08-25T00:00:00", "published": "2015-08-25T00:00:00", "id": "USN-2712-1", "href": "https://ubuntu.com/security/notices/USN-2712-1", "title": "Thunderbird vulnerabilities", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-02T11:33:42", "bulletinFamily": "unix", "cvelist": ["CVE-2015-4478", "CVE-2015-4485", "CVE-2015-4488", "CVE-2015-4489", "CVE-2015-4486", "CVE-2015-4474", "CVE-2015-4480", "CVE-2015-4484", "CVE-2015-4479", "CVE-2015-4492", "CVE-2015-4490", "CVE-2015-4493", "CVE-2015-4477", "CVE-2015-4487", "CVE-2015-4473", "CVE-2015-4491", "CVE-2015-4475"], "description": "USN-2702-1 fixed vulnerabilities in Firefox. After upgrading, some users \nin the US reported that their default search engine switched to Yahoo. \nThis update fixes the problem.\n\nWe apologize for the inconvenience.\n\nOriginal advisory details:\n\nGary Kwong, Christian Holler, Byron Campen, Tyson Smith, Bobby Holley, \nChris Coulson, and Eric Rahm discovered multiple memory safety issues in \nFirefox. If a user were tricked in to opening a specially crafted website, \nan attacker could potentially exploit these to cause a denial of service \nvia application crash, or execute arbitrary code with the privileges of \nthe user invoking Firefox. (CVE-2015-4473, CVE-2015-4474)\n\nAki Helin discovered an out-of-bounds read when playing malformed MP3 \ncontent in some circumstances. If a user were tricked in to opening a \nspecially crafted website, an attacker could potentially exploit this to \nobtain sensitive information, cause a denial of service via application \ncrash, or execute arbitrary code with the privileges of the user invoking \nFirefox. (CVE-2015-4475)\n\nA use-after-free was discovered during MediaStream playback in some \ncircumstances. If a user were tricked in to opening a specially crafted \nwebsite, an attacker could potentially exploit this to cause a denial of \nservice via application crash or execute arbitrary code with the \npriviliges of the user invoking Firefox. (CVE-2015-4477)\n\nAndr\u00e9 Bargull discovered that non-configurable properties on javascript \nobjects could be redefined when parsing JSON. If a user were tricked in to \nopening a specially crafted website, an attacker could potentially exploit \nthis to bypass same-origin restrictions. (CVE-2015-4478)\n\nMultiple integer overflows were discovered in libstagefright. If a user \nwere tricked in to opening a specially crafted website, an attacker could \npotentially exploit these to cause a denial of service via application \ncrash, or execute arbitrary code with the privileges of the user invoking \nFirefox. (CVE-2015-4479, CVE-2015-4480, CVE-2015-4493)\n\nJukka Jyl\u00e4nki discovered a crash that occurs because javascript does not \nproperly gate access to Atomics or SharedArrayBuffers in some \ncircumstances. If a user were tricked in to opening a specially crafted \nwebsite, an attacker could potentially exploit this to cause a denial of \nservice. (CVE-2015-4484)\n\nAbhishek Arya discovered 2 buffer overflows in libvpx when decoding \nmalformed WebM content in some circumstances. If a user were tricked in \nto opening a specially crafted website, an attacker could potentially \nexploit these to cause a denial of service via application crash, or \nexecute arbitrary code with the privileges of the user invoking Firefox. \n(CVE-2015-4485, CVE-2015-4486)\n\nRonald Crane reported 3 security issues. If a user were tricked in to \nopening a specially crafted website, an attacker could potentially \nexploit these, in combination with another security vulnerability, to \ncause a denial of service via application crash, or execute arbitrary \ncode with the privileges of the user invoking Firefox. (CVE-2015-4487, \nCVE-2015-4488, CVE-2015-4489)\n\nChristoph Kerschbaumer discovered an issue with Mozilla's implementation \nof Content Security Policy (CSP), which could allow for a more permissive \nusage in some cirucumstances. An attacker could potentially exploit this \nto conduct cross-site scripting (XSS) attacks. (CVE-2015-4490)\n\nGustavo Grieco discovered a heap overflow in gdk-pixbuf. If a user were \ntricked in to opening a specially crafted website, an attacker could \npotentially exploit this to cause a denial of service via application \ncrash or execute arbitrary code with the priviliges of the user invoking \nFirefox. (CVE-2015-4491)\n\nLooben Yang discovered a use-after-free when using XMLHttpRequest with \nshared workers in some circumstances. If a user were tricked in to opening \na specially crafted website, an attacker could potentially exploit this to \ncause a denial of service via application crash or execute arbitrary code \nwith the priviliges of the user invoking Firefox. (CVE-2015-4492)", "edition": 5, "modified": "2015-08-20T00:00:00", "published": "2015-08-20T00:00:00", "id": "USN-2702-3", "href": "https://ubuntu.com/security/notices/USN-2702-3", "title": "Firefox regression", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-02T11:38:16", "bulletinFamily": "unix", "cvelist": ["CVE-2015-4478", "CVE-2015-4485", "CVE-2015-4488", "CVE-2015-4489", "CVE-2015-4486", "CVE-2015-4474", "CVE-2015-4480", "CVE-2015-4484", "CVE-2015-4479", "CVE-2015-4492", "CVE-2015-4490", "CVE-2015-4493", "CVE-2015-4477", "CVE-2015-4487", "CVE-2015-4473", "CVE-2015-4491", "CVE-2015-4475"], "description": "Gary Kwong, Christian Holler, Byron Campen, Tyson Smith, Bobby Holley, \nChris Coulson, and Eric Rahm discovered multiple memory safety issues in \nFirefox. If a user were tricked in to opening a specially crafted website, \nan attacker could potentially exploit these to cause a denial of service \nvia application crash, or execute arbitrary code with the privileges of \nthe user invoking Firefox. (CVE-2015-4473, CVE-2015-4474)\n\nAki Helin discovered an out-of-bounds read when playing malformed MP3 \ncontent in some circumstances. If a user were tricked in to opening a \nspecially crafted website, an attacker could potentially exploit this to \nobtain sensitive information, cause a denial of service via application \ncrash, or execute arbitrary code with the privileges of the user invoking \nFirefox. (CVE-2015-4475)\n\nA use-after-free was discovered during MediaStream playback in some \ncircumstances. If a user were tricked in to opening a specially crafted \nwebsite, an attacker could potentially exploit this to cause a denial of \nservice via application crash or execute arbitrary code with the \npriviliges of the user invoking Firefox. (CVE-2015-4477)\n\nAndr\u00e9 Bargull discovered that non-configurable properties on javascript \nobjects could be redefined when parsing JSON. If a user were tricked in to \nopening a specially crafted website, an attacker could potentially exploit \nthis to bypass same-origin restrictions. (CVE-2015-4478)\n\nMultiple integer overflows were discovered in libstagefright. If a user \nwere tricked in to opening a specially crafted website, an attacker could \npotentially exploit these to cause a denial of service via application \ncrash, or execute arbitrary code with the privileges of the user invoking \nFirefox. (CVE-2015-4479, CVE-2015-4480, CVE-2015-4493)\n\nJukka Jyl\u00e4nki discovered a crash that occurs because javascript does not \nproperly gate access to Atomics or SharedArrayBuffers in some \ncircumstances. If a user were tricked in to opening a specially crafted \nwebsite, an attacker could potentially exploit this to cause a denial of \nservice. (CVE-2015-4484)\n\nAbhishek Arya discovered 2 buffer overflows in libvpx when decoding \nmalformed WebM content in some circumstances. If a user were tricked in \nto opening a specially crafted website, an attacker could potentially \nexploit these to cause a denial of service via application crash, or \nexecute arbitrary code with the privileges of the user invoking Firefox. \n(CVE-2015-4485, CVE-2015-4486)\n\nRonald Crane reported 3 security issues. If a user were tricked in to \nopening a specially crafted website, an attacker could potentially \nexploit these, in combination with another security vulnerability, to \ncause a denial of service via application crash, or execute arbitrary \ncode with the privileges of the user invoking Firefox. (CVE-2015-4487, \nCVE-2015-4488, CVE-2015-4489)\n\nChristoph Kerschbaumer discovered an issue with Mozilla's implementation \nof Content Security Policy (CSP), which could allow for a more permissive \nusage in some cirucumstances. An attacker could potentially exploit this \nto conduct cross-site scripting (XSS) attacks. (CVE-2015-4490)\n\nGustavo Grieco discovered a heap overflow in gdk-pixbuf. If a user were \ntricked in to opening a specially crafted website, an attacker could \npotentially exploit this to cause a denial of service via application \ncrash or execute arbitrary code with the priviliges of the user invoking \nFirefox. (CVE-2015-4491)\n\nLooben Yang discovered a use-after-free when using XMLHttpRequest with \nshared workers in some circumstances. If a user were tricked in to opening \na specially crafted website, an attacker could potentially exploit this to \ncause a denial of service via application crash or execute arbitrary code \nwith the priviliges of the user invoking Firefox. (CVE-2015-4492)", "edition": 5, "modified": "2015-08-11T00:00:00", "published": "2015-08-11T00:00:00", "id": "USN-2702-1", "href": "https://ubuntu.com/security/notices/USN-2702-1", "title": "Firefox vulnerabilities", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-02T11:41:52", "bulletinFamily": "unix", "cvelist": ["CVE-2015-4478", "CVE-2015-4485", "CVE-2015-4488", "CVE-2015-4489", "CVE-2015-4486", "CVE-2015-4474", "CVE-2015-4480", "CVE-2015-4484", "CVE-2015-4479", "CVE-2015-4492", "CVE-2015-4490", "CVE-2015-4493", "CVE-2015-4477", "CVE-2015-4487", "CVE-2015-4473", "CVE-2015-4491", "CVE-2015-4475"], "description": "USN-2702-1 fixed vulnerabilities in Firefox. This update provides the \ncorresponding updates for Ubufox.\n\nOriginal advisory details:\n\nGary Kwong, Christian Holler, Byron Campen, Tyson Smith, Bobby Holley, \nChris Coulson, and Eric Rahm discovered multiple memory safety issues in \nFirefox. If a user were tricked in to opening a specially crafted website, \nan attacker could potentially exploit these to cause a denial of service \nvia application crash, or execute arbitrary code with the privileges of \nthe user invoking Firefox. (CVE-2015-4473, CVE-2015-4474)\n\nAki Helin discovered an out-of-bounds read when playing malformed MP3 \ncontent in some circumstances. If a user were tricked in to opening a \nspecially crafted website, an attacker could potentially exploit this to \nobtain sensitive information, cause a denial of service via application \ncrash, or execute arbitrary code with the privileges of the user invoking \nFirefox. (CVE-2015-4475)\n\nA use-after-free was discovered during MediaStream playback in some \ncircumstances. If a user were tricked in to opening a specially crafted \nwebsite, an attacker could potentially exploit this to cause a denial of \nservice via application crash or execute arbitrary code with the \npriviliges of the user invoking Firefox. (CVE-2015-4477)\n\nAndr\u00e9 Bargull discovered that non-configurable properties on javascript \nobjects could be redefined when parsing JSON. If a user were tricked in to \nopening a specially crafted website, an attacker could potentially exploit \nthis to bypass same-origin restrictions. (CVE-2015-4478)\n\nMultiple integer overflows were discovered in libstagefright. If a user \nwere tricked in to opening a specially crafted website, an attacker could \npotentially exploit these to cause a denial of service via application \ncrash, or execute arbitrary code with the privileges of the user invoking \nFirefox. (CVE-2015-4479, CVE-2015-4480, CVE-2015-4493)\n\nJukka Jyl\u00e4nki discovered a crash that occurs because javascript does not \nproperly gate access to Atomics or SharedArrayBuffers in some \ncircumstances. If a user were tricked in to opening a specially crafted \nwebsite, an attacker could potentially exploit this to cause a denial of \nservice. (CVE-2015-4484)\n\nAbhishek Arya discovered 2 buffer overflows in libvpx when decoding \nmalformed WebM content in some circumstances. If a user were tricked in \nto opening a specially crafted website, an attacker could potentially \nexploit these to cause a denial of service via application crash, or \nexecute arbitrary code with the privileges of the user invoking Firefox. \n(CVE-2015-4485, CVE-2015-4486)\n\nRonald Crane reported 3 security issues. If a user were tricked in to \nopening a specially crafted website, an attacker could potentially \nexploit these, in combination with another security vulnerability, to \ncause a denial of service via application crash, or execute arbitrary \ncode with the privileges of the user invoking Firefox. (CVE-2015-4487, \nCVE-2015-4488, CVE-2015-4489)\n\nChristoph Kerschbaumer discovered an issue with Mozilla's implementation \nof Content Security Policy (CSP), which could allow for a more permissive \nusage in some cirucumstances. An attacker could potentially exploit this \nto conduct cross-site scripting (XSS) attacks. (CVE-2015-4490)\n\nGustavo Grieco discovered a heap overflow in gdk-pixbuf. If a user were \ntricked in to opening a specially crafted website, an attacker could \npotentially exploit this to cause a denial of service via application \ncrash or execute arbitrary code with the priviliges of the user invoking \nFirefox. (CVE-2015-4491)\n\nLooben Yang discovered a use-after-free when using XMLHttpRequest with \nshared workers in some circumstances. If a user were tricked in to opening \na specially crafted website, an attacker could potentially exploit this to \ncause a denial of service via application crash or execute arbitrary code \nwith the priviliges of the user invoking Firefox. (CVE-2015-4492)", "edition": 5, "modified": "2015-08-11T00:00:00", "published": "2015-08-11T00:00:00", "id": "USN-2702-2", "href": "https://ubuntu.com/security/notices/USN-2702-2", "title": "Ubufox update", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-02T11:43:04", "bulletinFamily": "unix", "cvelist": ["CVE-2015-4491"], "description": "Gustavo Grieco discovered that GDK-PixBuf incorrectly handled scaling \nbitmap images. If a user or automated system were tricked into opening a \nBMP image file, a remote attacker could use this flaw to cause GDK-PixBuf \nto crash, resulting in a denial of service, or possibly execute arbitrary \ncode.", "edition": 5, "modified": "2015-08-26T00:00:00", "published": "2015-08-26T00:00:00", "id": "USN-2722-1", "href": "https://ubuntu.com/security/notices/USN-2722-1", "title": "GDK-PixBuf vulnerability", "type": "ubuntu", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2020-05-31T20:09:24", "description": "An updated thunderbird package that fixes multiple security issues is\nnow available for Red Hat Enterprise Linux 5, 6, and 7.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Thunderbird to crash\nor, potentially, execute arbitrary code with the privileges of the\nuser running Thunderbird. (CVE-2015-4473, CVE-2015-4491,\nCVE-2015-4487, CVE-2015-4488, CVE-2015-4489)\n\nNote: All of the above issues cannot be exploited by a specially\ncrafted HTML mail message because JavaScript is disabled by default\nfor mail messages. However, they could be exploited in other ways in\nThunderbird (for example, by viewing the full remote content of an RSS\nfeed).\n\nRed Hat would like to thank the Mozilla project for reporting these\nissues. Upstream acknowledges Gary Kwong, Christian Holler, Byron\nCampen, Gustavo Grieco, and Ronald Crane as the original reporters of\nthese issues.\n\nFor technical details regarding these flaws, refer to the Mozilla\nsecurity advisories for Thunderbird 38.2. You can find a link to the\nMozilla advisories in the References section of this erratum.\n\nAll Thunderbird users should upgrade to this updated package, which\ncontains Thunderbird version 38.2, which corrects these issues. After\ninstalling the update, Thunderbird must be restarted for the changes\nto take effect.", "edition": 22, "published": "2015-08-26T00:00:00", "title": "RHEL 5 / 6 / 7 : thunderbird (RHSA-2015:1682)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-4488", "CVE-2015-4489", "CVE-2015-4487", "CVE-2015-4473", "CVE-2015-4491"], "modified": "2015-08-26T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:6.7", "cpe:/o:redhat:enterprise_linux:5", "cpe:/o:redhat:enterprise_linux:7.4", "p-cpe:/a:redhat:enterprise_linux:thunderbird", "cpe:/o:redhat:enterprise_linux:7.1", "cpe:/o:redhat:enterprise_linux:7.7", "cpe:/o:redhat:enterprise_linux:7.5", "cpe:/o:redhat:enterprise_linux:7", "cpe:/o:redhat:enterprise_linux:7.3", "p-cpe:/a:redhat:enterprise_linux:thunderbird-debuginfo", "cpe:/o:redhat:enterprise_linux:7.2", "cpe:/o:redhat:enterprise_linux:7.6", "cpe:/o:redhat:enterprise_linux:6"], "id": "REDHAT-RHSA-2015-1682.NASL", "href": "https://www.tenable.com/plugins/nessus/85645", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2015:1682. