{"nessus": [{"lastseen": "2023-05-24T14:33:26", "description": "This update upgrades Thunderbird to version 68.3.0.\n\nSecurity Fix(es) :\n\n - Mozilla: Use-after-free in worker destruction (CVE-2019-17008)\n\n - Mozilla: Memory safety bugs fixed in Firefox 71 and Firefox ESR 68.3 (CVE-2019-17012)\n\n - Mozilla: Buffer overflow in plain text serializer (CVE-2019-17005)\n\n - Mozilla: Use-after-free when performing device orientation checks (CVE-2019-17010)\n\n - Mozilla: Use-after-free when retrieving a document in antitracking (CVE-2019-17011)", "cvss3": {}, "published": "2019-12-12T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : thunderbird on SL7.x x86_64 (20191210)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-17005", "CVE-2019-17008", "CVE-2019-17010", "CVE-2019-17011", "CVE-2019-17012"], "modified": "2020-05-29T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:thunderbird", "p-cpe:/a:fermilab:scientific_linux:thunderbird-debuginfo", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20191210_THUNDERBIRD_ON_SL7_X.NASL", "href": "https://www.tenable.com/plugins/nessus/131989", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(131989);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/05/29\");\n\n script_cve_id(\"CVE-2019-17005\", \"CVE-2019-17008\", \"CVE-2019-17010\", \"CVE-2019-17011\", \"CVE-2019-17012\");\n\n script_name(english:\"Scientific Linux Security Update : thunderbird on SL7.x x86_64 (20191210)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update upgrades Thunderbird to version 68.3.0.\n\nSecurity Fix(es) :\n\n - Mozilla: Use-after-free in worker destruction\n (CVE-2019-17008)\n\n - Mozilla: Memory safety bugs fixed in Firefox 71 and\n Firefox ESR 68.3 (CVE-2019-17012)\n\n - Mozilla: Buffer overflow in plain text serializer\n (CVE-2019-17005)\n\n - Mozilla: Use-after-free when performing device\n orientation checks (CVE-2019-17010)\n\n - Mozilla: Use-after-free when retrieving a document in\n antitracking (CVE-2019-17011)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1912&L=SCIENTIFIC-LINUX-ERRATA&P=8959\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?36c5b338\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Update the affected thunderbird and / or thunderbird-debuginfo\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-17012\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:thunderbird-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/01/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 7.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"thunderbird-68.3.0-1.el7_7\", allowmaj:TRUE)) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"thunderbird-debuginfo-68.3.0-1.el7_7\", allowmaj:TRUE)) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"thunderbird / thunderbird-debuginfo\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-10T16:43:32", "description": "The remote Oracle Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2019-4108 advisory.\n\n - The plain text serializer used a fixed-size array for the number of <ol> elements it could process;\n however it was possible to overflow the static-sized array leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71.\n (CVE-2019-17005)\n\n - When using nested workers, a use-after-free could occur during worker destruction. This resulted in a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71. (CVE-2019-17008)\n\n - Under certain conditions, when checking the Resist Fingerprinting preference during device orientation checks, a race condition could have caused a use-after-free and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71. (CVE-2019-17010)\n\n - Under certain conditions, when retrieving a document from a DocShell in the antitracking code, a race condition could cause a use-after-free condition and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71. (CVE-2019-17011)\n\n - Mozilla developers reported memory safety bugs present in Firefox 70 and Firefox ESR 68.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71. (CVE-2019-17012)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-09-07T00:00:00", "type": "nessus", "title": "Oracle Linux 6 : firefox (ELSA-2019-4108)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-17005", "CVE-2019-17008", "CVE-2019-17010", "CVE-2019-17011", "CVE-2019-17012"], "modified": "2023-09-07T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:firefox"], "id": "ORACLELINUX_ELSA-2019-4108.NASL", "href": "https://www.tenable.com/plugins/nessus/180734", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2019-4108.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(180734);\n script_version(\"1.0\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/09/07\");\n\n script_cve_id(\n \"CVE-2019-17005\",\n \"CVE-2019-17008\",\n \"CVE-2019-17010\",\n \"CVE-2019-17011\",\n \"CVE-2019-17012\"\n );\n script_xref(name:\"IAVA\", value:\"2019-A-0438-S\");\n\n script_name(english:\"Oracle Linux 6 : firefox (ELSA-2019-4108)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the\nELSA-2019-4108 advisory.\n\n - The plain text serializer used a fixed-size array for the number of <ol> elements it could process;\n however it was possible to overflow the static-sized array leading to memory corruption and a potentially\n exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71.\n (CVE-2019-17005)\n\n - When using nested workers, a use-after-free could occur during worker destruction. This resulted in a\n potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and\n Firefox < 71. (CVE-2019-17008)\n\n - Under certain conditions, when checking the Resist Fingerprinting preference during device orientation\n checks, a race condition could have caused a use-after-free and a potentially exploitable crash. This\n vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71. (CVE-2019-17010)\n\n - Under certain conditions, when retrieving a document from a DocShell in the antitracking code, a race\n condition could cause a use-after-free condition and a potentially exploitable crash. This vulnerability\n affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71. (CVE-2019-17011)\n\n - Mozilla developers reported memory safety bugs present in Firefox 70 and Firefox ESR 68.2. Some of these\n bugs showed evidence of memory corruption and we presume that with enough effort some of these could have\n been exploited to run arbitrary code. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3,\n and Firefox < 71. (CVE-2019-17012)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2019-4108.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected firefox package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-17012\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/12/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/09/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:firefox\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(os_release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:os_release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 6', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar pkgs = [\n {'reference':'firefox-68.3.0-1.0.1.el6_10', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},\n {'reference':'firefox-68.3.0-1.0.1.el6_10', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release) {\n if (exists_check) {\n if (rpm_exists(release:_release, rpm:exists_check) && rpm_check(release:_release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'firefox');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:33:30", "description": "Multiple security issues have been found in Thunderbird which could potentially result in the execution of arbitrary code.", "cvss3": {}, "published": "2019-12-17T00:00:00", "type": "nessus", "title": "Debian DSA-4585-1 : thunderbird - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-17005", "CVE-2019-17008", "CVE-2019-17010", "CVE-2019-17011", "CVE-2019-17012"], "modified": "2020-01-15T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:thunderbird", "cpe:/o:debian:debian_linux:10.0", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DSA-4585.NASL", "href": "https://www.tenable.com/plugins/nessus/132082", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-4585. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(132082);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2020/01/15\");\n\n script_cve_id(\"CVE-2019-17005\", \"CVE-2019-17008\", \"CVE-2019-17010\", \"CVE-2019-17011\", \"CVE-2019-17012\");\n script_xref(name:\"DSA\", value:\"4585\");\n\n script_name(english:\"Debian DSA-4585-1 : thunderbird - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple security issues have been found in Thunderbird which could\npotentially result in the execution of arbitrary code.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=946588\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/thunderbird\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/thunderbird\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/buster/thunderbird\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2019/dsa-4585\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the thunderbird packages.\n\nFor the oldstable distribution (stretch), these problems have been\nfixed in version 1:68.3.0-2~deb9u1.\n\nFor the stable distribution (buster), these problems have been fixed\nin version 1:68.3.0-2~deb10u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-17012\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:10.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/01/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"10.0\", prefix:\"calendar-google-provider\", reference:\"1:68.3.0-2~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"lightning\", reference:\"1:68.3.0-2~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"lightning-l10n-ar\", reference:\"1:68.3.0-2~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"lightning-l10n-ast\", reference:\"1:68.3.0-2~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"lightning-l10n-be\", reference:\"1:68.3.0-2~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"lightning-l10n-bg\", reference:\"1:68.3.0-2~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"lightning-l10n-br\", reference:\"1:68.3.0-2~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"lightning-l10n-ca\", reference:\"1:68.3.0-2~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"lightning-l10n-cs\", reference:\"1:68.3.0-2~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"lightning-l10n-cy\", reference:\"1:68.3.0-2~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"lightning-l10n-da\", reference:\"1:68.3.0-2~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"lightning-l10n-de\", reference:\"1:68.3.0-2~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"lightning-l10n-dsb\", reference:\"1:68.3.0-2~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"lightning-l10n-el\", reference:\"1:68.3.0-2~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"lightning-l10n-en-gb\", reference:\"1:68.3.0-2~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"lightning-l10n-es-ar\", reference:\"1:68.3.0-2~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"lightning-l10n-es-es\", reference:\"1:68.3.0-2~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"lightning-l10n-et\", reference:\"1:68.3.0-2~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"lightning-l10n-eu\", reference:\"1:68.3.0-2~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"lightning-l10n-fi\", reference:\"1:68.3.0-2~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"lightning-l10n-fr\", reference:\"1:68.3.0-2~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"lightning-l10n-fy-nl\", reference:\"1:68.3.0-2~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"lightning-l10n-ga-ie\", reference:\"1:68.3.0-2~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"lightning-l10n-gd\", reference:\"1:68.3.0-2~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"lightning-l10n-gl\", reference:\"1:68.3.0-2~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"lightning-l10n-he\", reference:\"1:68.3.0-2~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"lightning-l10n-hr\", reference:\"1:68.3.0-2~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"lightning-l10n-hsb\", reference:\"1:68.3.0-2~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"lightning-l10n-hu\", reference:\"1:68.3.0-2~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"lightning-l10n-hy-am\", reference:\"1:68.3.0-2~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"lightning-l10n-id\", reference:\"1:68.3.0-2~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"lightning-l10n-is\", reference:\"1:68.3.0-2~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"lightning-l10n-it\", reference:\"1:68.3.0-2~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"lightning-l10n-ja\", reference:\"1:68.3.0-2~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"lightning-l10n-kab\", reference:\"1:68.3.0-2~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"lightning-l10n-kk\", reference:\"1:68.3.0-2~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"lightning-l10n-ko\", reference:\"1:68.3.0-2~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"lightning-l10n-lt\", reference:\"1:68.3.0-2~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"lightning-l10n-ms\", reference:\"1:68.3.0-2~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"lightning-l10n-nb-no\", reference:\"1:68.3.0-2~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"lightning-l10n-nl\", reference:\"1:68.3.0-2~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"lightning-l10n-nn-no\", reference:\"1:68.3.0-2~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"lightning-l10n-pl\", reference:\"1:68.3.0-2~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"lightning-l10n-pt-br\", reference:\"1:68.3.0-2~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"lightning-l10n-pt-pt\", reference:\"1:68.3.0-2~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"lightning-l10n-rm\", reference:\"1:68.3.0-2~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"lightning-l10n-ro\", reference:\"1:68.3.0-2~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"lightning-l10n-ru\", reference:\"1:68.3.0-2~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"lightning-l10n-si\", reference:\"1:68.3.0-2~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"lightning-l10n-sk\", reference:\"1:68.3.0-2~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"lightning-l10n-sl\", reference:\"1:68.3.0-2~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"lightning-l10n-sq\", reference:\"1:68.3.0-2~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"lightning-l10n-sr\", reference:\"1:68.3.0-2~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"lightning-l10n-sv-se\", reference:\"1:68.3.0-2~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"lightning-l10n-tr\", reference:\"1:68.3.0-2~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"lightning-l10n-uk\", reference:\"1:68.3.0-2~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"lightning-l10n-vi\", reference:\"1:68.3.0-2~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"lightning-l10n-zh-cn\", reference:\"1:68.3.0-2~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"lightning-l10n-zh-tw\", reference:\"1:68.3.0-2~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"thunderbird\", reference:\"1:68.3.0-2~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"thunderbird-l10n-all\", reference:\"1:68.3.0-2~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"thunderbird-l10n-ar\", reference:\"1:68.3.0-2~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"thunderbird-l10n-ast\", reference:\"1:68.3.0-2~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"thunderbird-l10n-be\", reference:\"1:68.3.0-2~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"thunderbird-l10n-bg\", reference:\"1:68.3.0-2~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"thunderbird-l10n-br\", reference:\"1:68.3.0-2~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"thunderbird-l10n-ca\", reference:\"1:68.3.0-2~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"thunderbird-l10n-cs\", reference:\"1:68.3.0-2~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"thunderbird-l10n-cy\", reference:\"1:68.3.0-2~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"thunderbird-l10n-da\", reference:\"1:68.3.0-2~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"thunderbird-l10n-de\", reference:\"1:68.3.0-2~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"thunderbird-l10n-dsb\", reference:\"1:68.3.0-2~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"thunderbird-l10n-el\", reference:\"1:68.3.0-2~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"thunderbird-l10n-en-gb\", reference:\"1:68.3.0-2~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"thunderbird-l10n-es-ar\", reference:\"1:68.3.0-2~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"thunderbird-l10n-es-es\", reference:\"1:68.3.0-2~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"thunderbird-l10n-et\", reference:\"1:68.3.0-2~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"thunderbird-l10n-eu\", reference:\"1:68.3.0-2~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"thunderbird-l10n-fi\", reference:\"1:68.3.0-2~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"thunderbird-l10n-fr\", reference:\"1:68.3.0-2~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"thunderbird-l10n-fy-nl\", reference:\"1:68.3.0-2~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"thunderbird-l10n-ga-ie\", reference:\"1:68.3.0-2~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"thunderbird-l10n-gd\", reference:\"1:68.3.0-2~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"thunderbird-l10n-gl\", reference:\"1:68.3.0-2~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"thunderbird-l10n-he\", reference:\"1:68.3.0-2~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"thunderbird-l10n-hr\", reference:\"1:68.3.0-2~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"thunderbird-l10n-hsb\", reference:\"1:68.3.0-2~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"thunderbird-l10n-hu\", reference:\"1:68.3.0-2~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"thunderbird-l10n-hy-am\", reference:\"1:68.3.0-2~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"thunderbird-l10n-id\", reference:\"1:68.3.0-2~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"thunderbird-l10n-is\", reference:\"1:68.3.0-2~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"thunderbird-l10n-it\", reference:\"1:68.3.0-2~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"thunderbird-l10n-ja\", reference:\"1:68.3.0-2~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"thunderbird-l10n-kab\", reference:\"1:68.3.0-2~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"thunderbird-l10n-kk\", reference:\"1:68.3.0-2~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"thunderbird-l10n-ko\", reference:\"1:68.3.0-2~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"thunderbird-l10n-lt\", reference:\"1:68.3.0-2~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"thunderbird-l10n-ms\", reference:\"1:68.3.0-2~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"thunderbird-l10n-nb-no\", reference:\"1:68.3.0-2~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"thunderbird-l10n-nl\", reference:\"1:68.3.0-2~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"thunderbird-l10n-nn-no\", reference:\"1:68.3.0-2~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"thunderbird-l10n-pl\", reference:\"1:68.3.0-2~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"thunderbird-l10n-pt-br\", reference:\"1:68.3.0-2~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"thunderbird-l10n-pt-pt\", reference:\"1:68.3.0-2~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"thunderbird-l10n-rm\", reference:\"1:68.3.0-2~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"thunderbird-l10n-ro\", reference:\"1:68.3.0-2~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"thunderbird-l10n-ru\", reference:\"1:68.3.0-2~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"thunderbird-l10n-si\", reference:\"1:68.3.0-2~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"thunderbird-l10n-sk\", reference:\"1:68.3.0-2~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"thunderbird-l10n-sl\", reference:\"1:68.3.0-2~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"thunderbird-l10n-sq\", reference:\"1:68.3.0-2~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"thunderbird-l10n-sr\", reference:\"1:68.3.0-2~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"thunderbird-l10n-sv-se\", reference:\"1:68.3.0-2~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"thunderbird-l10n-tr\", reference:\"1:68.3.0-2~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"thunderbird-l10n-uk\", reference:\"1:68.3.0-2~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"thunderbird-l10n-vi\", reference:\"1:68.3.0-2~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"thunderbird-l10n-zh-cn\", reference:\"1:68.3.0-2~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"thunderbird-l10n-zh-tw\", reference:\"1:68.3.0-2~deb10u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"calendar-google-provider\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-dbg\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-dev\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-all\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-ar\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-ast\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-be\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-bg\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-bn-bd\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-br\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-ca\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-cs\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-da\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-de\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-dsb\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-el\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-en-gb\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-es-ar\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-es-es\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-et\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-eu\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-fi\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-fr\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-fy-nl\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-ga-ie\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-gd\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-gl\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-he\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-hr\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-hsb\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-hu\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-hy-am\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-id\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-is\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-it\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-ja\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-kab\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-ko\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-lt\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-nb-no\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-nl\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-nn-no\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-pa-in\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-pl\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-pt-br\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-pt-pt\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-rm\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-ro\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-ru\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-si\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-sk\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-sl\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-sq\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-sr\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-sv-se\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-ta-lk\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-tr\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-uk\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-vi\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-zh-cn\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-zh-tw\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-extension\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-ar\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-ast\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-be\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-bg\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-bn-bd\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-br\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