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(85645);\n script_version(\"2.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/05/29\");\n\n script_cve_id(\"CVE-2015-4473\", \"CVE-2015-4487\", \"CVE-2015-4488\", \"CVE-2015-4489\", \"CVE-2015-4491\");\n script_xref(name:\"RHSA\", value:\"2015:1682\");\n\n script_name(english:\"RHEL 5 / 6 / 7 : thunderbird (RHSA-2015:1682)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"An updated thunderbird package that fixes multiple security issues is\nnow available for Red Hat Enterprise Linux 5, 6, and 7.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Thunderbird to crash\nor, potentially, execute arbitrary code with the privileges of the\nuser running Thunderbird. (CVE-2015-4473, CVE-2015-4491,\nCVE-2015-4487, CVE-2015-4488, CVE-2015-4489)\n\nNote: All of the above issues cannot be exploited by a specially\ncrafted HTML mail message because JavaScript is disabled by default\nfor mail messages. However, they could be exploited in other ways in\nThunderbird (for example, by viewing the full remote content of an RSS\nfeed).\n\nRed Hat would like to thank the Mozilla project for reporting these\nissues. Upstream acknowledges Gary Kwong, Christian Holler, Byron\nCampen, Gustavo Grieco, and Ronald Crane as the original reporters of\nthese issues.\n\nFor technical details regarding these flaws, refer to the Mozilla\nsecurity advisories for Thunderbird 38.2. You can find a link to the\nMozilla advisories in the References section of this erratum.\n\nAll Thunderbird users should upgrade to this updated package, which\ncontains Thunderbird version 38.2, which corrects these issues. After\ninstalling the update, Thunderbird must be restarted for the changes\nto take effect.\"\n );\n # https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/#\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f3138c54\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2015:1682\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-4487\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-4489\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-4488\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-4473\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-4491\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Update the affected thunderbird and / or thunderbird-debuginfo\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:thunderbird-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/08/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/08/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/08/26\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x / 6.x / 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2015:1682\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"thunderbird-38.2.0-4.el5_11\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"thunderbird-38.2.0-4.el5_11\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"thunderbird-debuginfo-38.2.0-4.el5_11\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"thunderbird-debuginfo-38.2.0-4.el5_11\", allowmaj:TRUE)) flag++;\n\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"thunderbird-38.2.0-4.el6_7\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"thunderbird-38.2.0-4.el6_7\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"thunderbird-38.2.0-4.el6_7\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"thunderbird-debuginfo-38.2.0-4.el6_7\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"thunderbird-debuginfo-38.2.0-4.el6_7\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"thunderbird-debuginfo-38.2.0-4.el6_7\", allowmaj:TRUE)) flag++;\n\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"thunderbird-38.2.0-1.el7_1\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"thunderbird-debuginfo-38.2.0-1.el7_1\", allowmaj:TRUE)) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"thunderbird / thunderbird-debuginfo\");\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-06T09:30:19", "description": "An updated thunderbird package that fixes multiple security issues is\nnow available for Red Hat Enterprise Linux 5, 6, and 7.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Thunderbird to crash\nor, potentially, execute arbitrary code with the privileges of the\nuser running Thunderbird. (CVE-2015-4473, CVE-2015-4491,\nCVE-2015-4487, CVE-2015-4488, CVE-2015-4489)\n\nNote: All of the above issues cannot be exploited by a specially\ncrafted HTML mail message because JavaScript is disabled by default\nfor mail messages. However, they could be exploited in other ways in\nThunderbird (for example, by viewing the full remote content of an RSS\nfeed).\n\nRed Hat would like to thank the Mozilla project for reporting these\nissues. Upstream acknowledges Gary Kwong, Christian Holler, Byron\nCampen, Gustavo Grieco, and Ronald Crane as the original reporters of\nthese issues.\n\nFor technical details regarding these flaws, refer to the Mozilla\nsecurity advisories for Thunderbird 38.2. You can find a link to the\nMozilla advisories in the References section of this erratum.\n\nAll Thunderbird users should upgrade to this updated package, which\ncontains Thunderbird version 38.2, which corrects these issues. After\ninstalling the update, Thunderbird must be restarted for the changes\nto take effect.", "edition": 21, "published": "2015-10-22T00:00:00", "title": "CentOS 5 / 6 / 7 : thunderbird (CESA-2015:1682)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-4488", "CVE-2015-4489", "CVE-2015-4487", "CVE-2015-4473", "CVE-2015-4491"], "modified": "2015-10-22T00:00:00", "cpe": ["cpe:/o:centos:centos:6", "cpe:/o:centos:centos:7", "p-cpe:/a:centos:centos:thunderbird", "cpe:/o:centos:centos:5"], "id": "CENTOS_RHSA-2015-1682.NASL", "href": "https://www.tenable.com/plugins/nessus/86497", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2015:1682 and \n# CentOS Errata and Security Advisory 2015:1682 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(86497);\n script_version(\"2.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2015-4473\", \"CVE-2015-4487\", \"CVE-2015-4488\", \"CVE-2015-4489\", \"CVE-2015-4491\");\n script_xref(name:\"RHSA\", value:\"2015:1682\");\n\n script_name(english:\"CentOS 5 / 6 / 7 : thunderbird (CESA-2015:1682)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote CentOS host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"An updated thunderbird package that fixes multiple security issues is\nnow available for Red Hat Enterprise Linux 5, 6, and 7.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Thunderbird to crash\nor, potentially, execute arbitrary code with the privileges of the\nuser running Thunderbird. (CVE-2015-4473, CVE-2015-4491,\nCVE-2015-4487, CVE-2015-4488, CVE-2015-4489)\n\nNote: All of the above issues cannot be exploited by a specially\ncrafted HTML mail message because JavaScript is disabled by default\nfor mail messages. However, they could be exploited in other ways in\nThunderbird (for example, by viewing the full remote content of an RSS\nfeed).\n\nRed Hat would like to thank the Mozilla project for reporting these\nissues. Upstream acknowledges Gary Kwong, Christian Holler, Byron\nCampen, Gustavo Grieco, and Ronald Crane as the original reporters of\nthese issues.\n\nFor technical details regarding these flaws, refer to the Mozilla\nsecurity advisories for Thunderbird 38.2. You can find a link to the\nMozilla advisories in the References section of this erratum.\n\nAll Thunderbird users should upgrade to this updated package, which\ncontains Thunderbird version 38.2, which corrects these issues. After\ninstalling the update, Thunderbird must be restarted for the changes\nto take effect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2015-August/021347.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5b57413e\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2015-August/021348.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?90963b2b\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2015-August/021349.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?90556324\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected thunderbird package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-4473\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/08/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/08/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/10/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 5.x / 6.x / 7.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"thunderbird-38.2.0-4.el5.centos\", allowmaj:TRUE)) flag++;\n\nif (rpm_check(release:\"CentOS-6\", reference:\"thunderbird-38.2.0-4.el6.centos\", allowmaj:TRUE)) flag++;\n\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"thunderbird-38.2.0-1.el7.centos\", allowmaj:TRUE)) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"thunderbird\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T12:50:09", "description": "From Red Hat Security Advisory 2015:1682 :\n\nAn updated thunderbird package that fixes multiple security issues is\nnow available for Red Hat Enterprise Linux 5, 6, and 7.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Thunderbird to crash\nor, potentially, execute arbitrary code with the privileges of the\nuser running Thunderbird. (CVE-2015-4473, CVE-2015-4491,\nCVE-2015-4487, CVE-2015-4488, CVE-2015-4489)\n\nNote: All of the above issues cannot be exploited by a specially\ncrafted HTML mail message because JavaScript is disabled by default\nfor mail messages. However, they could be exploited in other ways in\nThunderbird (for example, by viewing the full remote content of an RSS\nfeed).\n\nRed Hat would like to thank the Mozilla project for reporting these\nissues. Upstream acknowledges Gary Kwong, Christian Holler, Byron\nCampen, Gustavo Grieco, and Ronald Crane as the original reporters of\nthese issues.\n\nFor technical details regarding these flaws, refer to the Mozilla\nsecurity advisories for Thunderbird 38.2. You can find a link to the\nMozilla advisories in the References section of this erratum.\n\nAll Thunderbird users should upgrade to this updated package, which\ncontains Thunderbird version 38.2, which corrects these issues. After\ninstalling the update, Thunderbird must be restarted for the changes\nto take effect.", "edition": 17, "published": "2015-08-26T00:00:00", "title": "Oracle Linux 6 / 7 : thunderbird (ELSA-2015-1682)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-4488", "CVE-2015-4489", "CVE-2015-4487", "CVE-2015-4473", "CVE-2015-4491"], "modified": "2015-08-26T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:thunderbird", "cpe:/o:oracle:linux:7"], "id": "ORACLELINUX_ELSA-2015-1682.NASL", "href": "https://www.tenable.com/plugins/nessus/85642", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2015:1682 and \n# Oracle Linux Security Advisory ELSA-2015-1682 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(85642);\n script_version(\"2.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2015-4473\", \"CVE-2015-4487\", \"CVE-2015-4488\", \"CVE-2015-4489\", \"CVE-2015-4491\");\n script_xref(name:\"RHSA\", value:\"2015:1682\");\n\n script_name(english:\"Oracle Linux 6 / 7 : thunderbird (ELSA-2015-1682)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Oracle Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"From Red Hat Security Advisory 2015:1682 :\n\nAn updated thunderbird package that fixes multiple security issues is\nnow available for Red Hat Enterprise Linux 5, 6, and 7.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Thunderbird to crash\nor, potentially, execute arbitrary code with the privileges of the\nuser running Thunderbird. (CVE-2015-4473, CVE-2015-4491,\nCVE-2015-4487, CVE-2015-4488, CVE-2015-4489)\n\nNote: All of the above issues cannot be exploited by a specially\ncrafted HTML mail message because JavaScript is disabled by default\nfor mail messages. However, they could be exploited in other ways in\nThunderbird (for example, by viewing the full remote content of an RSS\nfeed).\n\nRed Hat would like to thank the Mozilla project for reporting these\nissues. Upstream acknowledges Gary Kwong, Christian Holler, Byron\nCampen, Gustavo Grieco, and Ronald Crane as the original reporters of\nthese issues.\n\nFor technical details regarding these flaws, refer to the Mozilla\nsecurity advisories for Thunderbird 38.2. You can find a link to the\nMozilla advisories in the References section of this erratum.\n\nAll Thunderbird users should upgrade to this updated package, which\ncontains Thunderbird version 38.2, which corrects these issues. After\ninstalling the update, Thunderbird must be restarted for the changes\nto take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2015-August/005359.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2015-August/005360.html\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected thunderbird package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/08/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/08/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/08/26\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6 / 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", reference:\"thunderbird-38.2.0-4.0.1.el6_7\", allowmaj:TRUE)) flag++;\n\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"thunderbird-38.2.0-1.0.1.el7_1\", allowmaj:TRUE)) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"thunderbird\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T13:48:58", "description": "Several flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Thunderbird to crash\nor, potentially, execute arbitrary code with the privileges of the\nuser running Thunderbird. (CVE-2015-4473, CVE-2015-4491,\nCVE-2015-4487, CVE-2015-4488, CVE-2015-4489)\n\nNote: All of the above issues cannot be exploited by a specially\ncrafted HTML mail message because JavaScript is disabled by default\nfor mail messages. However, they could be exploited in other ways in\nThunderbird (for example, by viewing the full remote content of an RSS\nfeed).\n\nAfter installing the update, Thunderbird must be restarted for the\nchanges to take effect.", "edition": 14, "published": "2015-08-26T00:00:00", "title": "Scientific Linux Security Update : thunderbird on SL5.x, SL6.x, SL7.x i386/x86_64 (20150825)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-4488", "CVE-2015-4489", "CVE-2015-4487", "CVE-2015-4473", "CVE-2015-4491"], "modified": "2015-08-26T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:thunderbird", "p-cpe:/a:fermilab:scientific_linux:thunderbird-debuginfo", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20150825_THUNDERBIRD_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/nessus/85646", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(85646);\n script_version(\"2.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2015-4473\", \"CVE-2015-4487\", \"CVE-2015-4488\", \"CVE-2015-4489\", \"CVE-2015-4491\");\n\n script_name(english:\"Scientific Linux Security Update : thunderbird on SL5.x, SL6.x, SL7.x i386/x86_64 (20150825)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Thunderbird to crash\nor, potentially, execute arbitrary code with the privileges of the\nuser running Thunderbird. (CVE-2015-4473, CVE-2015-4491,\nCVE-2015-4487, CVE-2015-4488, CVE-2015-4489)\n\nNote: All of the above issues cannot be exploited by a specially\ncrafted HTML mail message because JavaScript is disabled by default\nfor mail messages. However, they could be exploited in other ways in\nThunderbird (for example, by viewing the full remote content of an RSS\nfeed).\n\nAfter installing the update, Thunderbird must be restarted for the\nchanges to take effect.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1508&L=scientific-linux-errata&F=&S=&P=24093\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?40a93d02\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected thunderbird and / or thunderbird-debuginfo\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:thunderbird-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/08/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/08/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/08/26\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 7.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"thunderbird-38.2.0-4.el5_11\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"thunderbird-debuginfo-38.2.0-4.el5_11\")) flag++;\n\nif (rpm_check(release:\"SL6\", reference:\"thunderbird-38.2.0-4.el6_7\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"thunderbird-debuginfo-38.2.0-4.el6_7\")) flag++;\n\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"thunderbird-38.2.0-1.el7_1\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"thunderbird-debuginfo-38.2.0-1.el7_1\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"thunderbird / thunderbird-debuginfo\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-20T15:29:02", "description": "Gary Kwong, Christian Holler, and Byron Campen discovered multiple\nmemory safety issues in Thunderbird. If a user were tricked in to\nopening a specially crafted message, an attacker could potentially\nexploit these to cause a denial of service via application crash, or\nexecute arbitrary code with the privileges ofthe user invoking\nThunderbird. (CVE-2015-4473)\n\nRonald Crane reported 3 security issues. If a user were tricked in to\nopening a specially crafted message, an attacker could potentially\nexploit these, in combination with another security vulnerability, to\ncause a denial of service via application crash, or execute arbitrary\ncode with the privileges of the user invoking Thunderbird.