-ca\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-cs\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-cy\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-da\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-de\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-dsb\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-el\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-en-gb\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-es-ar\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-es-es\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-et\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-eu\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-fi\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-fr\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-fy-nl\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-ga-ie\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-gd\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-gl\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-he\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-hr\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-hsb\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-hu\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-hy-am\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-id\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-is\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-it\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-ja\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-kab\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-ko\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-lt\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-nb-no\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-nl\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-nn-no\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-pa-in\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-pl\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-pt-br\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-pt-pt\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-rm\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-ro\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-ru\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-si\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-sk\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-sl\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-sq\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-sr\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-sv-se\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-ta-lk\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-tr\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-uk\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-vi\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-zh-cn\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-zh-tw\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-ar\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-ast\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-be\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-bg\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-bn-bd\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-br\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-ca\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-cs\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-cy\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-da\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-de\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-dsb\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-el\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-en-gb\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-es-ar\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-es-es\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-et\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-eu\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-fi\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-fr\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-fy-nl\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-ga-ie\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-gd\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-gl\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-he\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-hr\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-hsb\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-hu\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-hy-am\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-id\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-is\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-it\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-ja\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-kab\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-ko\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-lt\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-nb-no\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-nl\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-nn-no\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-pa-in\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-pl\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-pt-br\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-pt-pt\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-rm\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-ro\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-ru\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-si\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-sk\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-sl\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-sq\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-sr\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-sv-se\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-ta-lk\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-tr\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-uk\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-vi\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-zh-cn\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-zh-tw\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-dbg\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-dev\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-all\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-ar\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-ast\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-be\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-bg\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-bn-bd\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-br\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-ca\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-cs\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-da\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-de\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-dsb\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-el\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-en-gb\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-es-ar\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-es-es\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-et\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-eu\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-fi\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-fr\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-fy-nl\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-ga-ie\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-gd\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-gl\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-he\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-hr\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-hsb\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-hu\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-hy-am\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-id\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-is\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-it\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-ja\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-kab\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-ko\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-lt\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-nb-no\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-nl\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-nn-no\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-pa-in\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-pl\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-pt-br\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-pt-pt\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-rm\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-ro\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-ru\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-si\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-sk\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-sl\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-sq\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-sr\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-sv-se\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-ta-lk\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-tr\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-uk\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-vi\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-zh-cn\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-zh-tw\", reference:\"1:68.3.0-2~deb9u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:33:33", "description": "The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has thunderbird packages installed that are affected by multiple vulnerabilities: Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2019-12-31T00:00:00", "type": "nessus", "title": "NewStart CGSL CORE 5.04 / MAIN 5.04 : thunderbird Multiple Vulnerabilities (NS-SA-2019-0265)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-17005", "CVE-2019-17008", "CVE-2019-17010", "CVE-2019-17011", "CVE-2019-17012"], "modified": "2021-01-14T00:00:00", "cpe": [], "id": "NEWSTART_CGSL_NS-SA-2019-0265_THUNDERBIRD.NASL", "href": "https://www.tenable.com/plugins/nessus/132482", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\n\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2019-0265. The text\n# itself is copyright (C) ZTE, Inc.\n\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(132482);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\n \"CVE-2019-17005\",\n \"CVE-2019-17008\",\n \"CVE-2019-17010\",\n \"CVE-2019-17011\",\n \"CVE-2019-17012\"\n );\n\n script_name(english:\"NewStart CGSL CORE 5.04 / MAIN 5.04 : thunderbird Multiple Vulnerabilities (NS-SA-2019-0265)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote machine is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has thunderbird packages installed that are\naffected by multiple vulnerabilities: Note that Nessus has not tested for this issue but has instead relied only on the\napplication's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2019-0265\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL thunderbird packages. Note that updated packages may not be available yet. Please contact\nZTE for more information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-17012\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/12/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/31\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/ZTE-CGSL/release\");\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, \"NewStart Carrier Grade Server Linux\");\n\nif (release !~ \"CGSL CORE 5.04\" &&\n release !~ \"CGSL MAIN 5.04\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL CORE 5.04 / NewStart CGSL MAIN 5.04');\n\nif (!get_kb_item(\"Host/ZTE-CGSL/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"NewStart Carrier Grade Server Linux\", cpu);\n\nflag = 0;\n\npkgs = {\n \"CGSL CORE 5.04\": [\n \"thunderbird-68.3.0-1.el7.centos\",\n \"thunderbird-debuginfo-68.3.0-1.el7.centos\"\n ],\n \"CGSL MAIN 5.04\": [\n \"thunderbird-68.3.0-1.el7.centos\",\n \"thunderbird-debuginfo-68.3.0-1.el7.centos\"\n ]\n};\npkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:\"ZTE \" + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"thunderbird\");\n}\n\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-25T14:32:13", "description": "From Red Hat Security Advisory 2019:4111 :\n\nAn update for firefox is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nMozilla Firefox is an open source web browser, designed for standards compliance, performance, and portability.\n\nThis update upgrades Firefox to version 68.3.0 ESR.\n\nSecurity Fix(es) :\n\n* Mozilla: Use-after-free in worker destruction (CVE-2019-17008)\n\n* Mozilla: Memory safety bugs fixed in Firefox 71 and Firefox ESR 68.3 (CVE-2019-17012)\n\n* Mozilla: Buffer overflow in plain text serializer (CVE-2019-17005)\n\n* Mozilla: Use-after-free when performing device orientation checks (CVE-2019-17010)\n\n* Mozilla: Use-after-free when retrieving a document in antitracking (CVE-2019-17011)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {}, "published": "2019-12-09T00:00:00", "type": "nessus", "title": "Oracle Linux 8 : firefox (ELSA-2019-4111)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-17005", "CVE-2019-17008", "CVE-2019-17010", "CVE-2019-17011", "CVE-2019-17012"], "modified": "2020-05-29T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:firefox", "cpe:/o:oracle:linux:8"], "id": "ORACLELINUX_ELSA-2019-4111.NASL", "href": "https://www.tenable.com/plugins/nessus/131829", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2019:4111 and \n# Oracle Linux Security Advisory ELSA-2019-4111 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(131829);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/05/29\");\n\n script_cve_id(\"CVE-2019-17005\", \"CVE-2019-17008\", \"CVE-2019-17010\", \"CVE-2019-17011\", \"CVE-2019-17012\");\n script_xref(name:\"RHSA\", value:\"2019:4111\");\n\n script_name(english:\"Oracle Linux 8 : firefox (ELSA-2019-4111)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Oracle Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"From Red Hat Security Advisory 2019:4111 :\n\nAn update for firefox is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Critical. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nMozilla Firefox is an open source web browser, designed for standards\ncompliance, performance, and portability.\n\nThis update upgrades Firefox to version 68.3.0 ESR.\n\nSecurity Fix(es) :\n\n* Mozilla: Use-after-free in worker destruction (CVE-2019-17008)\n\n* Mozilla: Memory safety bugs fixed in Firefox 71 and Firefox ESR 68.3\n(CVE-2019-17012)\n\n* Mozilla: Buffer overflow in plain text serializer (CVE-2019-17005)\n\n* Mozilla: Use-after-free when performing device orientation checks\n(CVE-2019-17010)\n\n* Mozilla: Use-after-free when retrieving a document in antitracking\n(CVE-2019-17011)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2019-December/009423.html\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected firefox package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-17012\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/01/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 8\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"firefox-68.3.0-1.0.1.el8_1\", allowmaj:TRUE)) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:32:55", "description": "Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code.\n\nFor Debian 8 'Jessie', these problems have been fixed in version 68.3.0esr-1~deb8u1.\n\nWe recommend that you upgrade your firefox-esr packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-12-12T00:00:00", "type": "nessus", "title": "Debian DLA-2029-1 : firefox-esr security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-17005", "CVE-2019-17008", "CVE-2019-17010", "CVE-2019-17011", "CVE-2019-17012"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:firefox-esr", "p-cpe:/a:debian:debian_linux:firefox-esr-dbg", "p-cpe:/a:debian:debian_linux:firefox-esr-dev", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ach", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-af", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-all", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-an", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ar", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-as", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ast", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-cy", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-az", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-be", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-bg", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-da", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-bn-bd", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-bn-in", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-de", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-br", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-dsb", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-bs", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ca", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-el", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-cs", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-en-gb", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-kk", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-en-za", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-km", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-eo", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-kn", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ko", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-es-ar", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-lij", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-lt", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-es-cl", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-lv", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-mai", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-mk", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ml", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-es-es", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-mr", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ms", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-es-mx", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-nb-no", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-nl", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-et", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-nn-no", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-or", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-eu", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-pa-in", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-fa", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-pl", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-pt-br", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ff", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-pt-pt", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-fi", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-rm", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ro", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-fr", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ru", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-si", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-fy-nl", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-sk", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-sl", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-son", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-sq", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ga-ie", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-sr", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-sv-se", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ta", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-gd", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-te", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-th", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-gl", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-tr", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-gn", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-uk", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-uz", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-gu-in", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-vi", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-xh", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-he", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-zh-cn", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-hi-in", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-zh-tw", "p-cpe:/a:debian:debian_linux:iceweasel", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-hr", "p-cpe:/a:debian:debian_linux:iceweasel-dbg", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-hsb", "p-cpe:/a:debian:debian_linux:iceweasel-dev", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-ach", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-af", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-all", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-hu", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-an", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-ar", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-as", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-hy-am", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-ast", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-id", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-az", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-be", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-is", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-bg", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-bn-bd", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-it", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-bn-in", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-br", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ja", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-bs", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-el", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-ca", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-cs", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-cy", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-en-gb", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-da", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-de", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-en-za", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-dsb", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-sq", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-sr", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-eo", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-sv-se", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-ta", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-es-ar", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-te", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-th", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-es-cl", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-tr", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-uk", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-es-es", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-uz", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-vi", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-es-mx", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-xh", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-zh-cn", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-et", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-zh-tw", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-eu", "cpe:/o:debian:debian_linux:8.0", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-fa", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-ff", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-fi", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-fr", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-fy-nl", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-ga-ie", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-gd", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-gl", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-gn", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-gu-in", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-he", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-hi-in", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-hr", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-hsb", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-hu", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-hy-am", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-id", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-is", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-it", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-ja", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-kk", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-km", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-kn", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-ko", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-lij", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-lt", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-lv", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-mai", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-mk", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-ml", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-mr", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-ms", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-nb-no", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-nl", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-nn-no", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-or", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-pa-in", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-pl", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-pt-br", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-pt-pt", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-rm", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-ro", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-ru", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-si", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-sk", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-sl", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-son"], "id": "DEBIAN_DLA-2029.NASL", "href": "https://www.tenable.com/plugins/nessus/131962", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-2029-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(131962);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2019-17005\", \"CVE-2019-17008\", \"CVE-2019-17010\", \"CVE-2019-17011\", \"CVE-2019-17012\");\n\n script_name(english:\"Debian DLA-2029-1 : firefox-esr security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple security issues have been found in the Mozilla Firefox web\nbrowser, which could potentially result in the execution of arbitrary\ncode.\n\nFor Debian 8 'Jessie', these problems have been fixed in version\n68.3.0esr-1~deb8u1.\n\nWe recommend that you upgrade your firefox-esr packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2019/12/msg00010.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/firefox-esr\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-17012\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ach\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-af\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-all\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-an\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-as\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ast\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-az\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-be\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-bg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-bn-bd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-bn-in\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-br\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-bs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ca\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-cs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-cy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-da\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-de\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-dsb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-en-gb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-en-za\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-eo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-es-ar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-es-cl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-es-es\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-es-mx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-et\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-eu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-fa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ff\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-fi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-fr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-fy-nl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ga-ie\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-gl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-gn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-gu-in\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-he\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-hi-in\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-hr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-hsb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-hu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-hy-am\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-id\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-is\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-it\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ja\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-kk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-km\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-kn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ko\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-lij\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-lt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-lv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-mai\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-mk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-mr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-nb-no\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-nl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-nn-no\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-or\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-pa-in\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-pl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-pt-br\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-pt-pt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-rm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ro\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ru\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-si\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-sk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-sl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-son\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-sq\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-sr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-sv-se\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ta\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-te\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-th\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-tr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-uk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-uz\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-vi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-xh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-zh-cn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-zh-tw\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-ach\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-af\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-all\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-an\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-ar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-as\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-ast\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-az\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-be\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-bg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-bn-bd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-bn-in\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-br\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-bs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-ca\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-cs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-cy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-da\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-de\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-dsb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-en-gb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-en-za\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-eo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-es-ar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-es-cl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-es-es\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-es-mx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-et\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-eu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-fa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-ff\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-fi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-fr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-fy-nl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-ga-ie\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-gl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-gn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-gu-in\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-he\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-hi-in\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-hr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-hsb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-hu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-hy-am\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-id\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-is\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-it\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-ja\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-kk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-km\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-kn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-ko\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-lij\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-lt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-lv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-mai\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-mk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-ml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-mr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-ms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-nb-no\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-nl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-nn-no\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-or\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-pa-in\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-pl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-pt-br\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-pt-pt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-rm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-ro\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-ru\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-si\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-sk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-sl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-son\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-sq\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-sr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-sv-se\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-ta\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-te\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-th\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-tr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-uk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-uz\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-vi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-xh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-zh-cn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-zh-tw\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/01/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr\", reference:\"68.3.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-dbg\", reference:\"68.3.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-dev\", reference:\"68.3.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-ach\", reference:\"68.3.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-af\", reference:\"68.3.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-all\", reference:\"68.3.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-an\", reference:\"68.3.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-ar\", reference:\"68.3.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-as\", reference:\"68.3.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-ast\", reference:\"68.3.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-az\", reference:\"68.3.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-be\", reference:\"68.3.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-bg\", reference:\"68.3.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-bn-bd\", reference:\"68.3.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-bn-in\", reference:\"68.3.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-br\", reference:\"68.3.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-bs\", reference:\"68.3.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-ca\", reference:\"68.3.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-cs\", reference:\"68.3.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-cy\", reference:\"68.3.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-da\", reference:\"68.3.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-de\", reference:\"68.3.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-dsb\", reference:\"68.3.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-el\", reference:\"68.3.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-en-gb\", reference:\"68.3.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-en-za\", reference:\"68.3.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-eo\", reference:\"68.3.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-es-ar\", reference:\"68.3.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-es-cl\", reference:\"68.3.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-es-es\", reference:\"68.3.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-es-mx\", reference:\"68.3.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-et\", reference:\"68.3.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-eu\", reference:\"68.3.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-fa\", reference:\"68.3.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-ff\", reference:\"68.3.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-fi\", reference:\"68.3.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-fr\", reference:\"68.3.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-fy-nl\", reference:\"68.3.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-ga-ie\", reference:\"68.3.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-gd\", reference:\"68.3.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-gl\", reference:\"68.3.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-gn\", reference:\"68.3.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-gu-in\", reference:\"68.3.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-he\", reference:\"68.3.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-hi-in\", reference:\"68.3.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-hr\", reference:\"68.3.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-hsb\", reference:\"68.3.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-hu\", reference:\"68.3.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-hy-am\", reference:\"68.3.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-id\", reference:\"68.3.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-is\", reference:\"68.3.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-it\", reference:\"68.3.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-ja\", reference:\"68.3.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-kk\", reference:\"68.3.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-km\", reference:\"68.3.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-kn\", reference:\"68.3.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-ko\", reference:\"68.3.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-lij\", reference:\"68.3.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-lt\", reference:\"68.3.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-lv\", reference:\"68.3.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-mai\", reference:\"68.3.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-mk\", reference:\"68.3.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-ml\", reference:\"68.3.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-mr\", reference:\"68.3.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-ms\", reference:\"68.3.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-nb-no\", reference:\"68.3.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-nl\", reference:\"68.3.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-nn-no\", reference:\"68.3.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-or\", reference:\"68.3.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-pa-in\", reference:\"68.3.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-pl\", reference:\"68.3.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-pt-br\", reference:\"68.3.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-pt-pt\", reference:\"68.3.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-rm\", reference:\"68.3.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-ro\", reference:\"68.3.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-ru\", reference:\"68.3.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-si\", reference:\"68.3.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-sk\", reference:\"68.3.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-sl\", reference:\"68.3.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-son\", reference:\"68.3.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-sq\", reference:\"68.3.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-sr\", reference:\"68.3.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-sv-se\", reference:\"68.3.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-ta\", reference:\"68.3.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-te\", reference:\"68.3.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-th\", reference:\"68.3.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-tr\", reference:\"68.3.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-uk\", reference:\"68.3.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-uz\", reference:\"68.3.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-vi\", reference:\"68.3.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-xh\", reference:\"68.3.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-zh-cn\", reference:\"68.3.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-zh-tw\", reference:\"68.3.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel\", reference:\"68.3.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-dbg\", reference:\"68.3.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-dev\", reference:\"68.3.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-ach\", reference:\"68.3.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-af\", reference:\"68.3.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-all\", reference:\"68.3.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-an\", reference:\"68.3.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-ar\", reference:\"68.3.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-as\", reference:\"68.3.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-ast\", reference:\"68.3.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-az\", reference:\"68.3.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-be\", reference:\"68.3.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-bg\", reference:\"68.3.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-bn-bd\", reference:\"68.3.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-bn-in\", reference:\"68.3.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-br\", reference:\"68.3.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-bs\", reference:\"68.3.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-ca\", reference:\"68.3.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-cs\", reference:\"68.3.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-cy\", reference:\"68.3.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-da\", reference:\"68.3.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-de\", reference:\"68.3.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-dsb\", reference:\"68.3.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-el\", reference:\"68.3.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-en-gb\", reference:\"68.3.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-en-za\", reference:\"68.3.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-eo\", reference:\"68.3.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-es-ar\", reference:\"68.3.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-es-cl\", reference:\"68.3.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-es-es\", reference:\"68.3.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-es-mx\", reference:\"68.3.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-et\", reference:\"68.3.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-eu\", reference:\"68.3.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-fa\", reference:\"68.3.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-ff\", reference:\"68.3.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-fi\", reference:\"68.3.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-fr\", reference:\"68.3.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-fy-nl\", reference:\"68.3.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-ga-ie\", reference:\"68.3.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-gd\", reference:\"68.3.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-gl\", reference:\"68.3.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-gn\", reference:\"68.3.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-gu-in\", reference:\"68.3.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-he\", reference:\"68.3.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-hi-in\", reference:\"68.3.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-hr\", reference:\"68.3.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-hsb\", reference:\"68.3.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-hu\", reference:\"68.3.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-hy-am\", reference:\"68.3.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-id\", reference:\"68.3.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-is\", reference:\"68.3.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-it\", reference:\"68.3.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-ja\", reference:\"68.3.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-kk\", reference:\"68.3.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-km\", reference:\"68.3.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-kn\", reference:\"68.3.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-ko\", reference:\"68.3.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-lij\", reference:\"68.3.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-lt\", reference:\"68.3.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-lv\", reference:\"68.3.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-mai\", reference:\"68.3.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-mk\", reference:\"68.3.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-ml\", reference:\"68.3.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-mr\", reference:\"68.3.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-ms\", reference:\"68.3.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-nb-no\", reference:\"68.3.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-nl\", reference:\"68.3.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-nn-no\", reference:\"68.3.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-or\", reference:\"68.3.