\n(CVE-2015-4487, CVE-2015-4488, CVE-2015-4489)\n\nGustavo Grieco discovered a heap overflow in gdk-pixbuf. If a user\nwere tricked in to opening a specially crafted message, an attacker\ncould potentially exploit this to cause a denial of service via\napplication crash or execute arbitrary code with the priviliges of the\nuser invoking Thunderbird. (CVE-2015-4491).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 22, "published": "2015-08-26T00:00:00", "title": "Ubuntu 12.04 LTS / 14.04 LTS / 15.04 : thunderbird vulnerabilities (USN-2712-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-4488", "CVE-2015-4489", "CVE-2015-4487", "CVE-2015-4473", "CVE-2015-4491"], "modified": "2015-08-26T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:15.04", "p-cpe:/a:canonical:ubuntu_linux:thunderbird", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "UBUNTU_USN-2712-1.NASL", "href": "https://www.tenable.com/plugins/nessus/85648", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2712-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(85648);\n script_version(\"2.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2015-4473\", \"CVE-2015-4487\", \"CVE-2015-4488\", \"CVE-2015-4489\", \"CVE-2015-4491\");\n script_xref(name:\"USN\", value:\"2712-1\");\n\n script_name(english:\"Ubuntu 12.04 LTS / 14.04 LTS / 15.04 : thunderbird vulnerabilities (USN-2712-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Gary Kwong, Christian Holler, and Byron Campen discovered multiple\nmemory safety issues in Thunderbird. If a user were tricked in to\nopening a specially crafted message, an attacker could potentially\nexploit these to cause a denial of service via application crash, or\nexecute arbitrary code with the privileges ofthe user invoking\nThunderbird. (CVE-2015-4473)\n\nRonald Crane reported 3 security issues. If a user were tricked in to\nopening a specially crafted message, an attacker could potentially\nexploit these, in combination with another security vulnerability, to\ncause a denial of service via application crash, or execute arbitrary\ncode with the privileges of the user invoking Thunderbird.\n(CVE-2015-4487, CVE-2015-4488, CVE-2015-4489)\n\nGustavo Grieco discovered a heap overflow in gdk-pixbuf. If a user\nwere tricked in to opening a specially crafted message, an attacker\ncould potentially exploit this to cause a denial of service via\napplication crash or execute arbitrary code with the priviliges of the\nuser invoking Thunderbird. (CVE-2015-4491).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2712-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected thunderbird package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:15.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/08/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/08/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/08/26\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2015-2020 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(12\\.04|14\\.04|15\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04 / 14.04 / 15.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"thunderbird\", pkgver:\"1:38.2.0+build1-0ubuntu0.12.04.2\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"thunderbird\", pkgver:\"1:38.2.0+build1-0ubuntu0.14.04.1\")) flag++;\nif (ubuntu_check(osver:\"15.04\", pkgname:\"thunderbird\", pkgver:\"1:38.2.0+build1-0ubuntu0.15.04.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"thunderbird\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-12T09:49:12", "description": "Multiple security issues have been found in Iceweasel, Debian's\nversion of the Mozilla Firefox web browser: Multiple memory safety\nerrors, integer overflows, buffer overflows, use-after-frees and other\nimplementation errors may lead to the execution of arbitrary code,\nbypass of the same-origin policy or denial of service.\n\nDebian follows the extended support releases (ESR) of Firefox. Support\nfor the 31.x series has ended, so starting with this update we're now\nfollowing the 38.x releases.", "edition": 22, "published": "2015-08-13T00:00:00", "title": "Debian DSA-3333-1 : iceweasel - security update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-4478", "CVE-2015-4488", "CVE-2015-4489", "CVE-2015-4480", "CVE-2015-4484", "CVE-2015-4479", "CVE-2015-4492", "CVE-2015-4493", "CVE-2015-4487", "CVE-2015-4473"], "modified": "2015-08-13T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:8.0", "p-cpe:/a:debian:debian_linux:iceweasel", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DSA-3333.NASL", "href": "https://www.tenable.com/plugins/nessus/85356", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3333. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(85356);\n script_version(\"2.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-4473\", \"CVE-2015-4478\", \"CVE-2015-4479\", \"CVE-2015-4480\", \"CVE-2015-4484\", \"CVE-2015-4487\", \"CVE-2015-4488\", \"CVE-2015-4489\", \"CVE-2015-4492\", \"CVE-2015-4493\");\n script_xref(name:\"DSA\", value:\"3333\");\n\n script_name(english:\"Debian DSA-3333-1 : iceweasel - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple security issues have been found in Iceweasel, Debian's\nversion of the Mozilla Firefox web browser: Multiple memory safety\nerrors, integer overflows, buffer overflows, use-after-frees and other\nimplementation errors may lead to the execution of arbitrary code,\nbypass of the same-origin policy or denial of service.\n\nDebian follows the extended support releases (ESR) of Firefox. Support\nfor the 31.x series has ended, so starting with this update we're now\nfollowing the 38.x releases.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/iceweasel\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/iceweasel\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2015/dsa-3333\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the iceweasel packages.\n\nFor the oldstable distribution (wheezy), these problems have been\nfixed in version 38.2.0esr-1~deb7u1.\n\nFor the stable distribution (jessie), these problems have been fixed\nin version 38.2.0esr-1~deb8u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/08/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/08/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel\", reference:\"38.2.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-dbg\", reference:\"38.2.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-dev\", reference:\"38.2.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-ach\", reference:\"38.2.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-af\", reference:\"38.2.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-all\", reference:\"38.2.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-an\", reference:\"38.2.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-ar\", reference:\"38.2.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-as\", reference:\"38.2.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-ast\", reference:\"38.2.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-be\", reference:\"38.2.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-bg\", reference:\"38.2.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-bn-bd\", reference:\"38.2.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-bn-in\", reference:\"38.2.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-br\", reference:\"38.2.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-bs\", reference:\"38.2.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-ca\", reference:\"38.2.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-cs\", reference:\"38.2.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-csb\", reference:\"38.2.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-cy\", reference:\"38.2.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-da\", reference:\"38.2.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-de\", reference:\"38.2.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-el\", reference:\"38.2.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-en-gb\", reference:\"38.2.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-en-za\", reference:\"38.2.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-eo\", reference:\"38.2.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-es-ar\", reference:\"38.2.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-es-cl\", reference:\"38.2.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-es-es\", reference:\"38.2.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-es-mx\", reference:\"38.2.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-et\", reference:\"38.2.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-eu\", reference:\"38.2.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-fa\", reference:\"38.2.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-ff\", reference:\"38.2.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-fi\", reference:\"38.2.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-fr\", reference:\"38.2.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-fy-nl\", reference:\"38.2.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-ga-ie\", reference:\"38.2.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-gd\", reference:\"38.2.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-gl\", reference:\"38.2.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-gu-in\", reference:\"38.2.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-he\", reference:\"38.2.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-hi-in\", reference:\"38.2.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-hr\", reference:\"38.2.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-hsb\", reference:\"38.2.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-hu\", reference:\"38.2.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-hy-am\", reference:\"38.2.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-id\", reference:\"38.2.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-is\", reference:\"38.2.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-it\", reference:\"38.2.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-ja\", reference:\"38.2.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-kk\", reference:\"38.2.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-km\", reference:\"38.2.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-kn\", reference:\"38.2.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-ko\", reference:\"38.2.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-ku\", reference:\"38.2.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-lij\", reference:\"38.2.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-lt\", reference:\"38.2.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-lv\", reference:\"38.2.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-mai\", reference:\"38.2.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-mk\", reference:\"38.2.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-ml\", reference:\"38.2.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-mr\", reference:\"38.2.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-ms\", reference:\"38.2.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-nb-no\", reference:\"38.2.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-nl\", reference:\"38.2.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-nn-no\", reference:\"38.2.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-or\", reference:\"38.2.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-pa-in\", reference:\"38.2.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-pl\", reference:\"38.2.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-pt-br\", reference:\"38.2.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-pt-pt\", reference:\"38.2.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-rm\", reference:\"38.2.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-ro\", reference:\"38.2.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-ru\", reference:\"38.2.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-si\", reference:\"38.2.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-sk\", reference:\"38.2.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-sl\", reference:\"38.2.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-son\", reference:\"38.2.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-sq\", reference:\"38.2.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-sr\", reference:\"38.2.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-sv-se\", reference:\"38.2.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-ta\", reference:\"38.2.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-te\", reference:\"38.2.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-th\", reference:\"38.2.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-tr\", reference:\"38.2.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-uk\", reference:\"38.2.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-vi\", reference:\"38.2.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-xh\", reference:\"38.2.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-zh-cn\", reference:\"38.2.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-zh-tw\", reference:\"38.2.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-zu\", reference:\"38.2.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel\", reference:\"38.2.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-dbg\", reference:\"38.2.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-dev\", reference:\"38.2.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-ach\", reference:\"38.2.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-af\", reference:\"38.2.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-all\", reference:\"38.2.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-an\", reference:\"38.2.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-ar\", reference:\"38.2.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-as\", reference:\"38.2.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-ast\", reference:\"38.2.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-be\", reference:\"38.2.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-bg\", reference:\"38.2.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-bn-bd\", reference:\"38.2.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-bn-in\", reference:\"38.2.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-br\", reference:\"38.2.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-bs\", reference:\"38.2.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-ca\", reference:\"38.2.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-cs\", reference:\"38.2.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-csb\", reference:\"38.2.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-cy\", reference:\"38.2.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-da\", reference:\"38.2.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-de\", reference:\"38.2.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-el\", reference:\"38.2.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-en-gb\", reference:\"38.2.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-en-za\", reference:\"38.2.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-eo\", reference:\"38.2.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-es-ar\", reference:\"38.2.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-es-cl\", reference:\"38.2.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-es-es\", reference:\"38.2.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-es-mx\", reference:\"38.2.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-et\", reference:\"38.2.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-eu\", reference:\"38.2.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-fa\", reference:\"38.2.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-ff\", reference:\"38.2.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-fi\", reference:\"38.2.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-fr\", reference:\"38.2.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-fy-nl\", reference:\"38.2.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-ga-ie\", reference:\"38.2.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-gd\", reference:\"38.2.