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-pa-in\", reference:\"68.3.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-pl\", reference:\"68.3.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-pt-br\", reference:\"68.3.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-pt-pt\", reference:\"68.3.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-rm\", reference:\"68.3.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-ro\", reference:\"68.3.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-ru\", reference:\"68.3.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-si\", reference:\"68.3.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-sk\", reference:\"68.3.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-sl\", reference:\"68.3.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-son\", reference:\"68.3.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-sq\", reference:\"68.3.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-sr\", reference:\"68.3.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-sv-se\", reference:\"68.3.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-ta\", reference:\"68.3.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-te\", reference:\"68.3.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-th\", reference:\"68.3.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-tr\", reference:\"68.3.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-uk\", reference:\"68.3.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-uz\", reference:\"68.3.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-vi\", reference:\"68.3.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-xh\", reference:\"68.3.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-zh-cn\", reference:\"68.3.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-zh-tw\", reference:\"68.3.0esr-1~deb8u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-25T14:31:45", "description": "Multiple security issues have been found in Thunderbird which could potentially result in the execution of arbitrary code.\n\nFor Debian 8 'Jessie', these problems have been fixed in version 1:68.3.0-2~deb8u1.\n\nWe recommend that you upgrade your thunderbird packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-12-17T00:00:00", "type": "nessus", "title": "Debian DLA-2036-1 : thunderbird security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-17005", "CVE-2019-17008", "CVE-2019-17010", "CVE-2019-17011", "CVE-2019-17012"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:calendar-google-provider", "p-cpe:/a:debian:debian_linux:icedove", "p-cpe:/a:debian:debian_linux:icedove-dbg", "p-cpe:/a:debian:debian_linux:icedove-dev", "p-cpe:/a:debian:debian_linux:icedove-l10n-all", "p-cpe:/a:debian:debian_linux:icedove-l10n-ar", "p-cpe:/a:debian:debian_linux:icedove-l10n-ast", "p-cpe:/a:debian:debian_linux:icedove-l10n-be", "p-cpe:/a:debian:debian_linux:icedove-l10n-bg", "p-cpe:/a:debian:debian_linux:icedove-l10n-bn-bd", "p-cpe:/a:debian:debian_linux:icedove-l10n-br", "p-cpe:/a:debian:debian_linux:icedove-l10n-ca", "p-cpe:/a:debian:debian_linux:icedove-l10n-cs", "p-cpe:/a:debian:debian_linux:icedove-l10n-da", "p-cpe:/a:debian:debian_linux:icedove-l10n-de", "p-cpe:/a:debian:debian_linux:icedove-l10n-dsb", "p-cpe:/a:debian:debian_linux:icedove-l10n-el", "p-cpe:/a:debian:debian_linux:icedove-l10n-en-gb", "p-cpe:/a:debian:debian_linux:icedove-l10n-es-ar", "p-cpe:/a:debian:debian_linux:icedove-l10n-es-es", "p-cpe:/a:debian:debian_linux:icedove-l10n-et", "p-cpe:/a:debian:debian_linux:icedove-l10n-eu", "p-cpe:/a:debian:debian_linux:icedove-l10n-fi", "p-cpe:/a:debian:debian_linux:icedove-l10n-fr", "p-cpe:/a:debian:debian_linux:icedove-l10n-fy-nl", "p-cpe:/a:debian:debian_linux:icedove-l10n-ga-ie", "p-cpe:/a:debian:debian_linux:icedove-l10n-gd", "p-cpe:/a:debian:debian_linux:icedove-l10n-gl", "p-cpe:/a:debian:debian_linux:icedove-l10n-he", "p-cpe:/a:debian:debian_linux:icedove-l10n-hr", "p-cpe:/a:debian:debian_linux:icedove-l10n-hsb", "p-cpe:/a:debian:debian_linux:icedove-l10n-hu", "p-cpe:/a:debian:debian_linux:icedove-l10n-hy-am", "p-cpe:/a:debian:debian_linux:icedove-l10n-id", "p-cpe:/a:debian:debian_linux:icedove-l10n-is", "p-cpe:/a:debian:debian_linux:icedove-l10n-it", "p-cpe:/a:debian:debian_linux:icedove-l10n-ja", "p-cpe:/a:debian:debian_linux:icedove-l10n-kab", "p-cpe:/a:debian:debian_linux:icedove-l10n-ko", "p-cpe:/a:debian:debian_linux:icedove-l10n-lt", "p-cpe:/a:debian:debian_linux:icedove-l10n-nb-no", "p-cpe:/a:debian:debian_linux:icedove-l10n-nl", "p-cpe:/a:debian:debian_linux:icedove-l10n-nn-no", "p-cpe:/a:debian:debian_linux:icedove-l10n-pa-in", "p-cpe:/a:debian:debian_linux:icedove-l10n-pl", "p-cpe:/a:debian:debian_linux:icedove-l10n-pt-br", "p-cpe:/a:debian:debian_linux:icedove-l10n-pt-pt", "p-cpe:/a:debian:debian_linux:icedove-l10n-rm", "p-cpe:/a:debian:debian_linux:icedove-l10n-ro", "p-cpe:/a:debian:debian_linux:icedove-l10n-ru", "p-cpe:/a:debian:debian_linux:icedove-l10n-si", "p-cpe:/a:debian:debian_linux:icedove-l10n-sk", "p-cpe:/a:debian:debian_linux:icedove-l10n-sl", "p-cpe:/a:debian:debian_linux:icedove-l10n-sq", "p-cpe:/a:debian:debian_linux:icedove-l10n-sr", "p-cpe:/a:debian:debian_linux:icedove-l10n-sv-se", "p-cpe:/a:debian:debian_linux:icedove-l10n-ta-lk", "p-cpe:/a:debian:debian_linux:icedove-l10n-tr", "p-cpe:/a:debian:debian_linux:icedove-l10n-uk", "p-cpe:/a:debian:debian_linux:icedove-l10n-vi", "p-cpe:/a:debian:debian_linux:icedove-l10n-zh-cn", "p-cpe:/a:debian:debian_linux:icedove-l10n-zh-tw", "p-cpe:/a:debian:debian_linux:iceowl-extension", "p-cpe:/a:debian:debian_linux:iceowl-l10n-ar", "p-cpe:/a:debian:debian_linux:iceowl-l10n-ast", "p-cpe:/a:debian:debian_linux:iceowl-l10n-be", "p-cpe:/a:debian:debian_linux:iceowl-l10n-bg", "p-cpe:/a:debian:debian_linux:iceowl-l10n-bn-bd", "p-cpe:/a:debian:debian_linux:iceowl-l10n-br", "p-cpe:/a:debian:debian_linux:iceowl-l10n-ca", "p-cpe:/a:debian:debian_linux:iceowl-l10n-es-ar", "p-cpe:/a:debian:debian_linux:iceowl-l10n-cs", "p-cpe:/a:debian:debian_linux:iceowl-l10n-cy", "p-cpe:/a:debian:debian_linux:iceowl-l10n-es-es", "p-cpe:/a:debian:debian_linux:iceowl-l10n-da", "p-cpe:/a:debian:debian_linux:iceowl-l10n-de", "p-cpe:/a:debian:debian_linux:iceowl-l10n-et", "p-cpe:/a:debian:debian_linux:iceowl-l10n-dsb", "p-cpe:/a:debian:debian_linux:iceowl-l10n-eu", "p-cpe:/a:debian:debian_linux:iceowl-l10n-el", "p-cpe:/a:debian:debian_linux:iceowl-l10n-en-gb", "p-cpe:/a:debian:debian_linux:iceowl-l10n-fi", "p-cpe:/a:debian:debian_linux:iceowl-l10n-pl", "p-cpe:/a:debian:debian_linux:iceowl-l10n-pt-br", "p-cpe:/a:debian:debian_linux:iceowl-l10n-pt-pt", "p-cpe:/a:debian:debian_linux:iceowl-l10n-fr", "p-cpe:/a:debian:debian_linux:iceowl-l10n-rm", "p-cpe:/a:debian:debian_linux:iceowl-l10n-fy-nl", "p-cpe:/a:debian:debian_linux:iceowl-l10n-ro", "p-cpe:/a:debian:debian_linux:iceowl-l10n-ga-ie", "p-cpe:/a:debian:debian_linux:iceowl-l10n-ru", "p-cpe:/a:debian:debian_linux:iceowl-l10n-gd", "p-cpe:/a:debian:debian_linux:iceowl-l10n-si", "p-cpe:/a:debian:debian_linux:iceowl-l10n-gl", "p-cpe:/a:debian:debian_linux:iceowl-l10n-sk", "p-cpe:/a:debian:debian_linux:iceowl-l10n-sl", "p-cpe:/a:debian:debian_linux:iceowl-l10n-he", "p-cpe:/a:debian:debian_linux:iceowl-l10n-sq", "p-cpe:/a:debian:debian_linux:iceowl-l10n-hr", "p-cpe:/a:debian:debian_linux:iceowl-l10n-sr", "p-cpe:/a:debian:debian_linux:iceowl-l10n-sv-se", "p-cpe:/a:debian:debian_linux:iceowl-l10n-hsb", "p-cpe:/a:debian:debian_linux:iceowl-l10n-ta-lk", "p-cpe:/a:debian:debian_linux:iceowl-l10n-hu", "p-cpe:/a:debian:debian_linux:iceowl-l10n-tr", "p-cpe:/a:debian:debian_linux:iceowl-l10n-hy-am", "p-cpe:/a:debian:debian_linux:iceowl-l10n-uk", "p-cpe:/a:debian:debian_linux:iceowl-l10n-id", "p-cpe:/a:debian:debian_linux:iceowl-l10n-vi", "p-cpe:/a:debian:debian_linux:iceowl-l10n-zh-cn", "p-cpe:/a:debian:debian_linux:iceowl-l10n-zh-tw", "p-cpe:/a:debian:debian_linux:lightning", "p-cpe:/a:debian:debian_linux:iceowl-l10n-is", "p-cpe:/a:debian:debian_linux:lightning-l10n-ar", "p-cpe:/a:debian:debian_linux:iceowl-l10n-it", "p-cpe:/a:debian:debian_linux:lightning-l10n-ast", "p-cpe:/a:debian:debian_linux:iceowl-l10n-ja", "p-cpe:/a:debian:debian_linux:lightning-l10n-be", "p-cpe:/a:debian:debian_linux:iceowl-l10n-kab", "p-cpe:/a:debian:debian_linux:lightning-l10n-bg", "p-cpe:/a:debian:debian_linux:iceowl-l10n-ko", "p-cpe:/a:debian:debian_linux:lightning-l10n-bn-bd", "p-cpe:/a:debian:debian_linux:lightning-l10n-br", "p-cpe:/a:debian:debian_linux:iceowl-l10n-lt", "p-cpe:/a:debian:debian_linux:lightning-l10n-ca", "p-cpe:/a:debian:debian_linux:iceowl-l10n-nb-no", "p-cpe:/a:debian:debian_linux:lightning-l10n-cs", "p-cpe:/a:debian:debian_linux:lightning-l10n-cy", "p-cpe:/a:debian:debian_linux:iceowl-l10n-nl", "p-cpe:/a:debian:debian_linux:lightning-l10n-da", "p-cpe:/a:debian:debian_linux:iceowl-l10n-nn-no", "p-cpe:/a:debian:debian_linux:lightning-l10n-de", "p-cpe:/a:debian:debian_linux:iceowl-l10n-pa-in", "p-cpe:/a:debian:debian_linux:lightning-l10n-dsb", "p-cpe:/a:debian:debian_linux:lightning-l10n-el", "p-cpe:/a:debian:debian_linux:thunderbird-dbg", "p-cpe:/a:debian:debian_linux:lightning-l10n-en-gb", "p-cpe:/a:debian:debian_linux:lightning-l10n-es-ar", "p-cpe:/a:debian:debian_linux:lightning-l10n-es-es", "p-cpe:/a:debian:debian_linux:lightning-l10n-et", "p-cpe:/a:debian:debian_linux:thunderbird-dev", "p-cpe:/a:debian:debian_linux:lightning-l10n-eu", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-all", "p-cpe:/a:debian:debian_linux:lightning-l10n-fi", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-ar", "p-cpe:/a:debian:debian_linux:lightning-l10n-fr", "p-cpe:/a:debian:debian_linux:lightning-l10n-fy-nl", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-ast", "p-cpe:/a:debian:debian_linux:lightning-l10n-ga-ie", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-be", "p-cpe:/a:debian:debian_linux:lightning-l10n-gd", "p-cpe:/a:debian:debian_linux:lightning-l10n-gl", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-bg", "p-cpe:/a:debian:debian_linux:lightning-l10n-he", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-bn-bd", "p-cpe:/a:debian:debian_linux:lightning-l10n-hr", "p-cpe:/a:debian:debian_linux:lightning-l10n-hsb", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-br", "p-cpe:/a:debian:debian_linux:lightning-l10n-hu", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-ca", "p-cpe:/a:debian:debian_linux:lightning-l10n-hy-am", "p-cpe:/a:debian:debian_linux:lightning-l10n-id", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-cs", "p-cpe:/a:debian:debian_linux:lightning-l10n-is", "p-cpe:/a:debian:debian_linux:lightning-l10n-it", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-da", "p-cpe:/a:debian:debian_linux:lightning-l10n-ja", "p-cpe:/a:debian:debian_linux:lightning-l10n-kab", "p-cpe:/a:debian:debian_linux:lightning-l10n-ko", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-de", "p-cpe:/a:debian:debian_linux:lightning-l10n-lt", "p-cpe:/a:debian:debian_linux:lightning-l10n-nb-no", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-dsb", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-el", "p-cpe:/a:debian:debian_linux:lightning-l10n-nl", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-en-gb", "p-cpe:/a:debian:debian_linux:lightning-l10n-nn-no", "p-cpe:/a:debian:debian_linux:lightning-l10n-pa-in", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-es-ar", "p-cpe:/a:debian:debian_linux:lightning-l10n-pl", "p-cpe:/a:debian:debian_linux:lightning-l10n-pt-br", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-es-es", "p-cpe:/a:debian:debian_linux:lightning-l10n-pt-pt", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-et", "p-cpe:/a:debian:debian_linux:lightning-l10n-rm", "p-cpe:/a:debian:debian_linux:lightning-l10n-ro", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-eu", "p-cpe:/a:debian:debian_linux:lightning-l10n-ru", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-fi", "p-cpe:/a:debian:debian_linux:lightning-l10n-si", "p-cpe:/a:debian:debian_linux:lightning-l10n-sk", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-fr", "p-cpe:/a:debian:debian_linux:lightning-l10n-sl", "p-cpe:/a:debian:debian_linux:lightning-l10n-sq", "p-cpe:/a:debian:debian_linux:lightning-l10n-sr", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-fy-nl", "p-cpe:/a:debian:debian_linux:lightning-l10n-sv-se", "p-cpe:/a:debian:debian_linux:lightning-l10n-ta-lk", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-ga-ie", "p-cpe:/a:debian:debian_linux:lightning-l10n-tr", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-gd", "p-cpe:/a:debian:debian_linux:lightning-l10n-uk", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-gl", "p-cpe:/a:debian:debian_linux:lightning-l10n-vi", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-he", "p-cpe:/a:debian:debian_linux:lightning-l10n-zh-cn", "p-cpe:/a:debian:debian_linux:lightning-l10n-zh-tw", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-hr", "p-cpe:/a:debian:debian_linux:thunderbird", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-hsb", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-lt", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-hu", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-nb-no", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-hy-am", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-nl", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-nn-no", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-id", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-pa-in", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-is", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-pl", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-it", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-pt-br", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-pt-pt", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-rm", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-ja", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-ro", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-kab", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-ru", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-ko", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-si", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-sk", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-sl", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-sq", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-sr", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-sv-se", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-ta-lk", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-tr", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-uk", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-vi", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-zh-cn", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-zh-tw", "cpe:/o:debian:debian_linux:8.0"], "id": "DEBIAN_DLA-2036.NASL", "href": "https://www.tenable.com/plugins/nessus/132080", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-2036-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(132080);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2019-17005\", \"CVE-2019-17008\", \"CVE-2019-17010\", \"CVE-2019-17011\", \"CVE-2019-17012\");\n\n script_name(english:\"Debian DLA-2036-1 : thunderbird security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple security issues have been found in Thunderbird which could\npotentially result in the execution of arbitrary code.\n\nFor Debian 8 'Jessie', these problems have been fixed in version\n1:68.3.0-2~deb8u1.\n\nWe recommend that you upgrade your thunderbird packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2019/12/msg00018.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/thunderbird\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-17012\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:calendar-google-provider\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-all\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-ar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-ast\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-be\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-bg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-bn-bd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-br\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-ca\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-cs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-da\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-de\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-dsb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-en-gb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-es-ar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-es-es\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-et\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-eu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-fi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-fr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-fy-nl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-ga-ie\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-gl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-he\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-hr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-hsb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-hu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-hy-am\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-id\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-is\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-it\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-ja\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-kab\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-ko\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-lt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-nb-no\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-nl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-nn-no\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-pa-in\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-pl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-pt-br\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-pt-pt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-rm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-ro\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-ru\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-si\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-sk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-sl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-sq\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-sr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-sv-se\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-ta-lk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-tr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-uk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-vi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-zh-cn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-zh-tw\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-extension\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-ar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-ast\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-be\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-bg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-bn-bd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-br\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-ca\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-cs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-cy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-da\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-de\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-dsb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-en-gb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-es-ar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-es-es\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-et\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-eu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-fi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-fr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-fy-nl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-ga-ie\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-gl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-he\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-hr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-hsb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-hu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-hy-am\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-id\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-is\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-it\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-ja\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-kab\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-ko\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-lt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-nb-no\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-nl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-nn-no\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-pa-in\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-pl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-pt-br\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-pt-pt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-rm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-ro\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-ru\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-si\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-sk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-sl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-sq\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-sr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-sv-se\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-ta-lk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-tr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-uk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-vi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-zh-cn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-zh-tw\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-ar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-ast\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-be\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-bg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-bn-bd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-br\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-ca\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-cs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-cy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-da\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-de\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-dsb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-en-gb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-es-ar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-es-es\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-et\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-eu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-fi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-fr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-fy-nl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-ga-ie\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-gl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-he\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-hr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-hsb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-hu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-hy-am\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-id\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-is\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-it\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-ja\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-kab\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-ko\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-lt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-nb-no\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-nl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-nn-no\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-pa-in\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-pl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-pt-br\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-pt-pt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-rm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-ro\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-ru\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-si\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-sk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-sl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-sq\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-sr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-sv-se\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