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-gl\", reference:\"38.2.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-gu-in\", reference:\"38.2.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-he\", reference:\"38.2.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-hi-in\", reference:\"38.2.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-hr\", reference:\"38.2.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-hsb\", reference:\"38.2.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-hu\", reference:\"38.2.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-hy-am\", reference:\"38.2.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-id\", reference:\"38.2.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-is\", reference:\"38.2.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-it\", reference:\"38.2.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-ja\", reference:\"38.2.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-kk\", reference:\"38.2.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-km\", reference:\"38.2.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-kn\", reference:\"38.2.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-ko\", reference:\"38.2.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-ku\", reference:\"38.2.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-lij\", reference:\"38.2.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-lt\", reference:\"38.2.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-lv\", reference:\"38.2.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-mai\", reference:\"38.2.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-mk\", reference:\"38.2.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-ml\", reference:\"38.2.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-mr\", reference:\"38.2.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-ms\", reference:\"38.2.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-nb-no\", reference:\"38.2.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-nl\", reference:\"38.2.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-nn-no\", reference:\"38.2.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-or\", reference:\"38.2.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-pa-in\", reference:\"38.2.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-pl\", reference:\"38.2.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-pt-br\", reference:\"38.2.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-pt-pt\", reference:\"38.2.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-rm\", reference:\"38.2.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-ro\", reference:\"38.2.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-ru\", reference:\"38.2.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-si\", reference:\"38.2.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-sk\", reference:\"38.2.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-sl\", reference:\"38.2.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-son\", reference:\"38.2.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-sq\", reference:\"38.2.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-sr\", reference:\"38.2.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-sv-se\", reference:\"38.2.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-ta\", reference:\"38.2.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-te\", reference:\"38.2.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-th\", reference:\"38.2.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-tr\", reference:\"38.2.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-uk\", reference:\"38.2.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-vi\", reference:\"38.2.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-xh\", reference:\"38.2.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-zh-cn\", reference:\"38.2.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-zh-tw\", reference:\"38.2.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-zu\", reference:\"38.2.0esr-1~deb8u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-05-31T20:09:24", "description": "Updated firefox packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 5, 6, and 7.\n\nRed Hat Product Security has rated this update as having Critical\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nMozilla Firefox is an open source web browser. XULRunner provides the\nXUL Runtime environment for Mozilla Firefox.\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning Firefox. (CVE-2015-4473, CVE-2015-4475, CVE-2015-4478,\nCVE-2015-4479, CVE-2015-4480, CVE-2015-4493, CVE-2015-4484,\nCVE-2015-4491, CVE-2015-4485, CVE-2015-4486, CVE-2015-4487,\nCVE-2015-4488, CVE-2015-4489, CVE-2015-4492)\n\nRed Hat would like to thank the Mozilla project for reporting these\nissues. Upstream acknowledges Gary Kwong, Christian Holler, Byron\nCampen, Aki Helin, Andre Bargull, Massimiliano Tomassoli, laf.intel,\nMassimiliano Tomassoli, Tyson Smith, Jukka Jylanki, Gustavo Grieco,\nAbhishek Arya, Ronald Crane, and Looben Yang as the original reporters\nof these issues.\n\nAll Firefox users should upgrade to these updated packages, which\ncontain Firefox version 38.2 ESR, which corrects these issues. After\ninstalling the update, Firefox must be restarted for the changes to\ntake effect.", "edition": 22, "published": "2015-08-12T00:00:00", "title": "RHEL 5 / 6 / 7 : firefox (RHSA-2015:1586)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-4478", "CVE-2015-4485", "CVE-2015-4488", "CVE-2015-4489", "CVE-2015-4486", "CVE-2015-4480", "CVE-2015-4484", "CVE-2015-4479", "CVE-2015-4492", "CVE-2015-4493", "CVE-2015-4487", "CVE-2015-4473", "CVE-2015-4491", "CVE-2015-4475"], "modified": "2015-08-12T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:6.7", "cpe:/o:redhat:enterprise_linux:5", "cpe:/o:redhat:enterprise_linux:7.4", "cpe:/o:redhat:enterprise_linux:7.1", "cpe:/o:redhat:enterprise_linux:7.7", "cpe:/o:redhat:enterprise_linux:7.5", "cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:firefox", "p-cpe:/a:redhat:enterprise_linux:firefox-debuginfo", "cpe:/o:redhat:enterprise_linux:7.3", "cpe:/o:redhat:enterprise_linux:7.2", "cpe:/o:redhat:enterprise_linux:7.6", "cpe:/o:redhat:enterprise_linux:6"], "id": "REDHAT-RHSA-2015-1586.NASL", "href": "https://www.tenable.com/plugins/nessus/85342", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2015:1586. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(85342);\n script_version(\"2.22\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/05/29\");\n\n script_cve_id(\"CVE-2015-4473\", \"CVE-2015-4475\", \"CVE-2015-4478\", \"CVE-2015-4479\", \"CVE-2015-4480\", \"CVE-2015-4484\", \"CVE-2015-4485\", \"CVE-2015-4486\", \"CVE-2015-4487\", \"CVE-2015-4488\", \"CVE-2015-4489\", \"CVE-2015-4491\", \"CVE-2015-4492\", \"CVE-2015-4493\");\n script_xref(name:\"RHSA\", value:\"2015:1586\");\n\n script_name(english:\"RHEL 5 / 6 / 7 : firefox (RHSA-2015:1586)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Updated firefox packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 5, 6, and 7.\n\nRed Hat Product Security has rated this update as having Critical\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nMozilla Firefox is an open source web browser. XULRunner provides the\nXUL Runtime environment for Mozilla Firefox.\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning Firefox. (CVE-2015-4473, CVE-2015-4475, CVE-2015-4478,\nCVE-2015-4479, CVE-2015-4480, CVE-2015-4493, CVE-2015-4484,\nCVE-2015-4491, CVE-2015-4485, CVE-2015-4486, CVE-2015-4487,\nCVE-2015-4488, CVE-2015-4489, CVE-2015-4492)\n\nRed Hat would like to thank the Mozilla project for reporting these\nissues. Upstream acknowledges Gary Kwong, Christian Holler, Byron\nCampen, Aki Helin, Andre Bargull, Massimiliano Tomassoli, laf.intel,\nMassimiliano Tomassoli, Tyson Smith, Jukka Jylanki, Gustavo Grieco,\nAbhishek Arya, Ronald Crane, and Looben Yang as the original reporters\nof these issues.\n\nAll Firefox users should upgrade to these updated packages, which\ncontain Firefox version 38.2 ESR, which corrects these issues. After\ninstalling the update, Firefox must be restarted for the changes to\ntake effect.\"\n );\n # https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-esr/#\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8b5eaff4\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2015:1586\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-4480\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-4487\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-4486\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-4485\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-4484\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-4489\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-4488\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-4473\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-4475\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-4478\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-4479\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-4491\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-4492\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-4493\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected firefox and / or firefox-debuginfo packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:firefox-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/08/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/08/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/08/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x / 6.x / 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2015:1586\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", reference:\"firefox-38.2.0-4.el5_11\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"firefox-debuginfo-38.2.0-4.el5_11\", allowmaj:TRUE)) flag++;\n\n\n if (rpm_check(release:\"RHEL6\", reference:\"firefox-38.2.0-4.el6_7\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"firefox-debuginfo-38.2.0-4.el6_7\", allowmaj:TRUE)) flag++;\n\n\n if (rpm_check(release:\"RHEL7\", reference:\"firefox-38.2.0-4.el7_1\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"firefox-debuginfo-38.2.0-4.el7_1\", allowmaj:TRUE)) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox / firefox-debuginfo\");\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T14:23:00", "description": "Mozilla Firefox is being updated to the current Firefox 38ESR branch\n(specifically the 38.2.0ESR release).\n\nSecurity issues fixed :\n\n - MFSA 2015-78 / CVE-2015-4495: Same origin violation and\n local file stealing via PDF reader\n\n - MFSA 2015-79 / CVE-2015-4473/CVE-2015-4474:\n Miscellaneous memory safety hazards (rv:40.0 / rv:38.2)\n\n - MFSA 2015-80 / CVE-2015-4475: Out-of-bounds read with\n malformed MP3 file\n\n - MFSA 2015-82 / CVE-2015-4478: Redefinition of\n non-configurable JavaScript object properties\n\n - MFSA 2015-83 / CVE-2015-4479: Overflow issues in\n libstagefright\n\n - MFSA 2015-87 / CVE-2015-4484: Crash when using shared\n memory in JavaScript\n\n - MFSA 2015-88 / CVE-2015-4491: Heap overflow in\n gdk-pixbuf when scaling bitmap images\n\n - MFSA 2015-89 / CVE-2015-4485/CVE-2015-4486: Buffer\n overflows on Libvpx when decoding WebM video\n\n - MFSA 2015-90 /\n CVE-2015-4487/CVE-2015-4488/CVE-2015-4489:\n Vulnerabilities found through code inspection\n\n - MFSA 2015-92 / CVE-2015-4492: Use-after-free in\n XMLHttpRequest with shared workers\n\nThis update also contains a lot of feature improvements and bug fixes\nfrom 31ESR to 38ESR.\n\nAlso the Mozilla NSS library switched its CKBI API from 1.98 to 2.4,\nwhich is what Firefox 38ESR uses.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 26, "published": "2015-09-11T00:00:00", "title": "SUSE SLED11 / SLES11 Security Update : MozillaFirefox, mozilla-nss (SUSE-SU-2015:1528-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-4478", "CVE-2015-4485", "CVE-2015-4488", "CVE-2015-4489", "CVE-2015-4486", "CVE-2015-4474", "CVE-2015-4484", "CVE-2015-4479", "CVE-2015-4492", "CVE-2015-4495", "CVE-2015-4487", "CVE-2015-4473", "CVE-2015-4491", "CVE-2015-4475"], "modified": "2015-09-11T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:MozillaFirefox-branding-SLED", "p-cpe:/a:novell:suse_linux:libfreebl3", "p-cpe:/a:novell:suse_linux:MozillaFirefox", "cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:mozilla-nss-tools", "p-cpe:/a:novell:suse_linux:mozilla-nss", "p-cpe:/a:novell:suse_linux:MozillaFirefox-translations", "p-cpe:/a:novell:suse_linux:libsoftokn3"], "id": "SUSE_SU-2015-1528-1.NASL", "href": "https://www.tenable.com/plugins/nessus/85906", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2015:1528-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(85906);\n script_version(\"2.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2015-4473\", \"CVE-2015-4474\", \"CVE-2015-4475\", \"CVE-2015-4478\", \"CVE-2015-4479\", \"CVE-2015-4484\", \"CVE-2015-4485\", \"CVE-2015-4486\", \"CVE-2015-4487\", \"CVE-2015-4488\", \"CVE-2015-4489\", \"CVE-2015-4491\", \"CVE-2015-4492\", \"CVE-2015-4495\");\n\n script_name(english:\"SUSE SLED11 / SLES11 Security Update : MozillaFirefox, mozilla-nss (SUSE-SU-2015:1528-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Mozilla Firefox is being updated to the current Firefox 38ESR branch\n(specifically the 38.2.0ESR release).\n\nSecurity issues fixed :\n\n - MFSA 2015-78 / CVE-2015-4495: Same origin violation and\n local file stealing via PDF reader\n\n - MFSA 2015-79 / CVE-2015-4473/CVE-2015-4474:\n Miscellaneous memory safety hazards (rv:40.0 / rv:38.2)\n\n - MFSA 2015-80 / CVE-2015-4475: Out-of-bounds read with\n malformed MP3 file\n\n - MFSA 2015-82 / CVE-2015-4478: Redefinition of\n non-configurable JavaScript object properties\n\n - MFSA 2015-83 / CVE-2015-4479: Overflow issues in\n libstagefright\n\n - MFSA 2015-87 / CVE-2015-4484: Crash when using shared\n memory in JavaScript\n\n - MFSA 2015-88 / CVE-2015-4491: Heap overflow in\n gdk-pixbuf when scaling bitmap images\n\n - MFSA 2015-89 / CVE-2015-4485/CVE-2015-4486: Buffer\n overflows on Libvpx when decoding WebM video\n\n - MFSA 2015-90 /\n CVE-2015-4487/CVE-2015-4488/CVE-2015-4489:\n Vulnerabilities found through code inspection\n\n - MFSA 2015-92 / CVE-2015-4492: Use-after-free in\n XMLHttpRequest with shared workers\n\nThis update also contains a lot of feature improvements and bug fixes\nfrom 31ESR to 38ESR.\n\nAlso the Mozilla NSS library switched its CKBI API from 1.98 to 2.4,\nwhich is what Firefox 38ESR uses.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=940806\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-4473/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-4474/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-4475/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-4478/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-4479/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-4484/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-4485/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-4486/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-4487/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-4488/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-4489/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-4491/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-4492/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-4495/\"\n );\n # https://www.suse.com/support/update/announcement/2015/suse-su-20151528-1.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d87736ce\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 11-SP4 :\n\nzypper in -t patch sdksp4-firefox38-20150820-12083=1\n\nSUSE Linux Enterprise Software Development Kit 11-SP3 :\n\nzypper in -t patch sdksp3-firefox38-20150820-12083=1\n\nSUSE Linux Enterprise Server for VMWare 11-SP3 :\n\nzypper in -t patch slessp3-firefox38-20150820-12083=1\n\nSUSE Linux Enterprise Server 11-SP4 :\n\nzypper in -t patch slessp4-firefox38-20150820-12083=1\n\nSUSE Linux Enterprise Server 11-SP3 :\n\nzypper in -t patch slessp3-firefox38-20150820-12083=1\n\nSUSE Linux Enterprise Desktop 11-SP4 :\n\nzypper in -t patch sledsp4-firefox38-20150820-12083=1\n\nSUSE Linux Enterprise Desktop 11-SP3 :\n\nzypper in -t patch sledsp3-firefox38-20150820-12083=1\n\nSUSE Linux Enterprise Debuginfo 11-SP4 :\n\nzypper in -t patch dbgsp4-firefox38-20150820-12083=1\n\nSUSE Linux Enterprise Debuginfo 11-SP3 :\n\nzypper in -t patch dbgsp3-firefox38-20150820-12083=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:MozillaFirefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:MozillaFirefox-branding-SLED\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:MozillaFirefox-translations\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libfreebl3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsoftokn3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mozilla-nss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mozilla-nss-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/08/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/09/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/09/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED11|SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED11 / SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(3|4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP3/4\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED11\" && (! preg(pattern:\"^(3|4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED11 SP3/4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"libfreebl3-32bit-3.19.2.0-0.16.