-ta-lk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-tr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-uk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-vi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-zh-cn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-zh-tw\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-all\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-ar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-ast\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-be\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-bg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-bn-bd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-br\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-ca\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-cs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-da\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-de\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-dsb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-en-gb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-es-ar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-es-es\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-et\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-eu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-fi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-fr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-fy-nl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-ga-ie\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-gl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-he\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-hr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-hsb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-hu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-hy-am\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-id\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-is\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-it\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-ja\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-kab\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-ko\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-lt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-nb-no\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-nl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-nn-no\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-pa-in\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-pl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-pt-br\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-pt-pt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-rm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-ro\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-ru\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-si\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-sk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-sl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-sq\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-sr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-sv-se\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-ta-lk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-tr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-uk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-vi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-zh-cn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-zh-tw\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/01/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"calendar-google-provider\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove-dbg\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove-dev\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove-l10n-all\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove-l10n-ar\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove-l10n-ast\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove-l10n-be\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove-l10n-bg\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove-l10n-bn-bd\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove-l10n-br\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove-l10n-ca\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove-l10n-cs\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove-l10n-da\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove-l10n-de\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove-l10n-dsb\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove-l10n-el\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove-l10n-en-gb\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove-l10n-es-ar\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove-l10n-es-es\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove-l10n-et\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove-l10n-eu\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove-l10n-fi\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove-l10n-fr\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove-l10n-fy-nl\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove-l10n-ga-ie\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove-l10n-gd\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove-l10n-gl\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove-l10n-he\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove-l10n-hr\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove-l10n-hsb\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove-l10n-hu\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove-l10n-hy-am\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove-l10n-id\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove-l10n-is\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove-l10n-it\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove-l10n-ja\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove-l10n-kab\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove-l10n-ko\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove-l10n-lt\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove-l10n-nb-no\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove-l10n-nl\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove-l10n-nn-no\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove-l10n-pa-in\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove-l10n-pl\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove-l10n-pt-br\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove-l10n-pt-pt\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove-l10n-rm\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove-l10n-ro\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove-l10n-ru\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove-l10n-si\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove-l10n-sk\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove-l10n-sl\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove-l10n-sq\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove-l10n-sr\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove-l10n-sv-se\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove-l10n-ta-lk\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove-l10n-tr\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove-l10n-uk\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove-l10n-vi\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove-l10n-zh-cn\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove-l10n-zh-tw\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceowl-extension\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceowl-l10n-ar\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceowl-l10n-ast\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceowl-l10n-be\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceowl-l10n-bg\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceowl-l10n-bn-bd\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceowl-l10n-br\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceowl-l10n-ca\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceowl-l10n-cs\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceowl-l10n-cy\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceowl-l10n-da\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceowl-l10n-de\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceowl-l10n-dsb\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceowl-l10n-el\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceowl-l10n-en-gb\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceowl-l10n-es-ar\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceowl-l10n-es-es\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceowl-l10n-et\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceowl-l10n-eu\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceowl-l10n-fi\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceowl-l10n-fr\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceowl-l10n-fy-nl\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceowl-l10n-ga-ie\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceowl-l10n-gd\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceowl-l10n-gl\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceowl-l10n-he\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceowl-l10n-hr\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceowl-l10n-hsb\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceowl-l10n-hu\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceowl-l10n-hy-am\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceowl-l10n-id\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceowl-l10n-is\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceowl-l10n-it\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceowl-l10n-ja\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceowl-l10n-kab\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceowl-l10n-ko\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceowl-l10n-lt\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceowl-l10n-nb-no\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceowl-l10n-nl\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceowl-l10n-nn-no\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceowl-l10n-pa-in\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceowl-l10n-pl\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceowl-l10n-pt-br\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceowl-l10n-pt-pt\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceowl-l10n-rm\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceowl-l10n-ro\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceowl-l10n-ru\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceowl-l10n-si\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceowl-l10n-sk\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceowl-l10n-sl\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceowl-l10n-sq\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceowl-l10n-sr\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceowl-l10n-sv-se\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceowl-l10n-ta-lk\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceowl-l10n-tr\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceowl-l10n-uk\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceowl-l10n-vi\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceowl-l10n-zh-cn\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceowl-l10n-zh-tw\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"lightning\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"lightning-l10n-ar\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"lightning-l10n-ast\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"lightning-l10n-be\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"lightning-l10n-bg\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"lightning-l10n-bn-bd\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"lightning-l10n-br\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"lightning-l10n-ca\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"lightning-l10n-cs\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"lightning-l10n-cy\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"lightning-l10n-da\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"lightning-l10n-de\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"lightning-l10n-dsb\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"lightning-l10n-el\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"lightning-l10n-en-gb\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"lightning-l10n-es-ar\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"lightning-l10n-es-es\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"lightning-l10n-et\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"lightning-l10n-eu\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"lightning-l10n-fi\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"lightning-l10n-fr\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"lightning-l10n-fy-nl\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"lightning-l10n-ga-ie\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"lightning-l10n-gd\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"lightning-l10n-gl\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"lightning-l10n-he\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"lightning-l10n-hr\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"lightning-l10n-hsb\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"lightning-l10n-hu\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"lightning-l10n-hy-am\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"lightning-l10n-id\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"lightning-l10n-is\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"lightning-l10n-it\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"lightning-l10n-ja\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"lightning-l10n-kab\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"lightning-l10n-ko\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"lightning-l10n-lt\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"lightning-l10n-nb-no\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"lightning-l10n-nl\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"lightning-l10n-nn-no\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"lightning-l10n-pa-in\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"lightning-l10n-pl\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"lightning-l10n-pt-br\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"lightning-l10n-pt-pt\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"lightning-l10n-rm\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"lightning-l10n-ro\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"lightning-l10n-ru\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"lightning-l10n-si\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"lightning-l10n-sk\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"lightning-l10n-sl\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"lightning-l10n-sq\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"lightning-l10n-sr\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"lightning-l10n-sv-se\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"lightning-l10n-ta-lk\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"lightning-l10n-tr\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"lightning-l10n-uk\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"lightning-l10n-vi\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"lightning-l10n-zh-cn\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"lightning-l10n-zh-tw\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"thunderbird\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"thunderbird-dbg\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"thunderbird-dev\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"thunderbird-l10n-all\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"thunderbird-l10n-ar\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"thunderbird-l10n-ast\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"thunderbird-l10n-be\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"thunderbird-l10n-bg\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"thunderbird-l10n-bn-bd\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"thunderbird-l10n-br\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"thunderbird-l10n-ca\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"thunderbird-l10n-cs\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"thunderbird-l10n-da\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"thunderbird-l10n-de\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"thunderbird-l10n-dsb\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"thunderbird-l10n-el\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"thunderbird-l10n-en-gb\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"thunderbird-l10n-es-ar\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"thunderbird-l10n-es-es\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"thunderbird-l10n-et\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"thunderbird-l10n-eu\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"thunderbird-l10n-fi\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"thunderbird-l10n-fr\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"thunderbird-l10n-fy-nl\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"thunderbird-l10n-ga-ie\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"thunderbird-l10n-gd\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"thunderbird-l10n-gl\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"thunderbird-l10n-he\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"thunderbird-l10n-hr\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"thunderbird-l10n-hsb\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"thunderbird-l10n-hu\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"thunderbird-l10n-hy-am\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"thunderbird-l10n-id\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"thunderbird-l10n-is\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"thunderbird-l10n-it\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"thunderbird-l10n-ja\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"thunderbird-l10n-kab\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"thunderbird-l10n-ko\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"thunderbird-l10n-lt\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"thunderbird-l10n-nb-no\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"thunderbird-l10n-nl\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"thunderbird-l10n-nn-no\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"thunderbird-l10n-pa-in\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"thunderbird-l10n-pl\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"thunderbird-l10n-pt-br\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"thunderbird-l10n-pt-pt\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"thunderbird-l10n-rm\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"thunderbird-l10n-ro\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"thunderbird-l10n-ru\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"thunderbird-l10n-si\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"thunderbird-l10n-sk\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"thunderbird-l10n-sl\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"thunderbird-l10n-sq\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"thunderbird-l10n-sr\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"thunderbird-l10n-sv-se\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"thunderbird-l10n-ta-lk\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"thunderbird-l10n-tr\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"thunderbird-l10n-uk\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"thunderbird-l10n-vi\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"thunderbird-l10n-zh-cn\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"thunderbird-l10n-zh-tw\", reference:\"1:68.3.0-2~deb8u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:55:37", "description": "The plain text serializer used a fixed-size array for the number of ol elements it could process; however it was possible to overflow the static-sized array leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71. (CVE-2019-17005)\n\nUnder certain conditions, when checking the Resist Fingerprinting preference during device orientation checks, a race condition could have caused a use-after-free and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71. (CVE-2019-17010)\n\nWhen using nested workers, a use-after-free could occur during worker destruction. This resulted in a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71. (CVE-2019-17008)\n\nMozilla developers reported memory safety bugs present in Firefox 70 and Firefox ESR 68.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71.\n(CVE-2019-17012)\n\nUnder certain conditions, when retrieving a document from a DocShell in the antitracking code, a race condition could cause a use-after-free condition and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71. (CVE-2019-17011)", "cvss3": {}, "published": "2020-01-22T00:00:00", "type": "nessus", "title": "Amazon Linux 2 : thunderbird (ALAS-2020-1386)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-17005", "CVE-2019-17008", "CVE-2019-17010", "CVE-2019-17011", "CVE-2019-17012"], "modified": "2020-05-29T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:thunderbird", "p-cpe:/a:amazon:linux:thunderbird-debuginfo", "cpe:/o:amazon:linux:2"], "id": "AL2_ALAS-2020-1386.NASL", "href": "https://www.tenable.com/plugins/nessus/133149", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2 Security Advisory ALAS-2020-1386.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(133149);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/05/29\");\n\n script_cve_id(\"CVE-2019-17005\", \"CVE-2019-17008\", \"CVE-2019-17010\", \"CVE-2019-17011\", \"CVE-2019-17012\");\n script_xref(name:\"ALAS\", value:\"2020-1386\");\n\n script_name(english:\"Amazon Linux 2 : thunderbird (ALAS-2020-1386)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Amazon Linux 2 host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The plain text serializer used a fixed-size array for the number of ol\nelements it could process; however it was possible to overflow the\nstatic-sized array leading to memory corruption and a potentially\nexploitable crash. This vulnerability affects Thunderbird < 68.3,\nFirefox ESR < 68.3, and Firefox < 71. (CVE-2019-17005)\n\nUnder certain conditions, when checking the Resist Fingerprinting\npreference during device orientation checks, a race condition could\nhave caused a use-after-free and a potentially exploitable crash. This\nvulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and\nFirefox < 71. (CVE-2019-17010)\n\nWhen using nested workers, a use-after-free could occur during worker\ndestruction. This resulted in a potentially exploitable crash. This\nvulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and\nFirefox < 71. (CVE-2019-17008)\n\nMozilla developers reported memory safety bugs present in Firefox 70\nand Firefox ESR 68.2. Some of these bugs showed evidence of memory\ncorruption and we presume that with enough effort some of these could\nhave been exploited to run arbitrary code. This vulnerability affects\nThunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71.\n(CVE-2019-17012)\n\nUnder certain conditions, when retrieving a document from a DocShell\nin the antitracking code, a race condition could cause a\nuse-after-free condition and a potentially exploitable crash. This\nvulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and\nFirefox < 71. (CVE-2019-17011)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/AL2/ALAS-2020-1386.html\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Run 'yum update thunderbird' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:thunderbird-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/01/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/01/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/01/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"2\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"AL2\", cpu:\"x86_64\", reference:\"thunderbird-68.3.0-1.amzn2.0.1\", allowmaj:TRUE)) flag++;\nif (rpm_check(release:\"AL2\", cpu:\"x86_64\", reference:\"thunderbird-debuginfo-68.3.0-1.amzn2.0.1\", allowmaj:TRUE)) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"thunderbird / thunderbird-debuginfo\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-10T16:43:27", "description": "The remote Oracle Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2019-4205 advisory.\n\n - The plain text serializer used a fixed-size array for the number of <ol> elements it could process;\n however it was possible to overflow the static-sized array leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71.