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"libsoftokn3-32bit-3.19.2.0-0.16.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"mozilla-nss-32bit-3.19.2.0-0.16.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"s390x\", reference:\"libfreebl3-32bit-3.19.2.0-0.16.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"s390x\", reference:\"libsoftokn3-32bit-3.19.2.0-0.16.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"s390x\", reference:\"mozilla-nss-32bit-3.19.2.0-0.16.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"MozillaFirefox-38.2.1esr-19.3\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"MozillaFirefox-branding-SLED-31.0-0.12.51\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"MozillaFirefox-translations-38.2.1esr-19.3\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"libfreebl3-3.19.2.0-0.16.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"libsoftokn3-3.19.2.0-0.16.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"mozilla-nss-3.19.2.0-0.16.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"mozilla-nss-tools-3.19.2.0-0.16.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"libfreebl3-32bit-3.19.2.0-0.16.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"libsoftokn3-32bit-3.19.2.0-0.16.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"mozilla-nss-32bit-3.19.2.0-0.16.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"s390x\", reference:\"libfreebl3-32bit-3.19.2.0-0.16.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"s390x\", reference:\"libsoftokn3-32bit-3.19.2.0-0.16.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"s390x\", reference:\"mozilla-nss-32bit-3.19.2.0-0.16.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"MozillaFirefox-38.2.1esr-19.3\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"MozillaFirefox-branding-SLED-31.0-0.12.51\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"MozillaFirefox-translations-38.2.1esr-19.3\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"libfreebl3-3.19.2.0-0.16.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"libsoftokn3-3.19.2.0-0.16.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"mozilla-nss-3.19.2.0-0.16.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"mozilla-nss-tools-3.19.2.0-0.16.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"MozillaFirefox-38.2.1esr-19.3\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"MozillaFirefox-branding-SLED-31.0-0.12.51\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"MozillaFirefox-translations-38.2.1esr-19.3\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"libfreebl3-3.19.2.0-0.16.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"libsoftokn3-3.19.2.0-0.16.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"mozilla-nss-3.19.2.0-0.16.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"mozilla-nss-tools-3.19.2.0-0.16.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"libfreebl3-32bit-3.19.2.0-0.16.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"libsoftokn3-32bit-3.19.2.0-0.16.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"mozilla-nss-32bit-3.19.2.0-0.16.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"MozillaFirefox-38.2.1esr-19.3\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"MozillaFirefox-branding-SLED-31.0-0.12.51\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"MozillaFirefox-translations-38.2.1esr-19.3\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"libfreebl3-3.19.2.0-0.16.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"libsoftokn3-3.19.2.0-0.16.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"mozilla-nss-3.19.2.0-0.16.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"mozilla-nss-tools-3.19.2.0-0.16.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"x86_64\", reference:\"MozillaFirefox-38.2.1esr-19.3\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"x86_64\", reference:\"MozillaFirefox-branding-SLED-31.0-0.12.51\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"x86_64\", reference:\"MozillaFirefox-translations-38.2.1esr-19.3\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"x86_64\", reference:\"libfreebl3-3.19.2.0-0.16.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"x86_64\", reference:\"libsoftokn3-3.19.2.0-0.16.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"x86_64\", reference:\"mozilla-nss-3.19.2.0-0.16.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"x86_64\", reference:\"mozilla-nss-tools-3.19.2.0-0.16.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"x86_64\", reference:\"libfreebl3-32bit-3.19.2.0-0.16.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"x86_64\", reference:\"libsoftokn3-32bit-3.19.2.0-0.16.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"x86_64\", reference:\"mozilla-nss-32bit-3.19.2.0-0.16.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"i586\", reference:\"MozillaFirefox-38.2.1esr-19.3\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"i586\", reference:\"MozillaFirefox-branding-SLED-31.0-0.12.51\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"i586\", reference:\"MozillaFirefox-translations-38.2.1esr-19.3\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"i586\", reference:\"libfreebl3-3.19.2.0-0.16.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"i586\", reference:\"libsoftokn3-3.19.2.0-0.16.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"i586\", reference:\"mozilla-nss-3.19.2.0-0.16.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"i586\", reference:\"mozilla-nss-tools-3.19.2.0-0.16.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MozillaFirefox / mozilla-nss\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-06T09:30:18", "description": "Updated firefox packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 5, 6, and 7.\n\nRed Hat Product Security has rated this update as having Critical\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nMozilla Firefox is an open source web browser. XULRunner provides the\nXUL Runtime environment for Mozilla Firefox.\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning Firefox. (CVE-2015-4473, CVE-2015-4475, CVE-2015-4478,\nCVE-2015-4479, CVE-2015-4480, CVE-2015-4493, CVE-2015-4484,\nCVE-2015-4491, CVE-2015-4485, CVE-2015-4486, CVE-2015-4487,\nCVE-2015-4488, CVE-2015-4489, CVE-2015-4492)\n\nRed Hat would like to thank the Mozilla project for reporting these\nissues. Upstream acknowledges Gary Kwong, Christian Holler, Byron\nCampen, Aki Helin, Andre Bargull, Massimiliano Tomassoli, laf.intel,\nMassimiliano Tomassoli, Tyson Smith, Jukka Jylanki, Gustavo Grieco,\nAbhishek Arya, Ronald Crane, and Looben Yang as the original reporters\nof these issues.\n\nAll Firefox users should upgrade to these updated packages, which\ncontain Firefox version 38.2 ESR, which corrects these issues. After\ninstalling the update, Firefox must be restarted for the changes to\ntake effect.", "edition": 28, "published": "2015-08-12T00:00:00", "title": "CentOS 5 / 6 / 7 : firefox (CESA-2015:1586)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-4478", "CVE-2015-4485", "CVE-2015-4488", "CVE-2015-4489", "CVE-2015-4486", "CVE-2015-4480", "CVE-2015-4484", "CVE-2015-4479", "CVE-2015-4492", "CVE-2015-4493", "CVE-2015-4487", "CVE-2015-4473", "CVE-2015-4491", "CVE-2015-4475"], "modified": "2015-08-12T00:00:00", "cpe": ["cpe:/o:centos:centos:6", "cpe:/o:centos:centos:7", "p-cpe:/a:centos:centos:firefox", "cpe:/o:centos:centos:5"], "id": "CENTOS_RHSA-2015-1586.NASL", "href": "https://www.tenable.com/plugins/nessus/85336", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2015:1586 and \n# CentOS Errata and Security Advisory 2015:1586 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(85336);\n script_version(\"2.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2015-4473\", \"CVE-2015-4475\", \"CVE-2015-4478\", \"CVE-2015-4479\", \"CVE-2015-4480\", \"CVE-2015-4484\", \"CVE-2015-4485\", \"CVE-2015-4486\", \"CVE-2015-4487\", \"CVE-2015-4488\", \"CVE-2015-4489\", \"CVE-2015-4491\", \"CVE-2015-4492\", \"CVE-2015-4493\");\n script_xref(name:\"RHSA\", value:\"2015:1586\");\n\n script_name(english:\"CentOS 5 / 6 / 7 : firefox (CESA-2015:1586)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated firefox packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 5, 6, and 7.\n\nRed Hat Product Security has rated this update as having Critical\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nMozilla Firefox is an open source web browser. XULRunner provides the\nXUL Runtime environment for Mozilla Firefox.\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning Firefox. (CVE-2015-4473, CVE-2015-4475, CVE-2015-4478,\nCVE-2015-4479, CVE-2015-4480, CVE-2015-4493, CVE-2015-4484,\nCVE-2015-4491, CVE-2015-4485, CVE-2015-4486, CVE-2015-4487,\nCVE-2015-4488, CVE-2015-4489, CVE-2015-4492)\n\nRed Hat would like to thank the Mozilla project for reporting these\nissues. Upstream acknowledges Gary Kwong, Christian Holler, Byron\nCampen, Aki Helin, Andre Bargull, Massimiliano Tomassoli, laf.intel,\nMassimiliano Tomassoli, Tyson Smith, Jukka Jylanki, Gustavo Grieco,\nAbhishek Arya, Ronald Crane, and Looben Yang as the original reporters\nof these issues.\n\nAll Firefox users should upgrade to these updated packages, which\ncontain Firefox version 38.2 ESR, which corrects these issues. After\ninstalling the update, Firefox must be restarted for the changes to\ntake effect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2015-August/021305.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ad794db1\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2015-August/021306.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?9f8bc361\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2015-August/021308.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2f652d6c\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected firefox package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-4473\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/08/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/08/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/08/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 5.x / 6.x / 7.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"firefox-38.2.0-4.el5.centos\", allowmaj:TRUE)) flag++;\n\nif (rpm_check(release:\"CentOS-6\", reference:\"firefox-38.2.0-4.el6.centos\", allowmaj:TRUE)) flag++;\n\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"firefox-38.2.0-4.el7.centos\", allowmaj:TRUE)) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T12:50:07", "description": "From Red Hat Security Advisory 2015:1586 :\n\nUpdated firefox packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 5, 6, and 7.\n\nRed Hat Product Security has rated this update as having Critical\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nMozilla Firefox is an open source web browser. XULRunner provides the\nXUL Runtime environment for Mozilla Firefox.\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning Firefox. (CVE-2015-4473, CVE-2015-4475, CVE-2015-4478,\nCVE-2015-4479, CVE-2015-4480, CVE-2015-4493, CVE-2015-4484,\nCVE-2015-4491, CVE-2015-4485, CVE-2015-4486, CVE-2015-4487,\nCVE-2015-4488, CVE-2015-4489, CVE-2015-4492)\n\nRed Hat would like to thank the Mozilla project for reporting these\nissues. Upstream acknowledges Gary Kwong, Christian Holler, Byron\nCampen, Aki Helin, Andre Bargull, Massimiliano Tomassoli, laf.intel,\nMassimiliano Tomassoli, Tyson Smith, Jukka Jylanki, Gustavo Grieco,\nAbhishek Arya, Ronald Crane, and Looben Yang as the original reporters\nof these issues.\n\nAll Firefox users should upgrade to these updated packages, which\ncontain Firefox version 38.2 ESR, which corrects these issues. After\ninstalling the update, Firefox must be restarted for the changes to\ntake effect.", "edition": 17, "published": "2015-08-12T00:00:00", "title": "Oracle Linux 5 / 6 / 7 : firefox (ELSA-2015-1586)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-4478", "CVE-2015-4485", "CVE-2015-4488", "CVE-2015-4489", "CVE-2015-4486", "CVE-2015-4480", "CVE-2015-4484", "CVE-2015-4479", "CVE-2015-4492", "CVE-2015-4493", "CVE-2015-4487", "CVE-2015-4473", "CVE-2015-4491", "CVE-2015-4475"], "modified": "2015-08-12T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:firefox", "cpe:/o:oracle:linux:5", "cpe:/o:oracle:linux:7"], "id": "ORACLELINUX_ELSA-2015-1586.NASL", "href": "https://www.tenable.com/plugins/nessus/85339", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2015:1586 and \n# Oracle Linux Security Advisory ELSA-2015-1586 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(85339);\n script_version(\"2.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2015-4473\", \"CVE-2015-4475\", \"CVE-2015-4478\", \"CVE-2015-4479\", \"CVE-2015-4480\", \"CVE-2015-4484\", \"CVE-2015-4485\", \"CVE-2015-4486\", \"CVE-2015-4487\", \"CVE-2015-4488\", \"CVE-2015-4489\", \"CVE-2015-4491\", \"CVE-2015-4492\", \"CVE-2015-4493\");\n script_xref(name:\"RHSA\", value:\"2015:1586\");\n\n script_name(english:\"Oracle Linux 5 / 6 / 7 : firefox (ELSA-2015-1586)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Oracle Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"From Red Hat Security Advisory 2015:1586 :\n\nUpdated firefox packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 5, 6, and 7.\n\nRed Hat Product Security has rated this update as having Critical\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nMozilla Firefox is an open source web browser. XULRunner provides the\nXUL Runtime environment for Mozilla Firefox.\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning Firefox. (CVE-2015-4473, CVE-2015-4475, CVE-2015-4478,\nCVE-2015-4479, CVE-2015-4480, CVE-2015-4493, CVE-2015-4484,\nCVE-2015-4491, CVE-2015-4485, CVE-2015-4486, CVE-2015-4487,\nCVE-2015-4488, CVE-2015-4489, CVE-2015-4492)\n\nRed Hat would like to thank the Mozilla project for reporting these\nissues. Upstream acknowledges Gary Kwong, Christian Holler, Byron\nCampen, Aki Helin, Andre Bargull, Massimiliano Tomassoli, laf.intel,\nMassimiliano Tomassoli, Tyson Smith, Jukka Jylanki, Gustavo Grieco,\nAbhishek Arya, Ronald Crane, and Looben Yang as the original reporters\nof these issues.\n\nAll Firefox users should upgrade to these updated packages, which\ncontain Firefox version 38.2 ESR, which corrects these issues. After\ninstalling the update, Firefox must be restarted for the changes to\ntake effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2015-August/005315.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2015-August/005316.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2015-August/005317.html\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected firefox package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/08/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/08/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/08/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5 / 6 / 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL5\", reference:\"firefox-38.2.0-4.0.1.el5_11\", allowmaj:TRUE)) flag++;\n\nif (rpm_check(release:\"EL6\", reference:\"firefox-38.2.0-4.0.1.el6_7\", allowmaj:TRUE)) flag++;\n\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"firefox-38.2.0-4.0.1.el7_1\", allowmaj:TRUE)) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "cve": [{"lastseen": "2021-02-02T06:21:25", "description": "The nsTArray_Impl class in Mozilla Firefox before 40.0, Firefox ESR 38.x before 38.2, and Firefox OS before 2.2 might allow remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging a self assignment.", "edition": 6, "cvss3": {}, "published": "2015-08-16T01:59:00", "title": "CVE-2015-4489", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-4489"], "modified": "2018-10-30T16:27:00", "cpe": ["cpe:/a:mozilla:firefox_esr:38.0.5", "cpe:/a:mozilla:firefox:39.0.3", "cpe:/o:mozilla:firefox_os:2.1.0", "cpe:/o:canonical:ubuntu_linux:15.04", "cpe:/o:opensuse:opensuse:13.1", "cpe:/a:mozilla:firefox_esr:38.1.0", "cpe:/o:canonical:ubuntu_linux:12.04", "cpe:/o:opensuse:opensuse:13.2", "cpe:/a:mozilla:firefox_esr:38.0.1", "cpe:/o:oracle:solaris:11.3", "cpe:/a:mozilla:firefox_esr:38.0", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "CVE-2015-4489", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-4489", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:mozilla:firefox_esr:38.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:38.0:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", "cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*", "cpe:2.3:o:mozilla:firefox_os:2.1.0:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", "cpe:2.3:a:mozilla:firefox:39.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:38.1.0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:38.0.5:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:21:25", "description": "Use-after-free vulnerability in the StyleAnimationValue class in Mozilla Firefox before 40.0, Firefox ESR 38.x before 38.2, and Firefox OS before 2.2 allows remote attackers to have an unspecified impact by leveraging a StyleAnimationValue::operator self assignment.\n<a href=\"http://cwe.mitre.org/data/definitions/416.html\">CWE-416: Use After Free</a>", "edition": 6, "cvss3": {}, "published": "2015-08-16T01:59:00", "title": "CVE-2015-4488", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-4488"], "modified": "2018-10-30T16:27:00", "cpe": ["cpe:/a:mozilla:firefox_esr:38.0.5", "cpe:/a:mozilla:firefox:39.0.3", "cpe:/o:mozilla:firefox_os:2.1.0", "cpe:/o:canonical:ubuntu_linux:15.04", "cpe:/o:opensuse:opensuse:13.1", "cpe:/a:mozilla:firefox_esr:38.1.0", "cpe:/o:canonical:ubuntu_linux:12.04", "cpe:/o:opensuse:opensuse:13.2", "cpe:/a:mozilla:firefox_esr:38.0.1", "cpe:/o:oracle:solaris:11.3", "cpe:/a:mozilla:firefox_esr:38.0", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "CVE-2015-4488", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-4488", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:mozilla:firefox_esr:38.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:38.0:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", "cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*", "cpe:2.3:o:mozilla:firefox_os:2.1.0:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", "cpe:2.3:a:mozilla:firefox:39.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:38.1.0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:38.0.5:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:21:25", "description": "The nsTSubstring::ReplacePrep function in Mozilla Firefox before 40.0, Firefox ESR 38.x before 38.2, and Firefox OS before 2.2 might allow remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, related to an \"overflow.\"", "edition": 6, "cvss3": {}, "published": "2015-08-16T01:59:00", "title": "CVE-2015-4487", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-4487"], "modified": "2018-10-30T16:27:00", "cpe": ["cpe:/a:mozilla:firefox_esr:38.0.5", "cpe:/a:mozilla:firefox:39.0.3", "cpe:/o:mozilla:firefox_os:2.1.0", "cpe:/o:canonical:ubuntu_linux:15.04", "cpe:/o:opensuse:opensuse:13.1", "cpe:/a:mozilla:firefox_esr:38.1.0", "cpe:/o:canonical:ubuntu_linux:12.04", "cpe:/o:opensuse:opensuse:13.2", "cpe:/a:mozilla:firefox_esr:38.0.1", "cpe:/o:oracle:solaris:11.3", "cpe:/a:mozilla:firefox_esr:38.0", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "CVE-2015-4487", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-4487", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:mozilla:firefox_esr:38.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:38.0:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", "cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*", "cpe:2.3:o:mozilla:firefox_os:2.1.0:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", "cpe:2.3:a:mozilla:firefox:39.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:38.1.0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:38.0.5:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:21:25", "description": "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.", "edition": 6, "cvss3": {}, "published": "2015-08-16T01:59:00", "title": "CVE-2015-4473", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-4473"], "modified": "2018-10-30T16:27:00", "cpe": ["cpe:/a:mozilla:firefox_esr:38.0.5", "cpe:/a:mozilla:firefox:39.0.3", "cpe:/o:canonical:ubuntu_linux:15.04", "cpe:/o:opensuse:opensuse:13.1", "cpe:/a:mozilla:firefox_esr:38.1.0", "cpe:/o:debian:debian_linux:8.0", "cpe:/o:canonical:ubuntu_linux:12.04", "cpe:/o:opensuse:opensuse:13.2", "cpe:/o:debian:debian_linux:7.0", "cpe:/a:mozilla:firefox_esr:38.0.1", "cpe:/a:mozilla:firefox_esr:38.0", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "CVE-2015-4473", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-4473", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:38.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:38.0:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", "cpe:2.3:a:mozilla:firefox:39.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:38.1.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:38.0.5:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:21:25", "description": "Integer overflow in the make_filter_table function in pixops/pixops.c in gdk-pixbuf before 2.31.5, as used in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 on Linux, Google Chrome on Linux, and other products, allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow and application crash) via crafted bitmap dimensions that are mishandled during scaling.", "edition": 6, "cvss3": {}, "published": "2015-08-16T01:59:00", "title": "CVE-2015-4491", "type": "cve", "cwe": ["CWE-189"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-4491"], "modified": "2018-10-30T16:27:00", "cpe": ["cpe:/a:gnome:gdk-pixbuf:2.31.4", "cpe:/o:canonical:ubuntu_linux:15.04", "cpe:/o:opensuse:opensuse:13.1", "cpe:/o:fedoraproject:fedora:21", "cpe:/o:canonical:ubuntu_linux:12.04", "cpe:/o:opensuse:opensuse:13.2", "cpe:/o:oracle:solaris:10", "cpe:/o:fedoraproject:fedora:22", "cpe:/o:oracle:solaris:11.3", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "CVE-2015-4491", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-4491", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*", "cpe:2.3:a:gnome:gdk-pixbuf:2.31.4:*:*:*:*:*:*:*", "cpe:2.3:o:oracle:solaris:10:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", "cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*"]}], "mozilla": [{"lastseen": "2016-09-05T13:37:40", "bulletinFamily": "software", "cvelist": ["CVE-2015-4488", "CVE-2015-4489", "CVE-2015-4487"], "edition": 1, "description": "Security researcher Ronald Crane reported three\nvulnerabilities affecting released code that were found through code inspection.\nThese included one use of unowned memory, one use of a deleted object, and one\nmemory safety bug. These do not all have clear mechanisms to be exploited\nthrough web content but are vulnerable if a mechanism can be found to trigger\nthem.", "modified": "2015-08-11T00:00:00", "published": "2015-08-11T00:00:00", "id": "MFSA2015-90", "href": "http://www.mozilla.org/en-US/security/advisories/mfsa2015-90/", "type": "mozilla", "title": "Vulnerabilities found through code inspection", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-05T13:37:50", "bulletinFamily": "software", "cvelist": ["CVE-2015-4491"], "description": "Security researcher Gustavo Grieco reported a heap overflow\nin gdk-pixbuf affecting Linux systems using Gnome. This issue is\ntriggered by the scaling of a malformed bitmap format image and results in a\npotentially exploitable crash.\n\nThis issue only affects Linux systems running Gnome. Windows and\nOS X operating systems are unaffected.", "edition": 1, "modified": "2015-08-11T00:00:00", "published": "2015-08-11T00:00:00", "id": "MFSA2015-88", "href": "http://www.mozilla.org/en-US/security/advisories/mfsa2015-88/", "type": "mozilla", "title": "Heap overflow in gdk-pixbuf when scaling bitmap images", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "f5": [{"lastseen": "2017-11-17T04:34:48", "bulletinFamily": "software", "cvelist": ["CVE-2015-4491"], "description": "\nF5 Product Development has evaluated the currently supported releases for potential vulnerability.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct | Versions known to be vulnerable | Versions known to be not vulnerable | Severity | Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 \n11.2.1 | Not vulnerable | None \nBIG-IP AAM | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 | Not vulnerable | None \nBIG-IP AFM | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 | Not vulnerable | None \nBIG-IP Analytics | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 \n11.2.1 | Not vulnerable | None \nBIG-IP APM | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 \n11.2.1 | Not vulnerable | None \nBIG-IP ASM | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 \n11.2.1 | Not vulnerable | None \nBIG-IP DNS | None | 13.0.0 \n12.0.0 - 12.1.2 | Not vulnerable | None \nBIG-IP Edge Gateway | None | 11.2.1 | Not vulnerable | None \nBIG-IP GTM | None | 11.4.1 - 11.6.1 \n11.2.1 | Not vulnerable | None \nBIG-IP Link Controller | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 \n11.2.1 | Not vulnerable | None \nBIG-IP PEM | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 | Not vulnerable | None \nBIG-IP PSM | None | 11.4.1 | Not vulnerable | None \nBIG-IP WebAccelerator | None | 11.2.1 | Not vulnerable | None \nBIG-IP WebSafe | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.6.0 - 11.6.1 | Not vulnerable | None \nARX | None | 6.2.0 - 6.4.0 | Not vulnerable | None \nEnterprise Manager | None | 3.1.1 | Not vulnerable | None \nBIG-IQ Cloud | None | 4.4.0 - 4.5.0 | Not vulnerable | None \nBIG-IQ Device | None | 4.4.0 - 4.5.0 | Not vulnerable | None \nBIG-IQ Security | None | 4.4.0 - 4.5.0 | Not vulnerable | None \nBIG-IQ ADC | None | 4.5.0 | Not vulnerable | None \nBIG-IQ Centralized Management | None | 5.0.0 - 5.3.0 \n4.6.0 | Not vulnerable | None \nBIG-IQ Cloud and Orchestration | None | 1.0.0 | Not vulnerable | None \nF5 iWorkflow | None | 2.0.0 - 2.3.0 | Not vulnerable | None \nLineRate | None | 2.5.0 - 2.6.2 | Not vulnerable | None \nTraffix SDC | None | 5.0.0 - 5.1.0 \n4.0.0 - 4.4.0 | Not vulnerable | None\n\nNone\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n", "edition": 1, "modified": "2017-09-14T01:02:00", "published": "2017-09-14T01:02:00", "href": "https://support.f5.com/csp/article/K76434343", "id": "F5:K76434343", "title": "gdk-pixbuf vulnerability CVE-2015-4491", "type": "f5", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "debian": [{"lastseen": "2019-05-30T02:22:10", "bulletinFamily": "unix", "cvelist": ["CVE-2015-4478", "CVE-2015-4488", "CVE-2015-4489", "CVE-2015-4480", "CVE-2015-4484", "CVE-2015-4479", "CVE-2015-4492", "CVE-2015-4493", "CVE-2015-4487", "CVE-2015-4473"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3333-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nAugust 12, 2015 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : iceweasel\nCVE ID : CVE-2015-4473 CVE-2015-4478 CVE-2015-4479 CVE-2015-4480 \n CVE-2015-4484 CVE-2015-4487 CVE-2015-4488 CVE-2015-4489\n CVE-2015-4492 CVE-2015-4493\n\nMultiple security issues have been found in Iceweasel, Debian&#x27;s version\nof the Mozilla Firefox web browser: Multiple memory safety errors,\ninteger overflows, buffer overflows, use-after-frees and other\nimplementation errors may lead to the execution of arbitrary code,\nbypass of the same-origin policy or denial of service.\n\nDebian follows the extended support releases (ESR) of Firefox. Support\nfor the 31.x series has ended, so starting with this update we&#x27;re now\nfollowing the 38.x releases.\n\nFor the oldstable distribution (wheezy), these problems have been fixed\nin version 38.2.0esr-1~deb7u1.\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 38.2.0esr-1~deb8u1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 38.2.0esr-1.\n\nWe recommend that you upgrade your iceweasel packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 3, "modified": "2015-08-12T10:24:29", "published": "2015-08-12T10:24:29", "id": "DEBIAN:DSA-3333-1:A97D1", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2015/msg00231.html", "title": "[SECURITY] [DSA 3333-1] iceweasel security update", "type": "debian", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-08-12T00:57:05", "bulletinFamily": "unix", "cvelist": ["CVE-2015-4488", "CVE-2015-7198", "CVE-2015-7200", "CVE-2015-7181", "CVE-2015-7194", "CVE-2015-4489", "CVE-2015-7189", "CVE-2015-7182", "CVE-2015-7188", "CVE-2015-7199", "CVE-2015-4513", "CVE-2015-7193", "CVE-2015-4487", "CVE-2015-4473", "CVE-2015-7197"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3410-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nDecember 01, 2015 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : icedove\nCVE ID : CVE-2015-4473 CVE-2015-4487 CVE-2015-4488 CVE-2015-4489 \n CVE-2015-4513 CVE-2015-7181 CVE-2015-7182 CVE-2015-7188\n CVE-2015-7189 CVE-2015-7193 CVE-2015-7194 CVE-2015-7197\n CVE-2015-7198 CVE-2015-7199 CVE-2015-7200\n\nMultiple security issues have been found in Icedove, Debian&#x27;s version of\nthe Mozilla Thunderbird mail client: Multiple memory safety errors,\ninteger overflows, buffer overflows and other implementation errors may\nlead to the execution of arbitrary code or denial of service.\n\nFor the oldstable distribution (wheezy), these problems have been fixed\nin version 38.4.0-1~deb7u1.\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 38.4.0-1~deb8u1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 38.4.0-1.\n\nIn addition enigmail has been updated to a release compatible with the\nnew ESR38 series.\n\nWe recommend that you upgrade your icedove packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 7, "modified": "2015-12-01T22:21:29", "published": "2015-12-01T22:21:29", "id": "DEBIAN:DSA-3410-1:624AB", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2015/msg00315.html", "title": "[SECURITY] [DSA 3410-1] icedove security update", "type": "debian", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-08-12T01:03:00", "bulletinFamily": "unix", "cvelist": ["CVE-2015-4491"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3337-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nAugust 18, 2015 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : gdk-pixbuf\nCVE ID : CVE-2015-4491\n\nGustavo Grieco discovered a heap overflow in the processing of BMP images\nwhich may result in the execution of arbitrary code if a malformed image\nis opened.\n\nFor the oldstable distribution (wheezy), this problem has been fixed\nin version 2.26.1-1+deb7u1.\n\nFor the stable distribution (jessie), this problem has been fixed in\nversion 2.31.1-2+deb8u2.\n\nFor the testing distribution (stretch), this problem has been fixed\nin version 2.31.5-1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2.31.5-1.\n\nWe recommend that you upgrade your gdk-pixbuf packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 12, "modified": "2015-08-18T13:37:38", "published": "2015-08-18T13:37:38", "id": "DEBIAN:DSA-3337-1:F763C", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2015/msg00236.html", "title": "[SECURITY] [DSA 3337-1] gdk-pixbuf security update", "type": "debian", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-08-12T00:51:59", "bulletinFamily": "unix", "cvelist": ["CVE-2015-4491"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3337-2 security@debian.org\nhttps://www.debian.org/security/ Salvatore Bonaccorso\nDecember 17, 2015 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : gdk-pixbuf\nCVE ID : CVE-2015-4491\n\nThe patch applied for gdk-pixbuf to fix CVE-2015-4491 in DSA 3337-1 was\nincomplete. This update corrects that problem. For reference the\noriginal advisory text follows.\n\nGustavo Grieco discovered a heap overflow in the processing of BMP images\nwhich may result in the execution of arbitrary code if a malformed image\nis opened.\n\nFor the oldstable distribution (wheezy), this problem has been fixed\nin version 2.26.1-1+deb7u3.\n\nFor the stable distribution (jessie), this problem has been fixed in\nversion 2.31.1-2+deb8u4.\n\nFor the testing distribution (stretch), this problem has been fixed\nin version 2.31.7-1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2.31.7-1.\n\nWe recommend that you upgrade your gdk-pixbuf packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 14, "modified": "2015-12-17T05:40:46", "published": "2015-12-17T05:40:46", "id": "DEBIAN:DSA-3337-2:68C3D", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2015/msg00330.html", "title": "[SECURITY] [DSA 3337-2] gdk-pixbuf security update", "type": "debian", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "suse": [{"lastseen": "2016-09-04T11:21:45", "bulletinFamily": "unix", "cvelist": ["CVE-2015-4478", "CVE-2015-4485", "CVE-2015-4488", "CVE-2015-4489", "CVE-2015-4486", "CVE-2015-4474", "CVE-2015-4484", "CVE-2015-4479", "CVE-2015-4492", "CVE-2015-4495", "CVE-2015-4487", "CVE-2015-4473", "CVE-2015-4491", "CVE-2015-4475"], "description": "Mozilla Firefox is being updated to the current Firefox 38ESR branch\n (specifically the 38.2.0ESR release).