\n (CVE-2019-17005)\n\n - When using nested workers, a use-after-free could occur during worker destruction. This resulted in a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71. (CVE-2019-17008)\n\n - Under certain conditions, when checking the Resist Fingerprinting preference during device orientation checks, a race condition could have caused a use-after-free and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71. (CVE-2019-17010)\n\n - Under certain conditions, when retrieving a document from a DocShell in the antitracking code, a race condition could cause a use-after-free condition and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71. (CVE-2019-17011)\n\n - Mozilla developers reported memory safety bugs present in Firefox 70 and Firefox ESR 68.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71. (CVE-2019-17012)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-09-07T00:00:00", "type": "nessus", "title": "Oracle Linux 6 : thunderbird (ELSA-2019-4205)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-17005", "CVE-2019-17008", "CVE-2019-17010", "CVE-2019-17011", "CVE-2019-17012"], "modified": "2023-09-07T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:thunderbird"], "id": "ORACLELINUX_ELSA-2019-4205.NASL", "href": "https://www.tenable.com/plugins/nessus/180656", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2019-4205.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(180656);\n script_version(\"1.0\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/09/07\");\n\n script_cve_id(\n \"CVE-2019-17005\",\n \"CVE-2019-17008\",\n \"CVE-2019-17010\",\n \"CVE-2019-17011\",\n \"CVE-2019-17012\"\n );\n\n script_name(english:\"Oracle Linux 6 : thunderbird (ELSA-2019-4205)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the\nELSA-2019-4205 advisory.\n\n - The plain text serializer used a fixed-size array for the number of <ol> elements it could process;\n however it was possible to overflow the static-sized array leading to memory corruption and a potentially\n exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71.\n (CVE-2019-17005)\n\n - When using nested workers, a use-after-free could occur during worker destruction. This resulted in a\n potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and\n Firefox < 71. (CVE-2019-17008)\n\n - Under certain conditions, when checking the Resist Fingerprinting preference during device orientation\n checks, a race condition could have caused a use-after-free and a potentially exploitable crash. This\n vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71. (CVE-2019-17010)\n\n - Under certain conditions, when retrieving a document from a DocShell in the antitracking code, a race\n condition could cause a use-after-free condition and a potentially exploitable crash. This vulnerability\n affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71. (CVE-2019-17011)\n\n - Mozilla developers reported memory safety bugs present in Firefox 70 and Firefox ESR 68.2. Some of these\n bugs showed evidence of memory corruption and we presume that with enough effort some of these could have\n been exploited to run arbitrary code. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3,\n and Firefox < 71. (CVE-2019-17012)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2019-4205.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected thunderbird package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-17012\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/12/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/09/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:thunderbird\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(os_release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:os_release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 6', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar pkgs = [\n {'reference':'thunderbird-68.3.0-3.0.1.el6_10', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},\n {'reference':'thunderbird-68.3.0-3.0.1.el6_10', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release) {\n if (exists_check) {\n if (rpm_exists(release:_release, rpm:exists_check) && rpm_check(release:_release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'thunderbird');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:33:28", "description": "This update upgrades Thunderbird to version 68.3.0.\n\nSecurity Fix(es) :\n\n - Mozilla: Use-after-free in worker destruction (CVE-2019-17008)\n\n - Mozilla: Memory safety bugs fixed in Firefox 71 and Firefox ESR 68.3 (CVE-2019-17012)\n\n - Mozilla: Buffer overflow in plain text serializer (CVE-2019-17005)\n\n - Mozilla: Use-after-free when performing device orientation checks (CVE-2019-17010)\n\n - Mozilla: Use-after-free when retrieving a document in antitracking (CVE-2019-17011)", "cvss3": {}, "published": "2019-12-12T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : thunderbird on SL6.x i386/x86_64 (20191211)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-17005", "CVE-2019-17008", "CVE-2019-17010", "CVE-2019-17011", "CVE-2019-17012"], "modified": "2020-05-29T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:thunderbird", "p-cpe:/a:fermilab:scientific_linux:thunderbird-debuginfo", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20191211_THUNDERBIRD_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/nessus/131990", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(131990);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/05/29\");\n\n script_cve_id(\"CVE-2019-17005\", \"CVE-2019-17008\", \"CVE-2019-17010\", \"CVE-2019-17011\", \"CVE-2019-17012\");\n\n script_name(english:\"Scientific Linux Security Update : thunderbird on SL6.x i386/x86_64 (20191211)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update upgrades Thunderbird to version 68.3.0.\n\nSecurity Fix(es) :\n\n - Mozilla: Use-after-free in worker destruction\n (CVE-2019-17008)\n\n - Mozilla: Memory safety bugs fixed in Firefox 71 and\n Firefox ESR 68.3 (CVE-2019-17012)\n\n - Mozilla: Buffer overflow in plain text serializer\n (CVE-2019-17005)\n\n - Mozilla: Use-after-free when performing device\n orientation checks (CVE-2019-17010)\n\n - Mozilla: Use-after-free when retrieving a document in\n antitracking (CVE-2019-17011)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1912&L=SCIENTIFIC-LINUX-ERRATA&P=10058\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0e6e5fb5\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Update the affected thunderbird and / or thunderbird-debuginfo\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-17012\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:thunderbird-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/01/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 6.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"thunderbird-68.3.0-3.el6_10\", allowmaj:TRUE)) flag++;\nif (rpm_check(release:\"SL6\", reference:\"thunderbird-debuginfo-68.3.0-3.el6_10\", allowmaj:TRUE)) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"thunderbird / thunderbird-debuginfo\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-25T14:32:11", "description": "An update for firefox is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nMozilla Firefox is an open source web browser, designed for standards compliance, performance, and portability.\n\nThis update upgrades Firefox to version 68.3.0 ESR.\n\nSecurity Fix(es) :\n\n* Mozilla: Use-after-free in worker destruction (CVE-2019-17008)\n\n* Mozilla: Memory safety bugs fixed in Firefox 71 and Firefox ESR 68.3 (CVE-2019-17012)\n\n* Mozilla: Buffer overflow in plain text serializer (CVE-2019-17005)\n\n* Mozilla: Use-after-free when performing device orientation checks (CVE-2019-17010)\n\n* Mozilla: Use-after-free when retrieving a document in antitracking (CVE-2019-17011)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {}, "published": "2019-12-06T00:00:00", "type": "nessus", "title": "RHEL 7 : firefox (RHSA-2019:4107)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-17005", "CVE-2019-17008", "CVE-2019-17010", "CVE-2019-17011", "CVE-2019-17012"], "modified": "2020-05-29T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:firefox", "p-cpe:/a:redhat:enterprise_linux:firefox-debuginfo", "cpe:/o:redhat:enterprise_linux:7", "cpe:/o:redhat:enterprise_linux:7.7"], "id": "REDHAT-RHSA-2019-4107.NASL", "href": "https://www.tenable.com/plugins/nessus/131745", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2019:4107. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(131745);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/05/29\");\n\n script_cve_id(\"CVE-2019-17005\", \"CVE-2019-17008\", \"CVE-2019-17010\", \"CVE-2019-17011\", \"CVE-2019-17012\");\n script_xref(name:\"RHSA\", value:\"2019:4107\");\n\n script_name(english:\"RHEL 7 : firefox (RHSA-2019:4107)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"An update for firefox is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Critical. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nMozilla Firefox is an open source web browser, designed for standards\ncompliance, performance, and portability.\n\nThis update upgrades Firefox to version 68.3.0 ESR.\n\nSecurity Fix(es) :\n\n* Mozilla: Use-after-free in worker destruction (CVE-2019-17008)\n\n* Mozilla: Memory safety bugs fixed in Firefox 71 and Firefox ESR 68.3\n(CVE-2019-17012)\n\n* Mozilla: Buffer overflow in plain text serializer (CVE-2019-17005)\n\n* Mozilla: Use-after-free when performing device orientation checks\n(CVE-2019-17010)\n\n* Mozilla: Use-after-free when retrieving a document in antitracking\n(CVE-2019-17011)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2019-37/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2019:4107\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-17005\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-17008\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-17010\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-17011\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-17012\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected firefox and / or firefox-debuginfo packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-17012\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:firefox-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/01/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2019:4107\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", cpu:\"i686\", reference:\"firefox-68.3.0-1.el7_7\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"firefox-68.3.0-1.el7_7\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"firefox-68.3.0-1.el7_7\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"i686\", reference:\"firefox-debuginfo-68.3.0-1.el7_7\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"firefox-debuginfo-68.3.0-1.el7_7\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"firefox-debuginfo-68.3.0-1.el7_7\", allowmaj:TRUE)) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox / firefox-debuginfo\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:33:10", "description": "An update for firefox is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nMozilla Firefox is an open source web browser, designed for standards compliance, performance, and portability.\n\nThis update upgrades Firefox to version 68.3.0 ESR.\n\nSecurity Fix(es) :\n\n* Mozilla: Use-after-free in worker destruction (CVE-2019-17008)\n\n* Mozilla: Memory safety bugs fixed in Firefox 71 and Firefox ESR 68.3 (CVE-2019-17012)\n\n* Mozilla: Buffer overflow in plain text serializer (CVE-2019-17005)\n\n* Mozilla: Use-after-free when performing device orientation checks (CVE-2019-17010)\n\n* Mozilla: Use-after-free when retrieving a document in antitracking (CVE-2019-17011)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {}, "published": "2019-12-06T00:00:00", "type": "nessus", "title": "RHEL 8 : firefox (RHSA-2019:4111)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-17005", "CVE-2019-17008", "CVE-2019-17010", "CVE-2019-17011", "CVE-2019-17012"], "modified": "2020-05-29T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:firefox", "p-cpe:/a:redhat:enterprise_linux:firefox-debuginfo", "p-cpe:/a:redhat:enterprise_linux:firefox-debugsource", "cpe:/o:redhat:enterprise_linux:8", "cpe:/o:redhat:enterprise_linux:8.1"], "id": "REDHAT-RHSA-2019-4111.NASL", "href": "https://www.tenable.com/plugins/nessus/131749", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2019:4111. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(131749);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/05/29\");\n\n script_cve_id(\"CVE-2019-17005\", \"CVE-2019-17008\", \"CVE-2019-17010\", \"CVE-2019-17011\", \"CVE-2019-17012\");\n script_xref(name:\"RHSA\", value:\"2019:4111\");\n\n script_name(english:\"RHEL 8 : firefox (RHSA-2019:4111)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"An update for firefox is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Critical. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nMozilla Firefox is an open source web browser, designed for standards\ncompliance, performance, and portability.\n\nThis update upgrades Firefox to version 68.3.0 ESR.\n\nSecurity Fix(es) :\n\n* Mozilla: Use-after-free in worker destruction (CVE-2019-17008)\n\n* Mozilla: Memory safety bugs fixed in Firefox 71 and Firefox ESR 68.3\n(CVE-2019-17012)\n\n* Mozilla: Buffer overflow in plain text serializer (CVE-2019-17005)\n\n* Mozilla: Use-after-free when performing device orientation checks\n(CVE-2019-17010)\n\n* Mozilla: Use-after-free when retrieving a document in antitracking\n(CVE-2019-17011)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2019-37/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2019:4111\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-17005\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-17008\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-17010\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-17011\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-17012\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Update the affected firefox, firefox-debuginfo and / or\nfirefox-debugsource packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-17012\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:firefox-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:firefox-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/01/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 8.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2019:4111\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"firefox-68.3.0-1.el8_1\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"firefox-68.3.0-1.el8_1\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"firefox-debuginfo-68.3.0-1.el8_1\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"firefox-debuginfo-68.3.0-1.el8_1\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"firefox-debugsource-68.3.0-1.el8_1\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"firefox-debugsource-68.3.0-1.el8_1\", allowmaj:TRUE)) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox / firefox-debuginfo / firefox-debugsource\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:33:23", "description": "Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code.", "cvss3": {}, "published": "2019-12-10T00:00:00", "type": "nessus", "title": "Debian DSA-4580-1 : firefox-esr - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-17005", "CVE-2019-17008", "CVE-2019-17010", "CVE-2019-17011", "CVE-2019-17012"], "modified": "2020-01-15T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:firefox-esr", "cpe:/o:debian:debian_linux:10.0", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DSA-4580.NASL", "href": "https://www.tenable.com/plugins/nessus/131838", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-4580. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(131838);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2020/01/15\");\n\n script_cve_id(\"CVE-2019-17005\", \"CVE-2019-17008\", \"CVE-2019-17010\", \"CVE-2019-17011\", \"CVE-2019-17012\");\n script_xref(name:\"DSA\", value:\"4580\");\n\n script_name(english:\"Debian DSA-4580-1 : firefox-esr - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple security issues have been found in the Mozilla Firefox web\nbrowser, which could potentially result in the execution of arbitrary\ncode.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/firefox-esr\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/firefox-esr\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/buster/firefox-esr\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2019/dsa-4580\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the firefox-esr packages.\n\nFor the oldstable distribution (stretch), these problems have been\nfixed in version 68.3.0esr-1~deb9u1.\n\nFor the stable distribution (buster), these problems have been fixed\nin version 68.3.0esr-1~deb10u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-17012\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:10.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/01/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr\", reference:\"68.3.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-ach\", reference:\"68.3.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-af\", reference:\"68.3.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-all\", reference:\"68.3.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-an\", reference:\"68.3.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-ar\", reference:\"68.3.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-as\", reference:\"68.3.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-ast\", reference:\"68.3.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-az\", reference:\"68.3.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-be\", reference:\"68.3.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-bg\", reference:\"68.3.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-bn-bd\", reference:\"68.3.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-bn-in\", reference:\"68.3.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-br\", reference:\"68.3.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-bs\", reference:\"68.3.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-ca\", reference:\"68.3.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-cak\", reference:\"68.3.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-cs\", reference:\"68.3.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-cy\", reference:\"68.3.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-da\", reference:\"68.3.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-de\", reference:\"68.3.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-dsb\", reference:\"68.3.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-el\", reference:\"68.3.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-en-gb\", reference:\"68.3.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-en-za\", reference:\"68.3.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-eo\", reference:\"68.3.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-es-ar\", reference:\"68.3.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-es-cl\", reference:\"68.3.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-es-es\", reference:\"68.3.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-es-mx\", reference:\"68.3.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-et\", reference:\"68.3.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-eu\", reference:\"68.3.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-fa\", reference:\"68.3.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-ff\", reference:\"68.3.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-fi\", reference:\"68.3.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-fr\", reference:\"68.3.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-fy-nl\", reference:\"68.3.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-ga-ie\", reference:\"68.3.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-gd\", reference:\"68.3.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-gl\", reference:\"68.3.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-gn\", reference:\"68.3.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-gu-in\", reference:\"68.3.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-he\", reference:\"68.3.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-hi-in\", reference:\"68.3.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-hr\", reference:\"68.3.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-hsb\", reference:\"68.3.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-hu\", reference:\"68.3.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-hy-am\", reference:\"68.3.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-ia\", reference:\"68.3.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-id\", reference:\"68.3.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-is\", reference:\"68.3.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-it\", reference:\"68.3.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-ja\", reference:\"68.3.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-ka\", reference:\"68.3.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-kab\", reference:\"68.3.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-kk\", reference:\"68.3.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-km\", reference:\"68.3.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-kn\", reference:\"68.3.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-ko\", reference:\"68.3.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-lij\", reference:\"68.3.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-lt\", reference:\"68.3.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-lv\", reference:\"68.3.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-mai\", reference:\"68.3.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-mk\", reference:\"68.3.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-ml\", reference:\"68.3.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-mr\", reference:\"68.3.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-ms\", reference:\"68.3.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-my\", reference:\"68.3.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-nb-no\", reference:\"68.3.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-ne-np\", reference:\"68.3.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-nl\", reference:\"68.3.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-nn-no\", reference:\"68.3.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-oc\", reference:\"68.3.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-or\", reference:\"68.3.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-pa-in\", reference:\"68.3.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-pl\", reference:\"68.3.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-pt-br\", reference:\"68.3.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-pt-pt\", reference:\"68.3.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-rm\", reference:\"68.3.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-ro\", reference:\"68.3.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-ru\", reference:\"68.3.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-si\", reference:\"68.3.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-sk\", reference:\"68.3.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-sl\", reference:\"68.3.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-son\", reference:\"68.3.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-sq\", reference:\"68.3.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-sr\", reference:\"68.3.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-sv-se\", reference:\"68.3.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-ta\", reference:\"68.3.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-te\", reference:\"68.3.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-th\", reference:\"68.3.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-tr\", reference:\"68.3.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-uk\", reference:\"68.3.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-ur\", reference:\"68.3.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-uz\", reference:\"68.3.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-vi\", reference:\"68.3.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-xh\", reference:\"68.3.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-zh-cn\", reference:\"68.3.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-zh-tw\", reference:\"68.3.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr\", reference:\"68.3.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-dev\", reference:\"68.3.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-ach\", reference:\"68.3.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-af\", reference:\"68.3.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-all\", reference:\"68.3.