\n\n Security issues fixed:\n - MFSA 2015-78 / CVE-2015-4495: Same origin violation and local file\n stealing via PDF reader\n - MFSA 2015-79 / CVE-2015-4473/CVE-2015-4474: Miscellaneous memory safety\n hazards (rv:40.0 / rv:38.2)\n - MFSA 2015-80 / CVE-2015-4475: Out-of-bounds read with malformed MP3 file\n - MFSA 2015-82 / CVE-2015-4478: Redefinition of non-configurable\n JavaScript object properties\n - MFSA 2015-83 / CVE-2015-4479: Overflow issues in libstagefright\n - MFSA 2015-87 / CVE-2015-4484: Crash when using shared memory in\n JavaScript\n - MFSA 2015-88 / CVE-2015-4491: Heap overflow in gdk-pixbuf when scaling\n bitmap images\n - MFSA 2015-89 / CVE-2015-4485/CVE-2015-4486: Buffer overflows on Libvpx\n when decoding WebM video\n - MFSA 2015-90 / CVE-2015-4487/CVE-2015-4488/CVE-2015-4489:\n Vulnerabilities found through code inspection\n - MFSA 2015-92 / CVE-2015-4492: Use-after-free in XMLHttpRequest with\n shared workers\n\n This update also contains a lot of feature improvements and bug fixes from\n 31ESR to 38ESR.\n\n Also the Mozilla NSS library switched its CKBI API from 1.98 to 2.4, which\n is what Firefox 38ESR uses.\n\n", "edition": 1, "modified": "2015-09-10T17:10:07", "published": "2015-09-10T17:10:07", "id": "SUSE-SU-2015:1528-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00016.html", "title": "Security update for MozillaFirefox, mozilla-nss (important)", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:38:48", "bulletinFamily": "unix", "cvelist": ["CVE-2015-4478", "CVE-2015-4485", "CVE-2015-4488", "CVE-2015-4497", "CVE-2015-4489", "CVE-2015-4486", "CVE-2015-4474", "CVE-2015-4484", "CVE-2015-4479", "CVE-2015-4492", "CVE-2015-4495", "CVE-2015-4487", "CVE-2015-4473", "CVE-2015-4491", "CVE-2015-4498", "CVE-2015-4475"], "description": "Mozilla Firefox was updated to version 38.2.1 ESR to fix several critical\n and non critical security vulnerabilities.\n\n - Firefox was updated to 38.2.1 ESR (bsc#943608)\n * MFSA 2015-94/CVE-2015-4497 (bsc#943557) Use-after-free when resizing\n canvas element during restyling\n * MFSA 2015-95/CVE-2015-4498 (bsc#943558) Add-on notification bypass\n through data URLs\n\n - Firefox was updated to 38.2.0 ESR (bsc#940806)\n * MFSA 2015-78/CVE-2015-4495 (bmo#1178058, bmo#1179262) Same origin\n violation and local file stealing via PDF reader\n * MFSA 2015-79/CVE-2015-4473/CVE-2015-4474 (bmo#1143130, bmo#1161719,\n bmo#1177501, bmo#1181204, bmo#1184068, bmo#1188590, bmo#1146213,\n bmo#1178890, bmo#1182711) Miscellaneous memory safety hazards (rv:40.0\n / rv:38.2)\n * MFSA 2015-80/CVE-2015-4475 (bmo#1175396) Out-of-bounds read with\n malformed MP3 file\n * MFSA 2015-82/CVE-2015-4478 (bmo#1105914) Redefinition of\n non-configurable JavaScript object properties\n * MFSA 2015-83/CVE-2015-4479 (bmo#1185115, bmo#1144107, bmo#1170344,\n bmo#1186718) Overflow issues in libstagefright\n * MFSA 2015-87/CVE-2015-4484 (bmo#1171540) Crash when using shared\n memory in JavaScript\n * MFSA 2015-88/CVE-2015-4491 (bmo#1184009) Heap overflow in gdk-pixbuf\n when scaling bitmap images\n * MFSA 2015-89/CVE-2015-4485/CVE-2015-4486 (bmo#1177948, bmo#1178148)\n Buffer overflows on Libvpx when decoding WebM video\n * MFSA 2015-90/CVE-2015-4487/CVE-2015-4488/CVE-2015-4489 (bmo#1176270,\n bmo#1182723, bmo#1171603) Vulnerabilities found through code inspection\n * MFSA 2015-92/CVE-2015-4492 (bmo#1185820) Use-after-free in\n XMLHttpRequest with shared workers\n\n Mozilla NSS switched the CKBI ABI from 1.98 to 2.4, which is what Firefox\n 38ESR uses.\n\n", "edition": 1, "modified": "2015-09-02T12:10:07", "published": "2015-09-02T12:10:07", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00001.html", "id": "SUSE-SU-2015:1476-1", "title": "Security update for MozillaFirefox, mozilla-nss (important)", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:18:32", "bulletinFamily": "unix", "cvelist": ["CVE-2015-4478", "CVE-2015-4485", "CVE-2015-4488", "CVE-2015-4481", "CVE-2015-4489", "CVE-2015-4486", "CVE-2015-4474", "CVE-2015-4480", "CVE-2015-4484", "CVE-2015-4479", "CVE-2015-4492", "CVE-2015-4490", "CVE-2015-4495", "CVE-2015-4483", "CVE-2015-4493", "CVE-2015-4477", "CVE-2015-4487", "CVE-2015-4473", "CVE-2015-4491", "CVE-2015-4475", "CVE-2015-4482"], "description": "- update to Firefox 40.0 (bnc#940806)\n * Added protection against unwanted software downloads\n * Suggested Tiles show sites of interest, based on categories from your\n recent browsing history\n * Hello allows adding a link to conversations to provide context\n on what the conversation will be about\n * New style for add-on manager based on the in-content preferences style\n * Improved scrolling, graphics, and video playback performance with off\n main thread compositing (GNU/Linux only)\n * Graphic blocklist mechanism improved: Firefox version ranges can be\n specified, limiting the number of devices blocked security fixes:\n * MFSA 2015-79/CVE-2015-4473/CVE-2015-4474 Miscellaneous memory safety\n hazards\n * MFSA 2015-80/CVE-2015-4475 (bmo#1175396) Out-of-bounds read with\n malformed MP3 file\n * MFSA 2015-81/CVE-2015-4477 (bmo#1179484) Use-after-free in MediaStream\n playback\n * MFSA 2015-82/CVE-2015-4478 (bmo#1105914) Redefinition of\n non-configurable JavaScript object properties\n * MFSA 2015-83/CVE-2015-4479/CVE-2015-4480/CVE-2015-4493 Overflow issues\n in libstagefright\n * MFSA 2015-84/CVE-2015-4481 (bmo1171518) Arbitrary file overwriting\n through Mozilla Maintenance Service with hard links (only affected\n Windows)\n * MFSA 2015-85/CVE-2015-4482 (bmo#1184500) Out-of-bounds write with\n Updater and malicious MAR file (does not affect openSUSE RPM packages\n which do not ship the updater)\n * MFSA 2015-86/CVE-2015-4483 (bmo#1148732) Feed protocol with POST\n bypasses mixed content protections\n * MFSA 2015-87/CVE-2015-4484 (bmo#1171540) Crash when using shared\n memory in JavaScript\n * MFSA 2015-88/CVE-2015-4491 (bmo#1184009) Heap overflow in gdk-pixbuf\n when scaling bitmap images\n * MFSA 2015-89/CVE-2015-4485/CVE-2015-4486 (bmo#1177948, bmo#1178148)\n Buffer overflows on Libvpx when decoding WebM video\n * MFSA 2015-90/CVE-2015-4487/CVE-2015-4488/CVE-2015-4489 Vulnerabilities\n found through code inspection\n * MFSA 2015-91/CVE-2015-4490 (bmo#1086999) Mozilla Content Security\n Policy allows for asterisk wildcards in violation of CSP specification\n * MFSA 2015-92/CVE-2015-4492 (bmo#1185820) Use-after-free in\n XMLHttpRequest with shared workers\n - added mozilla-no-stdcxx-check.patch\n - removed obsolete patches\n * mozilla-add-glibcxx_use_cxx11_abi.patch\n * firefox-multilocale-chrome.patch\n - rebased patches\n - requires version 40 of the branding package\n - removed browser/searchplugins/ location as it's not valid anymore\n\n - includes security update to Firefox 39.0.3 (bnc#940918)\n * MFSA 2015-78/CVE-2015-4495 (bmo#1179262, bmo#1178058) Same origin\n violation and local file stealing via PDF reader\n\n", "edition": 1, "modified": "2015-08-14T19:09:37", "published": "2015-08-14T19:09:37", "id": "OPENSUSE-SU-2015:1389-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00014.html", "type": "suse", "title": "Security update for MozillaFirefox (important)", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:57:33", "bulletinFamily": "unix", "cvelist": ["CVE-2015-4478", "CVE-2015-4485", "CVE-2015-4488", "CVE-2015-4481", "CVE-2015-4489", "CVE-2015-4486", "CVE-2015-4474", "CVE-2015-4480", "CVE-2015-4484", "CVE-2015-4479", "CVE-2015-4492", "CVE-2015-4490", "CVE-2015-4495", "CVE-2015-4483", "CVE-2015-4493", "CVE-2015-4477", "CVE-2015-4487", "CVE-2015-4473", "CVE-2015-4491", "CVE-2015-4475", "CVE-2015-4482"], "description": "- update to Firefox 40.0 (bnc#940806)\n * Added protection against unwanted software downloads\n * Suggested Tiles show sites of interest, based on categories from your\n recent browsing history\n * Hello allows adding a link to conversations to provide context\n on what the conversation will be about\n * New style for add-on manager based on the in-content preferences style\n * Improved scrolling, graphics, and video playback performance with off\n main thread compositing (GNU/Linux only)\n * Graphic blocklist mechanism improved: Firefox version ranges can be\n specified, limiting the number of devices blocked security fixes:\n * MFSA 2015-79/CVE-2015-4473/CVE-2015-4474 Miscellaneous memory safety\n hazards\n * MFSA 2015-80/CVE-2015-4475 (bmo#1175396) Out-of-bounds read with\n malformed MP3 file\n * MFSA 2015-81/CVE-2015-4477 (bmo#1179484) Use-after-free in MediaStream\n playback\n * MFSA 2015-82/CVE-2015-4478 (bmo#1105914) Redefinition of\n non-configurable JavaScript object properties\n * MFSA 2015-83/CVE-2015-4479/CVE-2015-4480/CVE-2015-4493 Overflow issues\n in libstagefright\n * MFSA 2015-84/CVE-2015-4481 (bmo1171518) Arbitrary file overwriting\n through Mozilla Maintenance Service with hard links (only affected\n Windows)\n * MFSA 2015-85/CVE-2015-4482 (bmo#1184500) Out-of-bounds write with\n Updater and malicious MAR file (does not affect openSUSE RPM packages\n which do not ship the updater)\n * MFSA 2015-86/CVE-2015-4483 (bmo#1148732) Feed protocol with POST\n bypasses mixed content protections\n * MFSA 2015-87/CVE-2015-4484 (bmo#1171540) Crash when using shared\n memory in JavaScript\n * MFSA 2015-88/CVE-2015-4491 (bmo#1184009) Heap overflow in gdk-pixbuf\n when scaling bitmap images\n * MFSA 2015-89/CVE-2015-4485/CVE-2015-4486 (bmo#1177948, bmo#1178148)\n Buffer overflows on Libvpx when decoding WebM video\n * MFSA 2015-90/CVE-2015-4487/CVE-2015-4488/CVE-2015-4489 Vulnerabilities\n found through code inspection\n * MFSA 2015-91/CVE-2015-4490 (bmo#1086999) Mozilla Content Security\n Policy allows for asterisk wildcards in violation of CSP specification\n * MFSA 2015-92/CVE-2015-4492 (bmo#1185820) Use-after-free in\n XMLHttpRequest with shared workers\n - added mozilla-no-stdcxx-check.patch\n - removed obsolete patches\n * mozilla-add-glibcxx_use_cxx11_abi.patch\n * firefox-multilocale-chrome.patch\n - rebased patches\n - requires version 40 of the branding package\n - removed browser/searchplugins/ location as it's not valid anymore\n\n - includes security update to Firefox 39.0.3 (bnc#940918)\n * MFSA 2015-78/CVE-2015-4495 (bmo#1179262, bmo#1178058) Same origin\n violation and local file stealing via PDF reader\n\n", "edition": 1, "modified": "2015-08-14T19:10:03", "published": "2015-08-14T19:10:03", "id": "OPENSUSE-SU-2015:1390-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00015.html", "type": "suse", "title": "Security update for MozillaFirefox (important)", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-10T04:48:17", "bulletinFamily": "unix", "cvelist": ["CVE-2015-4491"], "description": "This update for gdk-pixbuf fixes the following issues:\n\n Security issue fixed:\n\n - CVE-2015-4491: Fix integer multiplication overflow that allows for DoS\n or potentially RCE (bsc#1053417).\n\n This update was imported from the SUSE:SLE-12-SP2:Update update project.\n\n", "edition": 1, "modified": "2018-08-10T03:10:27", "published": "2018-08-10T03:10:27", "id": "OPENSUSE-SU-2018:2287-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2018-08/msg00033.html", "title": "Security update for gdk-pixbuf (moderate)", "type": "suse", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:34:09", "bulletinFamily": "unix", "cvelist": ["CVE-2015-4478", "CVE-2015-4485", "CVE-2015-4488", "CVE-2015-4489", "CVE-2015-4486", "CVE-2015-4480", "CVE-2015-4484", "CVE-2015-4479", "CVE-2015-4492", "CVE-2015-4493", "CVE-2015-4487", "CVE-2015-4473", "CVE-2015-4491", "CVE-2015-4475"], "description": "[38.2.0-4.0.1]\n- Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat one\n- Force requirement of newer gdk-pixbuf2 to ensure a proper update (Todd Vierling) [orabug 19847484]\n[38.2.0-4]\n- Update to 38.2.0 ESR", "edition": 4, "modified": "2015-08-11T00:00:00", "published": "2015-08-11T00:00:00", "id": "ELSA-2015-1586", "href": "http://linux.oracle.com/errata/ELSA-2015-1586.html", "title": "firefox security update", "type": "oraclelinux", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:39:36", "bulletinFamily": "unix", "cvelist": ["CVE-2015-4491"], "description": "[2.24.1-6]\n- Fix CVE 2015-4491\n- Resolves #1253210", "edition": 4, "modified": "2015-08-31T00:00:00", "published": "2015-08-31T00:00:00", "id": "ELSA-2015-1694", "href": "http://linux.oracle.com/errata/ELSA-2015-1694.html", "title": "gdk-pixbuf2 security update", "type": "oraclelinux", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "freebsd": [{"lastseen": "2019-05-29T18:33:07", "bulletinFamily": "unix", "cvelist": ["CVE-2015-4478", "CVE-2015-4488", "CVE-2015-4481", "CVE-2015-4489", "CVE-2015-4474", "CVE-2015-4480", "CVE-2015-4484", "CVE-2015-4479", "CVE-2015-4492", "CVE-2015-4490", "CVE-2015-4483", "CVE-2015-4493", "CVE-2015-4477", "CVE-2015-4487", "CVE-2015-4473", "CVE-2015-4491", "CVE-2015-4475", "CVE-2015-4482"], "description": "\nThe Mozilla Project reports:\n\nMFSA 2015-79 Miscellaneous memory safety hazards (rv:40.0\n\t / rv:38.2)\nMFSA 2015-80 Out-of-bounds read with malformed MP3\n\t file\nMFSA 2015-81 Use-after-free in MediaStream playback\nMFSA 2015-82 Redefinition of non-configurable JavaScript object properties\nMFSA 2015-83 Overflow issues in libstagefright\nMFSA 2015-84 Arbitrary file overwriting through Mozilla\n\t Maintenance Service with hard links\nMFSA 2015-85 Out-of-bounds write with Updater and\n\t malicious MAR file\nMFSA 2015-86 Feed protocol with POST bypasses mixed\n\t content protections\nMFSA 2015-87 Crash when using shared memory in\n\t JavaScript\nMFSA 2015-88 Heap overflow in gdk-pixbuf when scaling\n\t bitmap images\nMFSA 2015-90 Vulnerabilities found through code\n\t inspection\nMFSA 2015-91 Mozilla Content Security Policy allows for\n\t asterisk wildcards in violation of CSP specification\nMFSA 2015-92 Use-after-free in XMLHttpRequest with shared\n\t workers\n\n", "edition": 4, "modified": "2015-08-22T00:00:00", "published": "2015-08-11T00:00:00", "id": "C66A5632-708A-4727-8236-D65B2D5B2739", "href": "https://vuxml.freebsd.org/freebsd/c66a5632-708a-4727-8236-d65b2d5b2739.html", "title": "mozilla -- multiple vulnerabilities", "type": "freebsd", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:33:06", "bulletinFamily": "unix", "cvelist": ["CVE-2015-4491"], "description": "\nGustavo Grieco reports:\n\nWe found a heap overflow and a DoS in the gdk-pixbuf\n\t implementation triggered by the scaling of a malformed bmp.\n\n", "edition": 4, "modified": "2015-07-12T00:00:00", "published": "2015-07-12T00:00:00", "id": "F5B8B670-465C-11E5-A49D-BCAEC565249C", "href": "https://vuxml.freebsd.org/freebsd/f5b8b670-465c-11e5-a49d-bcaec565249c.html", "title": "gdk-pixbuf2 -- heap overflow and DoS", "type": "freebsd", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "archlinux": [{"lastseen": "2016-09-02T18:44:45", "bulletinFamily": "unix", "cvelist": ["CVE-2015-4478", "CVE-2015-4485", "CVE-2015-4488", "CVE-2015-4489", "CVE-2015-4486", "CVE-2015-4474", "CVE-2015-4480", "CVE-2015-4484", "CVE-2015-4479", "CVE-2015-4492", "CVE-2015-4490", "CVE-2015-4483", "CVE-2015-4493", "CVE-2015-4477", "CVE-2015-4487", "CVE-2015-4473", "CVE-2015-4491", "CVE-2015-4475", "CVE-2015-4482"], "description": "- CVE-2015-4473 (Memory safety bugs fixed in Firefox ESR 38.2 and\nFirefox 40):\n\nGary Kwong, Christian Holler, and Byron Campen reported memory safety\nproblems and crashes that affect Firefox ESR 38.1 and Firefox 39.\n\n- CVE-2015-4474 (Memory safety bugs fixed in Firefox 40):\n\nTyson Smith, Bobby Holley, Chris Coulson, Byron Campen, and Eric Rahm\nreported memory safety problems and crashes that affect Firefox 39.\n\n- CVE-2015-4475 (out of bounds read at mozilla::AudioSink):\n\nSecurity researcher Aki Helin used the Address Sanitizer tool to\ndiscover an out-of-bounds read during playback of a malformed MP3 format\naudio file which switches sample formats. This could trigger a\npotentially exploitable crash or the reading of out-of-bounds memory\ncontent in some circumstances.\n\n- CVE-2015-4477 (MediaStream use-after-free):\n\nSecurity researcher SkyLined reported a use-after-free issue in how\naudio is handled through the Web Audio API during MediaStream playback\nthrough interactions with the Web Audio API. This results in a\npotentially exploitable crash.\n\n- CVE-2015-4478 (JSON.parse with reviver allows redefining\nnon-configurable properties):\n\nSecurity researcher Andr&#233; Bargull reported non-configurable properties\non JavaScript objects can be redefined while parsing JSON in violation\nof the ECMAScript 6 standard. This allows malicious web content to\nbypass same-origin policy by editing these properties to arbitrary values.\n\n- CVE-2015-4479 (MPEG4 saio Chunk Integer Overflow (libstagefright)):\n\nAn anonymous researcher reported, via TippingPoint's Zero Day\nInitiative, reported two integer overflows that could be triggered by a\nmalicious 'saio' chunk in an MPEG4 video, leading to potential arbitrary\ncode execution. This issue was independently reported by security\nresearcher laf.intel.\n\n- CVE-2015-4480 (crash in [@ stagefright::SampleTable::isValid() ] with\nh264 mp4):\n\nSecurity researcher Massimiliano Tomassoli discovered an integer\noverflow issue when parsing an invalid MPEG4 video.\n\n- CVE-2015-4482 (Out of bounds write in mar_read.c):\n\nSecurity researcher Holger Fuhrmannek reported that if the Updater opens\na MAR format file with a specially crafted name, an out-of-bounds write\nwill occur. This can lead to a potentially exploitable crash but\nrequires that the malicious MAR format file be present on the local\nsystem and the Updater to be run to use it.\n\n- CVE-2015-4483 (feed: protocol + POST method =&gt; mixed scripting):\n\nSecurity researcher Masato Kinugawa reported that opening a target page\nusing a POST to the url prefixed with the feed: protocol disables the\nmixed content blocker for that page. This could allow for the risk of a\nman-in-the-middle (MITM) scripting attack on pages that accidentally\ninclude insecure content which would otherwise be blocked.\n\n- CVE-2015-4484 (crash in void\njs::jit::AssemblerX86Shared::lock_addl&lt;js::jit::Imm32&gt;):\n\nSecurity researcher Jukka Jyl&#228;nki reported a crash that occurs because\nJavaScript, when using shared memory, does not properly gate access to\nAtomics or SharedArrayBuffer views in some contexts. This leads to a\nnon-exploitable crash.\n\n- CVE-2015-4485 (Heap-buffer-overflow WRITE in resize_context_buffers),\n- CVE-2015-4486 (Out of bounds read in decrease_ref_count):\n\nSecurity researcher Abhishek Arya (Inferno) of the Google Chrome\nSecurity Team used the Address Sanitizer tool to discover two buffer\noverflow issues in the Libvpx library used for WebM video when decoding\na malformed WebM video file. These buffer overflows result in\npotentially exploitable crashes.\n\n- CVE-2015-4487 (Overflow nsTSubstring::ReplacePrep causes memory-safety\nbugs in string library),\n- CVE-2015-4488 (StyleAnimationValue::operator= uses objects after\ndelete on self-assignment),\n- CVE-2015-4489 (Self-assignment in nsTArray_Impl causes memory-safety bug):\n\nSecurity researcher Ronald Crane reported three vulnerabilities\naffecting released code that were found through code inspection. These\nincluded one use of unowned memory, one use of a deleted object, and one\nmemory safety bug. These do not all have clear mechanisms to be\nexploited through web content but are vulnerable if a mechanism can be\nfound to trigger them.\n\n- CVE-2015-4490 (Mozilla Content Security Policy allows for asterisk\nwildcards in violation of CSP specification):\n\nMozilla security engineer Christoph Kerschbaumer reported a discrepancy\nin Mozilla's implementation of Content Security Policy and the CSP\nspecification. The specification states that blob:, data:, and\nfilesystem: URLs should be excluded in case of a wildcard when matching\nsource expressions but Mozilla's implementation allows these in the case\nof an asterisk wildcard. This could allow for more permissive CSP usage\nthan expected by a web developer, possibly allowing for cross-site\nscripting (XSS) attacks.\n\n- CVE-2015-4491 (gdk-pixbuf heap overflow and DoS affecting Firefox):\n\nSecurity researcher Gustavo Grieco reported a heap overflow in\ngdk-pixbuf affecting Linux systems using Gnome. This issue is triggered\nby the scaling of a malformed bitmap format image and results in a\npotentially exploitable crash.\n\n- CVE-2015-4492 (Use-after-free in XMLHttpRequest with shared workers):\n\nSecurity researcher Looben Yang discovered a use-after-free\nvulnerability when recursively calling .open() on an XMLHttpRequest in a\nSharedWorker.\n\n- CVE-2015-4493 (Stagefright: heap-buffer-overflow crash\n[@stagefright::ESDS::parseESDescriptor]):\n\nMozilla security engineer Tyson Smith used the Address Sanitizer to find\na buffer overflow when parsing an MPEG4 video with an invalid size in an\nESDS chunk lead to memory corruption.", "modified": "2015-08-12T00:00:00", "published": "2015-08-12T00:00:00", "id": "ASA-201508-4", "href": "https://lists.archlinux.org/pipermail/arch-security/2015-August/000381.html", "type": "archlinux", "title": "firefox: multiple issues", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "kaspersky": [{"lastseen": "2020-09-02T11:48:35", "bulletinFamily": "info", "cvelist": ["CVE-2015-4478", "CVE-2015-4485", "CVE-2015-4488", "CVE-2015-4481", "CVE-2015-4489", "CVE-2015-4486", "CVE-2015-4474", "CVE-2015-4480", "CVE-2015-4484", "CVE-2015-4479", "CVE-2015-4492", "CVE-2015-4490", "CVE-2015-4483", "CVE-2015-4493", "CVE-2015-4477", "CVE-2015-4487", "CVE-2015-4473", "CVE-2015-4491", "CVE-2015-4475", "CVE-2015-4482"], "description": "### *Detect date*:\n08/11/2015\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple serious vulnerabilities have been found in Mozilla Firefox. Malicious users can exploit these vulnerabilities to cause denial of service, bypass security restrictions, conduct CSS attack, gain privileges or execute arbitrary code.\n\n### *Affected products*:\nMozilla Firefox versions earlier than 40.0 \nMozilla Firefox ESR versions earlier than 38.2\n\n### *Solution*:\nUpdate to the latest version \n[Get Firefox ESR](<https://www.mozilla.org/en-US/firefox/organizations/>) \n[Get Firefox](<https://www.mozilla.org/en-US/firefox/new/>)\n\n### *Original advisories*:\n[Mozilla Foundation Security Advisories](<https://www.mozilla.org/en-US/security/advisories/>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Mozilla Firefox](<https://threats.kaspersky.com/en/product/Mozilla-Firefox/>)\n\n### *CVE-IDS*:\n[CVE-2015-4493](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4493>)9.3Critical \n[CVE-2015-4492](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4492>)7.5Critical \n[CVE-2015-4491](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4491>)6.8High \n[CVE-2015-4490](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4490>)4.3Warning \n[CVE-2015-4489](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4489>)7.5Critical \n[CVE-2015-4488](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4488>)7.5Critical \n[CVE-2015-4487](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4487>)7.5Critical \n[CVE-2015-4486](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4486>)10.0Critical \n[CVE-2015-4485](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4485>)10.0Critical \n[CVE-2015-4484](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4484>)5.0Critical \n[CVE-2015-4483](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4483>)4.3Warning \n[CVE-2015-4482](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4482>)4.6Warning \n[CVE-2015-4481](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4481>)3.3Warning \n[CVE-2015-4480](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4480>)9.3Critical \n[CVE-2015-4479](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4479>)10.0Critical \n[CVE-2015-4478](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4478>)5.0Critical \n[CVE-2015-4477](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4477>)10.0Critical \n[CVE-2015-4475](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4475>)7.5Critical \n[CVE-2015-4474](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4474>)10.0Critical \n[CVE-2015-4473](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4473>)10.0Critical\n\n### *Exploitation*:\nThe following public exploits exists for this vulnerability:", "edition": 42, "modified": "2020-06-18T00:00:00", "published": "2015-08-11T00:00:00", "id": "KLA10643", "href": "https://threats.kaspersky.com/en/vulnerability/KLA10643", "title": "\r KLA10643Multiple vulnerabilities in Mozilla Firefox and Firefox ESR ", "type": "kaspersky", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:02", "bulletinFamily": "software", "cvelist": ["CVE-2015-4491"], "description": "Heap buffer overflow on BMP parsing.", "edition": 1, "modified": "2015-08-24T00:00:00", "published": "2015-08-24T00:00:00", "id": "SECURITYVULNS:VULN:14640", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14640", "title": "gdk-pixbuf buffer overflow", "type": "securityvulns", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:11:02", "bulletinFamily": "software", "cvelist": ["CVE-2015-4491"], "description": "\r\n\r\n==========================================================================\r\nUbuntu Security Notice USN-2722-1\r\nAugust 26, 2015\r\n\r\ngdk-pixbuf vulnerability\r\n==========================================================================\r\n\r\nA security issue affects these releases of Ubuntu and its derivatives:\r\n\r\n- Ubuntu 15.04\r\n- Ubuntu 14.04 LTS\r\n- Ubuntu 12.04 LTS\r\n\r\nSummary:\r\n\r\nGDK-PixBuf could be made to crash or run programs as your login if it\r\nopened a specially crafted file.\r\n\r\nSoftware Description:\r\n- gdk-pixbuf: GDK Pixbuf library\r\n\r\nDetails:\r\n\r\nGustavo Grieco discovered that GDK-PixBuf incorrectly handled scaling\r\nbitmap images. If a user or automated system were tricked into opening a\r\nBMP image file, a remote attacker could use this flaw to cause GDK-PixBuf\r\nto crash, resulting in a denial of service, or possibly execute arbitrary\r\ncode.\r\n\r\nUpdate instructions:\r\n\r\nThe problem can be corrected by updating your system to the following\r\npackage versions:\r\n\r\nUbuntu 15.04:\r\n libgdk-pixbuf2.0-0 2.31.3-1ubuntu0.1\r\n\r\nUbuntu 14.04 LTS:\r\n libgdk-pixbuf2.0-0 2.30.7-0ubuntu1.1\r\n\r\nUbuntu 12.04 LTS:\r\n libgdk-pixbuf2.0-0 2.26.1-1ubuntu1.2\r\n\r\nAfter a standard system update you need to restart your session to make\r\nall the necessary changes.\r\n\r\nReferences:\r\n http://www.ubuntu.com/usn/usn-2722-1\r\n CVE-2015-4491\r\n\r\nPackage Information:\r\n https://launchpad.net/ubuntu/+source/gdk-pixbuf/2.31.3-1ubuntu0.1\r\n https://launchpad.net/ubuntu/+source/gdk-pixbuf/2.30.7-0ubuntu1.1\r\n https://launchpad.net/ubuntu/+source/gdk-pixbuf/2.26.1-1ubuntu1.2\r\n\r\n\r\n\r\n\r\n-- \r\nubuntu-security-announce mailing list\r\nubuntu-security-announce@lists.ubuntu.com\r\nModify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce\r\n\r\n", "edition": 1, "modified": "2015-10-25T00:00:00", "published": "2015-10-25T00:00:00", "id": "SECURITYVULNS:DOC:32582", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32582", "title": "[USN-2722-1] GDK-PixBuf vulnerability", "type": "securityvulns", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:11:01", "bulletinFamily": "software", "cvelist": ["CVE-2015-4491"], "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n- -------------------------------------------------------------------------\r\nDebian Security Advisory DSA-3337-1 security@debian.org\r\nhttps://www.debian.org/security/ Moritz Muehlenhoff\r\nAugust 18, 2015 https://www.debian.org/security/faq\r\n- -------------------------------------------------------------------------\r\n\r\nPackage : gdk-pixbuf\r\nCVE ID : CVE-2015-4491\r\n\r\nGustavo Grieco discovered a heap overflow in the processing of BMP images\r\nwhich may result in the execution of arbitrary code if a malformed image\r\nis opened.\r\n\r\nFor the oldstable distribution &#40;wheezy&#41;, this problem has been fixed\r\nin version 2.26.1-1+deb7u1.\r\n\r\nFor the stable distribution &#40;jessie&#41;, this problem has been fixed in\r\nversion 2.31.1-2+deb8u2.\r\n\r\nFor the testing distribution &#40;stretch&#41;, this problem has been fixed\r\nin version 2.31.5-1.\r\n\r\nFor the unstable distribution &#40;sid&#41;, this problem has been fixed in\r\nversion 2.31.5-1.\r\n\r\nWe recommend that you upgrade your gdk-pixbuf packages.\r\n\r\nFurther information about Debian Security Advisories, how to apply\r\nthese updates to your system and frequently asked questions can be\r\nfound at: https://www.debian.org/security/\r\n\r\nMailing list: debian-security-announce@lists.debian.org\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1\r\n\r\niQIcBAEBAgAGBQJV0zTdAAoJEBDCk7bDfE42zp8P/iflDoo1XfYo29Bgq7YDYs17\r\n6WV9IO84Dl1WRt5YyL2EFDiUxO7p6PX5nGX0IWqM/3+uJwzyE9qwmgYj6up0MJhP\r\nzSiljadEHble9DLgR0C/sHWwN9HR1yMw4tjuK/2RByXdTwhvNnIOLTfTJp8S1HJq\r\nenvBhDoX79jodw7ZlQCtSvG+SSK4JLz7uoLII0yUgriBdy05UmkLgwHnViYRHKGc\r\nTAcZZqrcMMvdPyE72f+syBFMiB+6LZNmk+V8zjAbAd5EYnWc/eq/5NpJG0B4hv/4\r\nwb26biO2Nc38adjYZfXSmq8z2wDhQrkra+4zVhQ5eCvqG/geXQ1gNS9RR3xFwPsN\r\nR55e82eAX/Rg1mLHWNhzS6Ues5rfWUtUgHHz0AdHzvF+kGCyqA4WoPnPTBEtphnF\r\nnKOSJQhfx7pwXaFURj3hvrfG7b1ATM/lFLL7MNe6bhHH9Bm+birGGvw5JexgJPD5\r\nr2aGIvq/UYjTMs1pFQ9BnMJ2UCMnMEj3mRagyXwqTY6E/pY6V1aFfqoRonpVr0Cf\r\n1tH16pJcBWHR+j70sI6s2BN0WT3UONDBWcsJ8daXGtPc+p/cQAoDioKcCQWSQwNg\r\n6R4iIMMqVMtwghdwisTQa4uiwwCXH8NbdA49tRyIlXvlO0/suBFqY+k3RMxdpAex\r\n2OQ/e2/gaPiquitk7246\r\n=Ezva\r\n-----END PGP SIGNATURE-----\r\n\r\n", "edition": 1, "modified": "2015-08-24T00:00:00", "published": "2015-08-24T00:00:00", "id": "SECURITYVULNS:DOC:32404", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32404", "title": "[SECURITY] [DSA 3337-1] gdk-pixbuf security update", "type": "securityvulns", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "fedora": [{"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2015-4491"], "description": "MinGW Windows GDK Pixbuf library. ", "modified": "2015-09-06T06:24:47", "published": "2015-09-06T06:24:47", "id": "FEDORA:D12326087B29", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 21 Update: mingw-gdk-pixbuf-2.31.6-1.fc21", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2015-4491"], "description": "gdk-pixbuf is an image loading library that can be extended by loadable modules for new image formats. It is used by toolkits such as GTK+ or clutter. ", "modified": "2015-09-06T06:24:59", "published": "2015-09-06T06:24:59", "id": "FEDORA:CB17960600CE", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 21 Update: gdk-pixbuf2-2.31.6-1.fc21", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2015-4491"], "description": "gdk-pixbuf is an image loading library that can be extended by loadable modules for new image formats. It is used by toolkits such as GTK+ or clutter. ", "modified": "2015-09-06T04:55:38", "published": "2015-09-06T04:55:38", "id": "FEDORA:003C0605DFF4", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 22 Update: gdk-pixbuf2-2.31.6-1.fc22", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2015-4491"], "description": "MinGW Windows GDK Pixbuf library. ", "modified": "2015-09-06T04:55:25", "published": "2015-09-06T04:55:25", "id": "FEDORA:6546F605DFD5", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 22 Update: mingw-gdk-pixbuf-2.31.6-1.fc22", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "slackware": [{"lastseen": "2020-10-25T16:36:03", "bulletinFamily": "unix", "cvelist": ["CVE-2015-4491"], "description": "New gdk-pixbuf2 packages are available for Slackware 13.37, 14.0, 14.1,\nand -current to fix a security issue.\n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n\npatches/packages/gdk-pixbuf2-2.28.2-i486-2_slack14.1.txz: Rebuilt.\n Gustavo Grieco discovered a heap overflow in the processing of BMP images\n which may result in the execution of arbitrary code if a malformed image\n is opened.\n For more information, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4491\n (* Security fix *)\n\nWhere to find the new packages:\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/gdk-pixbuf2-2.23.3-i486-2_slack13.37.txz\n\nUpdated package for Slackware x86_64 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/gdk-pixbuf2-2.23.3-x86_64-2_slack13.37.txz\n\nUpdated package for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/gdk-pixbuf2-2.26.1-i486-3_slack14.0.txz\n\nUpdated package for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/gdk-pixbuf2-2.26.1-x86_64-3_slack14.0.txz\n\nUpdated package for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/gdk-pixbuf2-2.28.2-i486-2_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/gdk-pixbuf2-2.28.2-x86_64-2_slack14.1.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/gdk-pixbuf2-2.31.7-i586-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/gdk-pixbuf2-2.31.7-x86_64-1.txz\n\n\nMD5 signatures:\n\nSlackware 13.37 package:\n024660dd36a58ffa0793aeb1396e57c7 gdk-pixbuf2-2.23.3-i486-2_slack13.37.txz\n\nSlackware x86_64 13.37 package:\nd9db7b242d5e68f6032f80af8359563d gdk-pixbuf2-2.23.3-x86_64-2_slack13.37.txz\n\nSlackware 14.0 package:\n63d1deaa9e336c09c23025b4d8f8b545 gdk-pixbuf2-2.26.1-i486-3_slack14.0.txz\n\nSlackware x86_64 14.0 package:\nc2c2e3211a590b125d9e1e1c61e243ed gdk-pixbuf2-2.26.1-x86_64-3_slack14.0.txz\n\nSlackware 14.1 package:\n0e83c834301e53e29bf47a5d6818769d gdk-pixbuf2-2.28.2-i486-2_slack14.1.txz\n\nSlackware x86_64 14.1 package:\nfcc65f4ec956dcc34f7f378e272e600d gdk-pixbuf2-2.28.2-x86_64-2_slack14.1.txz\n\nSlackware -current package:\n41baa15dd4e8a2b9527d7582aa2902d8 l/gdk-pixbuf2-2.31.7-i586-1.txz\n\nSlackware x86_64 -current package:\n35b915dd5a87fec81db379e07652e74a l/gdk-pixbuf2-2.31.7-x86_64-1.txz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg gdk-pixbuf2-2.28.2-i486-2_slack14.1.txz", "modified": "2015-09-01T23:35:52", "published": "2015-09-01T23:35:52", "id": "SSA-2015-244-01", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.435174", "type": "slackware", "title": "[slackware-security] gdk-pixbuf2", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}]}