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-an\", reference:\"68.3.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-ar\", reference:\"68.3.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-as\", reference:\"68.3.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-ast\", reference:\"68.3.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-az\", reference:\"68.3.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-bg\", reference:\"68.3.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-bn-bd\", reference:\"68.3.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-bn-in\", reference:\"68.3.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-br\", reference:\"68.3.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-bs\", reference:\"68.3.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-ca\", reference:\"68.3.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-cak\", reference:\"68.3.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-cs\", reference:\"68.3.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-cy\", reference:\"68.3.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-da\", reference:\"68.3.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-de\", reference:\"68.3.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-dsb\", reference:\"68.3.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-el\", reference:\"68.3.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-en-gb\", reference:\"68.3.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-en-za\", reference:\"68.3.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-eo\", reference:\"68.3.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-es-ar\", reference:\"68.3.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-es-cl\", reference:\"68.3.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-es-es\", reference:\"68.3.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-es-mx\", reference:\"68.3.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-et\", reference:\"68.3.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-eu\", reference:\"68.3.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-fa\", reference:\"68.3.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-ff\", reference:\"68.3.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-fi\", reference:\"68.3.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-fr\", reference:\"68.3.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-fy-nl\", reference:\"68.3.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-ga-ie\", reference:\"68.3.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-gd\", reference:\"68.3.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-gl\", reference:\"68.3.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-gn\", reference:\"68.3.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-gu-in\", reference:\"68.3.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-he\", reference:\"68.3.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-hi-in\", reference:\"68.3.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-hr\", reference:\"68.3.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-hsb\", reference:\"68.3.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-hu\", reference:\"68.3.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-hy-am\", reference:\"68.3.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-id\", reference:\"68.3.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-is\", reference:\"68.3.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-it\", reference:\"68.3.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-ja\", reference:\"68.3.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-ka\", reference:\"68.3.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-kab\", reference:\"68.3.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-kk\", reference:\"68.3.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-km\", reference:\"68.3.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-kn\", reference:\"68.3.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-ko\", reference:\"68.3.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-lij\", reference:\"68.3.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-lt\", reference:\"68.3.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-lv\", reference:\"68.3.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-mai\", reference:\"68.3.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-mk\", reference:\"68.3.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-ml\", reference:\"68.3.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-mr\", reference:\"68.3.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-ms\", reference:\"68.3.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-nb-no\", reference:\"68.3.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-nl\", reference:\"68.3.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-nn-no\", reference:\"68.3.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-or\", reference:\"68.3.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-pa-in\", reference:\"68.3.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-pl\", reference:\"68.3.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-pt-br\", reference:\"68.3.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-pt-pt\", reference:\"68.3.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-rm\", reference:\"68.3.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-ro\", reference:\"68.3.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-ru\", reference:\"68.3.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-si\", reference:\"68.3.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-sk\", reference:\"68.3.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-sl\", reference:\"68.3.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-son\", reference:\"68.3.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-sq\", reference:\"68.3.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-sr\", reference:\"68.3.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-sv-se\", reference:\"68.3.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-ta\", reference:\"68.3.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-te\", reference:\"68.3.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-th\", reference:\"68.3.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-tr\", reference:\"68.3.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-uk\", reference:\"68.3.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-uz\", reference:\"68.3.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-vi\", reference:\"68.3.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-xh\", reference:\"68.3.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-zh-cn\", reference:\"68.3.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-zh-tw\", reference:\"68.3.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel\", reference:\"68.3.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-dev\", reference:\"68.3.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-ach\", reference:\"68.3.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-af\", reference:\"68.3.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-all\", reference:\"68.3.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-an\", reference:\"68.3.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-ar\", reference:\"68.3.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-as\", reference:\"68.3.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-ast\", reference:\"68.3.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-az\", reference:\"68.3.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-bg\", reference:\"68.3.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-bn-bd\", reference:\"68.3.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-bn-in\", reference:\"68.3.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-br\", reference:\"68.3.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-bs\", reference:\"68.3.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-ca\", reference:\"68.3.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-cak\", reference:\"68.3.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-cs\", reference:\"68.3.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-cy\", reference:\"68.3.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-da\", reference:\"68.3.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-de\", reference:\"68.3.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-dsb\", reference:\"68.3.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-el\", reference:\"68.3.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-en-gb\", reference:\"68.3.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-en-za\", reference:\"68.3.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-eo\", reference:\"68.3.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-es-ar\", reference:\"68.3.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-es-cl\", reference:\"68.3.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-es-es\", reference:\"68.3.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-es-mx\", reference:\"68.3.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-et\", reference:\"68.3.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-eu\", reference:\"68.3.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-fa\", reference:\"68.3.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-ff\", reference:\"68.3.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-fi\", reference:\"68.3.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-fr\", reference:\"68.3.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-fy-nl\", reference:\"68.3.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-ga-ie\", reference:\"68.3.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-gd\", reference:\"68.3.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-gl\", reference:\"68.3.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-gn\", reference:\"68.3.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-gu-in\", reference:\"68.3.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-he\", reference:\"68.3.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-hi-in\", reference:\"68.3.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-hr\", reference:\"68.3.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-hsb\", reference:\"68.3.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-hu\", reference:\"68.3.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-hy-am\", reference:\"68.3.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-id\", reference:\"68.3.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-is\", reference:\"68.3.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-it\", reference:\"68.3.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-ja\", reference:\"68.3.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-ka\", reference:\"68.3.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-kab\", reference:\"68.3.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-kk\", reference:\"68.3.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-km\", reference:\"68.3.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-kn\", reference:\"68.3.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-ko\", reference:\"68.3.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-lij\", reference:\"68.3.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-lt\", reference:\"68.3.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-lv\", reference:\"68.3.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-mai\", reference:\"68.3.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-mk\", reference:\"68.3.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-ml\", reference:\"68.3.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-mr\", reference:\"68.3.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-ms\", reference:\"68.3.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-nb-no\", reference:\"68.3.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-nl\", reference:\"68.3.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-nn-no\", reference:\"68.3.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-or\", reference:\"68.3.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-pa-in\", reference:\"68.3.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-pl\", reference:\"68.3.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-pt-br\", reference:\"68.3.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-pt-pt\", reference:\"68.3.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-rm\", reference:\"68.3.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-ro\", reference:\"68.3.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-ru\", reference:\"68.3.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-si\", reference:\"68.3.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-sk\", reference:\"68.3.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-sl\", reference:\"68.3.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-son\", reference:\"68.3.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-sq\", reference:\"68.3.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-sr\", reference:\"68.3.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-sv-se\", reference:\"68.3.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-ta\", reference:\"68.3.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-te\", reference:\"68.3.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-th\", reference:\"68.3.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-tr\", reference:\"68.3.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-uk\", reference:\"68.3.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-uz\", reference:\"68.3.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-vi\", reference:\"68.3.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-xh\", reference:\"68.3.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-zh-cn\", reference:\"68.3.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-zh-tw\", reference:\"68.3.0esr-1~deb9u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:33:05", "description": "An update for firefox is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nMozilla Firefox is an open source web browser, designed for standards compliance, performance, and portability.\n\nThis update upgrades Firefox to version 68.3.0 ESR.\n\nSecurity Fix(es) :\n\n* Mozilla: Use-after-free in worker destruction (CVE-2019-17008)\n\n* Mozilla: Memory safety bugs fixed in Firefox 71 and Firefox ESR 68.3 (CVE-2019-17012)\n\n* Mozilla: Buffer overflow in plain text serializer (CVE-2019-17005)\n\n* Mozilla: Use-after-free when performing device orientation checks (CVE-2019-17010)\n\n* Mozilla: Use-after-free when retrieving a document in antitracking (CVE-2019-17011)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {}, "published": "2019-12-27T00:00:00", "type": "nessus", "title": "CentOS 7 : firefox (CESA-2019:4107)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-17005", "CVE-2019-17008", "CVE-2019-17010", "CVE-2019-17011", "CVE-2019-17012"], "modified": "2020-02-18T00:00:00", "cpe": ["p-cpe:/a:centos:centos:firefox", "cpe:/o:centos:centos:7"], "id": "CENTOS_RHSA-2019-4107.NASL", "href": "https://www.tenable.com/plugins/nessus/132398", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2019:4107 and \n# CentOS Errata and Security Advisory 2019:4107 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(132398);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2020/02/18\");\n\n script_cve_id(\"CVE-2019-17005\", \"CVE-2019-17008\", \"CVE-2019-17010\", \"CVE-2019-17011\", \"CVE-2019-17012\");\n script_xref(name:\"RHSA\", value:\"2019:4107\");\n\n script_name(english:\"CentOS 7 : firefox (CESA-2019:4107)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for firefox is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Critical. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nMozilla Firefox is an open source web browser, designed for standards\ncompliance, performance, and portability.\n\nThis update upgrades Firefox to version 68.3.0 ESR.\n\nSecurity Fix(es) :\n\n* Mozilla: Use-after-free in worker destruction (CVE-2019-17008)\n\n* Mozilla: Memory safety bugs fixed in Firefox 71 and Firefox ESR 68.3\n(CVE-2019-17012)\n\n* Mozilla: Buffer overflow in plain text serializer (CVE-2019-17005)\n\n* Mozilla: Use-after-free when performing device orientation checks\n(CVE-2019-17010)\n\n* Mozilla: Use-after-free when retrieving a document in antitracking\n(CVE-2019-17011)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2019-December/035595.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?11267f02\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected firefox package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-17012\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/01/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/27\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 7.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"firefox-68.3.0-1.el7.centos\", allowmaj:TRUE)) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-25T14:32:05", "description": "The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has firefox packages installed that are affected by multiple vulnerabilities: Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2019-12-31T00:00:00", "type": "nessus", "title": "NewStart CGSL CORE 5.04 / MAIN 5.04 : firefox Multiple Vulnerabilities (NS-SA-2019-0261)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-17005", "CVE-2019-17008", "CVE-2019-17010", "CVE-2019-17011", "CVE-2019-17012"], "modified": "2021-01-14T00:00:00", "cpe": [], "id": "NEWSTART_CGSL_NS-SA-2019-0261_FIREFOX.NASL", "href": "https://www.tenable.com/plugins/nessus/132438", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\n\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2019-0261. The text\n# itself is copyright (C) ZTE, Inc.\n\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(132438);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\n \"CVE-2019-17005\",\n \"CVE-2019-17008\",\n \"CVE-2019-17010\",\n \"CVE-2019-17011\",\n \"CVE-2019-17012\"\n );\n\n script_name(english:\"NewStart CGSL CORE 5.04 / MAIN 5.04 : firefox Multiple Vulnerabilities (NS-SA-2019-0261)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote machine is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has firefox packages installed that are affected\nby multiple vulnerabilities: Note that Nessus has not tested for this issue but has instead relied only on the\napplication's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2019-0261\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL firefox packages. Note that updated packages may not be available yet. Please contact ZTE\nfor more information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-17012\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/12/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/31\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/ZTE-CGSL/release\");\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, \"NewStart Carrier Grade Server Linux\");\n\nif (release !~ \"CGSL CORE 5.04\" &&\n release !~ \"CGSL MAIN 5.04\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL CORE 5.04 / NewStart CGSL MAIN 5.04');\n\nif (!get_kb_item(\"Host/ZTE-CGSL/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"NewStart Carrier Grade Server Linux\", cpu);\n\nflag = 0;\n\npkgs = {\n \"CGSL CORE 5.04\": [\n \"firefox-68.3.0-1.el7.centos\",\n \"firefox-debuginfo-68.3.0-1.el7.centos\"\n ],\n \"CGSL MAIN 5.04\": [\n \"firefox-68.3.0-1.el7.centos\",\n \"firefox-debuginfo-68.3.0-1.el7.centos\"\n ]\n};\npkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:\"ZTE \" + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox\");\n}\n\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:33:26", "description": "An update for thunderbird is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 68.3.0.\n\nSecurity Fix(es) :\n\n* Mozilla: Use-after-free in worker destruction (CVE-2019-17008)\n\n* Mozilla: Memory safety bugs fixed in Firefox 71 and Firefox ESR 68.3 (CVE-2019-17012)\n\n* Mozilla: Buffer overflow in plain text serializer (CVE-2019-17005)\n\n* Mozilla: Use-after-free when performing device orientation checks (CVE-2019-17010)\n\n* Mozilla: Use-after-free when retrieving a document in antitracking (CVE-2019-17011)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {}, "published": "2019-12-12T00:00:00", "type": "nessus", "title": "RHEL 8 : thunderbird (RHSA-2019:4195)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-17005", "CVE-2019-17008", "CVE-2019-17010", "CVE-2019-17011", "CVE-2019-17012"], "modified": "2020-05-29T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:thunderbird", "p-cpe:/a:redhat:enterprise_linux:thunderbird-debuginfo", "p-cpe:/a:redhat:enterprise_linux:thunderbird-debugsource", "cpe:/o:redhat:enterprise_linux:8", "cpe:/o:redhat:enterprise_linux:8.1"], "id": "REDHAT-RHSA-2019-4195.NASL", "href": "https://www.tenable.com/plugins/nessus/131985", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2019:4195. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(131985);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/05/29\");\n\n script_cve_id(\"CVE-2019-17005\", \"CVE-2019-17008\", \"CVE-2019-17010\", \"CVE-2019-17011\", \"CVE-2019-17012\");\n script_xref(name:\"RHSA\", value:\"2019:4195\");\n\n script_name(english:\"RHEL 8 : thunderbird (RHSA-2019:4195)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"An update for thunderbird is now available for Red Hat Enterprise\nLinux 8.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 68.3.0.\n\nSecurity Fix(es) :\n\n* Mozilla: Use-after-free in worker destruction (CVE-2019-17008)\n\n* Mozilla: Memory safety bugs fixed in Firefox 71 and Firefox ESR 68.3\n(CVE-2019-17012)\n\n* Mozilla: Buffer overflow in plain text serializer (CVE-2019-17005)\n\n* Mozilla: Use-after-free when performing device orientation checks\n(CVE-2019-17010)\n\n* Mozilla: Use-after-free when retrieving a document in antitracking\n(CVE-2019-17011)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2019-38/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2019:4195\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-17005\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-17008\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-17010\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-17011\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-17012\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Update the affected thunderbird, thunderbird-debuginfo and / or\nthunderbird-debugsource packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-17012\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:thunderbird-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:thunderbird-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/01/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 8.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2019:4195\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"thunderbird-68.3.0-2.el8_1\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"thunderbird-debuginfo-68.3.0-2.el8_1\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"thunderbird-debugsource-68.3.0-2.el8_1\", allowmaj:TRUE)) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"thunderbird / thunderbird-debuginfo / thunderbird-debugsource\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:22:39", "description": "The remote CentOS Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the CESA-2019:4111 advisory.\n\n - Mozilla: Buffer overflow in plain text serializer (CVE-2019-17005)\n\n - Mozilla: Use-after-free in worker destruction (CVE-2019-17008)\n\n - Mozilla: Use-after-free when performing device orientation checks (CVE-2019-17010)\n\n - Mozilla: Use-after-free when retrieving a document in antitracking (CVE-2019-17011)\n\n - Mozilla: Memory safety bugs fixed in Firefox 71 and Firefox ESR 68.3 (CVE-2019-17012)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-01-29T00:00:00", "type": "nessus", "title": "CentOS 8 : firefox (CESA-2019:4111)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-17005", "CVE-2019-17008", "CVE-2019-17010", "CVE-2019-17011", "CVE-2019-17012"], "modified": "2021-03-23T00:00:00", "cpe": ["cpe:/o:centos:centos:8", "p-cpe:/a:centos:centos:firefox"], "id": "CENTOS8_RHSA-2019-4111.NASL", "href": "https://www.tenable.com/plugins/nessus/145585", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# Red Hat Security Advisory RHSA-2019:4111. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(145585);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/03/23\");\n\n script_cve_id(\n \"CVE-2019-17005\",\n \"CVE-2019-17008\",\n \"CVE-2019-17010\",\n \"CVE-2019-17011\",\n \"CVE-2019-17012\"\n );\n script_xref(name:\"RHSA\", value:\"2019:4111\");\n\n script_name(english:\"CentOS 8 : firefox (CESA-2019:4111)\");\n script_summary(english:\"Checks the rpm output for the updated package\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CentOS host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote CentOS Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the\nCESA-2019:4111 advisory.\n\n - Mozilla: Buffer overflow in plain text serializer (CVE-2019-17005)\n\n - Mozilla: Use-after-free in worker destruction (CVE-2019-17008)\n\n - Mozilla: Use-after-free when performing device orientation checks (CVE-2019-17010)\n\n - Mozilla: Use-after-free when retrieving a document in antitracking (CVE-2019-17011)\n\n - Mozilla: Memory safety bugs fixed in Firefox 71 and Firefox ESR 68.3 (CVE-2019-17012)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2019:4111\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected firefox package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-17012\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/12/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/01/29\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:firefox\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CentOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/CentOS/release');\nif (isnull(release) || 'CentOS' >!< release) audit(AUDIT_OS_NOT, 'CentOS');\nos_ver = pregmatch(pattern: \"CentOS(?: Stream)?(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'CentOS');\nos_ver = os_ver[1];\nif ('CentOS Stream' >< release) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS Stream ' + os_ver);\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS ' + os_ver);\n\nif (!get_kb_item('Host/CentOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'CentOS', cpu);\n\npkgs = [\n {'reference':'firefox-68.3.0-1.el8_1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},\n {'reference':'firefox-68.3.0-1.el8_1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'CentOS-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'firefox');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:33:29", "description": "An update for thunderbird is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 68.3.0.\n\nSecurity Fix(es) :\n\n* Mozilla: Use-after-free in worker destruction (CVE-2019-17008)\n\n* Mozilla: Memory safety bugs fixed in Firefox 71 and Firefox ESR 68.3 (CVE-2019-17012)\n\n* Mozilla: Buffer overflow in plain text serializer (CVE-2019-17005)\n\n* Mozilla: Use-after-free when performing device orientation checks (CVE-2019-17010)\n\n* Mozilla: Use-after-free when retrieving a document in antitracking (CVE-2019-17011)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {}, "published": "2019-12-12T00:00:00", "type": "nessus", "title": "RHEL 7 : thunderbird (RHSA-2019:4148)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-17005", "CVE-2019-17008", "CVE-2019-17010", "CVE-2019-17011", "CVE-2019-17012"], "modified": "2020-05-29T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:thunderbird", "p-cpe:/a:redhat:enterprise_linux:thunderbird-debuginfo", "cpe:/o:redhat:enterprise_linux:7", "cpe:/o:redhat:enterprise_linux:7.7"], "id": "REDHAT-RHSA-2019-4148.NASL", "href": "https://www.tenable.com/plugins/nessus/131977", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2019:4148. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(131977);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/05/29\");\n\n script_cve_id(\"CVE-2019-17005\", \"CVE-2019-17008\", \"CVE-2019-17010\", \"CVE-2019-17011\", \"CVE-2019-17012\");\n script_xref(name:\"RHSA\", value:\"2019:4148\");\n\n script_name(english:\"RHEL 7 : thunderbird (RHSA-2019:4148)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"An update for thunderbird is now available for Red Hat Enterprise\nLinux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 68.3.0.\n\nSecurity Fix(es) :\n\n* Mozilla: Use-after-free in worker destruction (CVE-2019-17008)\n\n* Mozilla: Memory safety bugs fixed in Firefox 71 and Firefox ESR 68.3\n(CVE-2019-17012)\n\n* Mozilla: Buffer overflow in plain text serializer (CVE-2019-17005)\n\n* Mozilla: Use-after-free when performing device orientation checks\n(CVE-2019-17010)\n\n* Mozilla: Use-after-free when retrieving a document in antitracking\n(CVE-2019-17011)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2019-38/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2019:4148\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-17005\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-17008\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-17010\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-17011\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-17012\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Update the affected thunderbird and / or thunderbird-debuginfo\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-17012\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:thunderbird-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/01/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2019:4148\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"thunderbird-68.3.0-1.el7_7\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"thunderbird-debuginfo-68.3.0-1.el7_7\", allowmaj:TRUE)) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"thunderbird / thunderbird-debuginfo\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:32:56", "description": "An update for thunderbird is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 68.3.0.\n\nSecurity Fix(es) :\n\n* Mozilla: Use-after-free in worker destruction (CVE-2019-17008)\n\n* Mozilla: Memory safety bugs fixed in Firefox 71 and Firefox ESR 68.3 (CVE-2019-17012)\n\n* Mozilla: Buffer overflow in plain text serializer (CVE-2019-17005)\n\n* Mozilla: Use-after-free when performing device orientation checks (CVE-2019-17010)\n\n* Mozilla: Use-after-free when retrieving a document in antitracking (CVE-2019-17011)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {}, "published": "2019-12-12T00:00:00", "type": "nessus", "title": "RHEL 6 : thunderbird (RHSA-2019:4205)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-17005", "CVE-2019-17008", "CVE-2019-17010", "CVE-2019-17011", "CVE-2019-17012"], "modified": "2020-05-29T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:thunderbird", "p-cpe:/a:redhat:enterprise_linux:thunderbird-debuginfo", "cpe:/o:redhat:enterprise_linux:6"], "id": "REDHAT-RHSA-2019-4205.NASL", "href": "https://www.tenable.com/plugins/nessus/131986", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2019:4205. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(131986);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/05/29\");\n\n script_cve_id(\"CVE-2019-17005\", \"CVE-2019-17008\", \"CVE-2019-17010\", \"CVE-2019-17011\", \"CVE-2019-17012\");\n script_xref(name:\"RHSA\", value:\"2019:4205\");\n\n script_name(english:\"RHEL 6 : thunderbird (RHSA-2019:4205)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"An update for thunderbird is now available for Red Hat Enterprise\nLinux 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 68.3.0.\n\nSecurity Fix(es) :\n\n* Mozilla: Use-after-free in worker destruction (CVE-2019-17008)\n\n* Mozilla: Memory safety bugs fixed in Firefox 71 and Firefox ESR 68.3\n(CVE-2019-17012)\n\n* Mozilla: Buffer overflow in plain text serializer (CVE-2019-17005)\n\n* Mozilla: Use-after-free when performing device orientation checks\n(CVE-2019-17010)\n\n* Mozilla: Use-after-free when retrieving a document in antitracking\n(CVE-2019-17011)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2019-38/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2019:4205\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-17005\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-17008\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-17010\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-17011\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-17012\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Update the affected thunderbird and / or thunderbird-debuginfo\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-17012\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:thunderbird-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/01/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2019:4205\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"thunderbird-68.3.0-3.el6_10\", allowmaj:TRUE)) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"thunderbird-68.3.0-3.el6_10\", allowmaj:TRUE)) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"thunderbird-68.3.0-3.el6_10\", allowmaj:TRUE)) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"thunderbird-debuginfo-68.3.0-3.el6_10\", allowmaj:TRUE)) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"thunderbird-debuginfo-68.3.0-3.el6_10\", allowmaj:TRUE)) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"thunderbird-debuginfo-68.3.0-3.el6_10\", allowmaj:TRUE)) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"thunderbird / thunderbird-debuginfo\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:33:11", "description": "An update for firefox is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nMozilla Firefox is an open source web browser, designed for standards compliance, performance, and portability.\n\nThis update upgrades Firefox to version 68.3.0 ESR.\n\nSecurity Fix(es) :\n\n* Mozilla: Use-after-free in worker destruction (CVE-2019-17008)\n\n* Mozilla: Memory safety bugs fixed in Firefox 71 and Firefox ESR 68.3 (CVE-2019-17012)\n\n* Mozilla: Buffer overflow in plain text serializer (CVE-2019-17005)\n\n* Mozilla: Use-after-free when performing device orientation checks (CVE-2019-17010)\n\n* Mozilla: Use-after-free when retrieving a document in antitracking (CVE-2019-17011)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {}, "published": "2019-12-06T00:00:00", "type": "nessus", "title": "RHEL 6 : firefox (RHSA-2019:4108)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-17005", "CVE-2019-17008", "CVE-2019-17010", "CVE-2019-17011", "CVE-2019-17012"], "modified": "2020-05-29T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:firefox", "p-cpe:/a:redhat:enterprise_linux:firefox-debuginfo", "cpe:/o:redhat:enterprise_linux:6"], "id": "REDHAT-RHSA-2019-4108.NASL", "href": "https://www.tenable.com/plugins/nessus/131746", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2019:4108. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(131746);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/05/29\");\n\n script_cve_id(\"CVE-2019-17005\", \"CVE-2019-17008\", \"CVE-2019-17010\", \"CVE-2019-17011\", \"CVE-2019-17012\");\n script_xref(name:\"RHSA\", value:\"2019:4108\");\n\n script_name(english:\"RHEL 6 : firefox (RHSA-2019:4108)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"An update for firefox is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Critical. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nMozilla Firefox is an open source web browser, designed for standards\ncompliance, performance, and portability.\n\nThis update upgrades Firefox to version 68.3.0 ESR.\n\nSecurity Fix(es) :\n\n* Mozilla: Use-after-free in worker destruction (CVE-2019-17008)\n\n* Mozilla: Memory safety bugs fixed in Firefox 71 and Firefox ESR 68.3\n(CVE-2019-17012)\n\n* Mozilla: Buffer overflow in plain text serializer (CVE-2019-17005)\n\n* Mozilla: Use-after-free when performing device orientation checks\n(CVE-2019-17010)\n\n* Mozilla: Use-after-free when retrieving a document in antitracking\n(CVE-2019-17011)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2019-37/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2019:4108\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-17005\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-17008\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-17010\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-17011\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-17012\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected firefox and / or firefox-debuginfo packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-17012\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:firefox-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/01/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2019:4108\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"firefox-68.3.0-1.el6_10\", allowmaj:TRUE)) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"firefox-68.3.0-1.el6_10\", allowmaj:TRUE)) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"firefox-68.3.0-1.el6_10\", allowmaj:TRUE)) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"firefox-debuginfo-68.3.0-1.el6_10\", allowmaj:TRUE)) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"firefox-debuginfo-68.3.0-1.el6_10\", allowmaj:TRUE)) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"firefox-debuginfo-68.3.0-1.el6_10\", allowmaj:TRUE)) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox / firefox-debuginfo\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-25T14:31:35", "description": "An update for thunderbird is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 68.3.0.\n\nSecurity Fix(es) :\n\n* Mozilla: Use-after-free in worker destruction (CVE-2019-17008)\n\n* Mozilla: Memory safety bugs fixed in Firefox 71 and Firefox ESR 68.3 (CVE-2019-17012)\n\n* Mozilla: Buffer overflow in plain text serializer (CVE-2019-17005)\n\n* Mozilla: Use-after-free when performing device orientation checks (CVE-2019-17010)\n\n* Mozilla: Use-after-free when retrieving a document in antitracking (CVE-2019-17011)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {}, "published": "2019-12-27T00:00:00", "type": "nessus", "title": "CentOS 7 : thunderbird (CESA-2019:4148)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-17005", "CVE-2019-17008", "CVE-2019-17010", "CVE-2019-17011", "CVE-2019-17012"], "modified": "2020-05-29T00:00:00", "cpe": ["p-cpe:/a:centos:centos:thunderbird", "cpe:/o:centos:centos:7"], "id": "CENTOS_RHSA-2019-4148.NASL", "href": "https://www.tenable.com/plugins/nessus/132399", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2019:4148 and \n# CentOS Errata and Security Advisory 2019:4148 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(132399);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/05/29\");\n\n script_cve_id(\"CVE-2019-17005\", \"CVE-2019-17008\", \"CVE-2019-17010\", \"CVE-2019-17011\", \"CVE-2019-17012\");\n script_xref(name:\"RHSA\", value:\"2019:4148\");\n\n script_name(english:\"CentOS 7 : thunderbird (CESA-2019:4148)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote CentOS host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"An update for thunderbird is now available for Red Hat Enterprise\nLinux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 68.3.0.\n\nSecurity Fix(es) :\n\n* Mozilla: Use-after-free in worker destruction (CVE-2019-17008)\n\n* Mozilla: Memory safety bugs fixed in Firefox 71 and Firefox ESR 68.3\n(CVE-2019-17012)\n\n* Mozilla: Buffer overflow in plain text serializer (CVE-2019-17005)\n\n* Mozilla: Use-after-free when performing device orientation checks\n(CVE-2019-17010)\n\n* Mozilla: Use-after-free when retrieving a document in antitracking\n(CVE-2019-17011)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2019-December/035594.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?873ea161\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected thunderbird package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-17012\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/01/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/27\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 7.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"thunderbird-68.3.0-1.el7.centos\", allowmaj:TRUE)) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"thunderbird\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:33:25", "description": "From Red Hat Security Advisory 2019:4195 :\n\nAn update for thunderbird is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 68.3.0.\n\nSecurity Fix(es) :\n\n* Mozilla: Use-after-free in worker destruction (CVE-2019-17008)\n\n* Mozilla: Memory safety bugs fixed in Firefox 71 and Firefox ESR 68.3 (CVE-2019-17012)\n\n* Mozilla: Buffer overflow in plain text serializer (CVE-2019-17005)\n\n* Mozilla: Use-after-free when performing device orientation checks (CVE-2019-17010)\n\n* Mozilla: Use-after-free when retrieving a document in antitracking (CVE-2019-17011)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {}, "published": "2019-12-12T00:00:00", "type": "nessus", "title": "Oracle Linux 8 : thunderbird (ELSA-2019-4195)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-17005", "CVE-2019-17008", "CVE-2019-17010", "CVE-2019-17011", "CVE-2019-17012"], "modified": "2020-05-29T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:thunderbird", "cpe:/o:oracle:linux:8"], "id": "ORACLELINUX_ELSA-2019-4195.NASL", "href": "https://www.tenable.com/plugins/nessus/131974", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2019:4195 and \n# Oracle Linux Security Advisory ELSA-2019-4195 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(131974);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/05/29\");\n\n script_cve_id(\"CVE-2019-17005\", \"CVE-2019-17008\", \"CVE-2019-17010\", \"CVE-2019-17011\", \"CVE-2019-17012\");\n script_xref(name:\"RHSA\", value:\"2019:4195\");\n\n script_name(english:\"Oracle Linux 8 : thunderbird (ELSA-2019-4195)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Oracle Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"From Red Hat Security Advisory 2019:4195 :\n\nAn update for thunderbird is now available for Red Hat Enterprise\nLinux 8.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 68.3.0.\n\nSecurity Fix(es) :\n\n* Mozilla: Use-after-free in worker destruction (CVE-2019-17008)\n\n* Mozilla: Memory safety bugs fixed in Firefox 71 and Firefox ESR 68.3\n(CVE-2019-17012)\n\n* Mozilla: Buffer overflow in plain text serializer (CVE-2019-17005)\n\n* Mozilla: Use-after-free when performing device orientation checks\n(CVE-2019-17010)\n\n* Mozilla: Use-after-free when retrieving a document in antitracking\n(CVE-2019-17011)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2019-December/009441.html\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected thunderbird package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-17012\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/01/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 8\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"thunderbird-68.3.0-2.0.1.el8_1\", allowmaj:TRUE)) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"thunderbird\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:33:24", "description": "Security Fix(es) :\n\n - Mozilla: Use-after-free in worker destruction (CVE-2019-17008)\n\n - Mozilla: Memory safety bugs fixed in Firefox 71 and Firefox ESR 68.3 (CVE-2019-17012)\n\n - Mozilla: Buffer overflow in plain text serializer (CVE-2019-17005)\n\n - Mozilla: Use-after-free when performing device orientation checks (CVE-2019-17010)\n\n - Mozilla: Use-after-free when retrieving a document in antitracking (CVE-2019-17011)", "cvss3": {}, "published": "2019-12-09T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : firefox on SL7.x x86_64 (20191205)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-17005", "CVE-2019-17008", "CVE-2019-17010", "CVE-2019-17011", "CVE-2019-17012"], "modified": "2020-05-29T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:firefox", "p-cpe:/a:fermilab:scientific_linux:firefox-debuginfo", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20191205_FIREFOX_ON_SL7_X.NASL", "href": "https://www.tenable.com/plugins/nessus/131831", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(131831);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/05/29\");\n\n script_cve_id(\"CVE-2019-17005\", \"CVE-2019-17008\", \"CVE-2019-17010\", \"CVE-2019-17011\", \"CVE-2019-17012\");\n\n script_name(english:\"Scientific Linux Security Update : firefox on SL7.x x86_64 (20191205)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Security Fix(es) :\n\n - Mozilla: Use-after-free in worker destruction\n (CVE-2019-17008)\n\n - Mozilla: Memory safety bugs fixed in Firefox 71 and\n Firefox ESR 68.3 (CVE-2019-17012)\n\n - Mozilla: Buffer overflow in plain text serializer\n (CVE-2019-17005)\n\n - Mozilla: Use-after-free when performing device\n orientation checks (CVE-2019-17010)\n\n - Mozilla: Use-after-free when retrieving a document in\n antitracking (CVE-2019-17011)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1912&L=SCIENTIFIC-LINUX-ERRATA&P=7475\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?aeb47215\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected firefox and / or firefox-debuginfo packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-17012\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:firefox-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/01/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 7.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"firefox-68.3.0-1.el7_7\", allowmaj:TRUE)) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"firefox-debuginfo-68.3.0-1.el7_7\", allowmaj:TRUE)) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox / firefox-debuginfo\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-25T14:31:26", "description": "From Red Hat Security Advisory 2019:4107 :\n\nAn update for firefox is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nMozilla Firefox is an open source web browser, designed for standards compliance, performance, and portability.\n\nThis update upgrades Firefox to version 68.3.0 ESR.\n\nSecurity Fix(es) :\n\n* Mozilla: Use-after-free in worker destruction (CVE-2019-17008)\n\n* Mozilla: Memory safety bugs fixed in Firefox 71 and Firefox ESR 68.3 (CVE-2019-17012)\n\n* Mozilla: Buffer overflow in plain text serializer (CVE-2019-17005)\n\n* Mozilla: Use-after-free when performing device orientation checks (CVE-2019-17010)\n\n* Mozilla: Use-after-free when retrieving a document in antitracking (CVE-2019-17011)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {}, "published": "2019-12-09T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : firefox (ELSA-2019-4107)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-17005", "CVE-2019-17008", "CVE-2019-17010", "CVE-2019-17011", "CVE-2019-17012"], "modified": "2020-05-29T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:firefox", "cpe:/o:oracle:linux:7"], "id": "ORACLELINUX_ELSA-2019-4107.NASL", "href": "https://www.tenable.com/plugins/nessus/131828", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2019:4107 and \n# Oracle Linux Security Advisory ELSA-2019-4107 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(131828);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/05/29\");\n\n script_cve_id(\"CVE-2019-17005\", \"CVE-2019-17008\", \"CVE-2019-17010\", \"CVE-2019-17011\", \"CVE-2019-17012\");\n script_xref(name:\"RHSA\", value:\"2019:4107\");\n\n script_name(english:\"Oracle Linux 7 : firefox (ELSA-2019-4107)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Oracle Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"From Red Hat Security Advisory 2019:4107 :\n\nAn update for firefox is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Critical. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nMozilla Firefox is an open source web browser, designed for standards\ncompliance, performance, and portability.\n\nThis update upgrades Firefox to version 68.3.0 ESR.\n\nSecurity Fix(es) :\n\n* Mozilla: Use-after-free in worker destruction (CVE-2019-17008)\n\n* Mozilla: Memory safety bugs fixed in Firefox 71 and Firefox ESR 68.3\n(CVE-2019-17012)\n\n* Mozilla: Buffer overflow in plain text serializer (CVE-2019-17005)\n\n* Mozilla: Use-after-free when performing device orientation checks\n(CVE-2019-17010)\n\n* Mozilla: Use-after-free when retrieving a document in antitracking\n(CVE-2019-17011)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2019-December/009426.html\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected firefox package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-17012\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/01/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"firefox-68.3.0-1.0.1.el7_7\", allowmaj:TRUE)) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:33:28", "description": "From Red Hat Security Advisory 2019:4148 :\n\nAn update for thunderbird is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 68.3.0.\n\nSecurity Fix(es) :\n\n* Mozilla: Use-after-free in worker destruction (CVE-2019-17008)\n\n* Mozilla: Memory safety bugs fixed in Firefox 71 and Firefox ESR 68.3 (CVE-2019-17012)\n\n* Mozilla: Buffer overflow in plain text serializer (CVE-2019-17005)\n\n* Mozilla: Use-after-free when performing device orientation checks (CVE-2019-17010)\n\n* Mozilla: Use-after-free when retrieving a document in antitracking (CVE-2019-17011)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {}, "published": "2019-12-12T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : thunderbird (ELSA-2019-4148)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-17005", "CVE-2019-17008", "CVE-2019-17010", "CVE-2019-17011", "CVE-2019-17012"], "modified": "2020-05-29T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:thunderbird", "cpe:/o:oracle:linux:7"], "id": "ORACLELINUX_ELSA-2019-4148.NASL", "href": "https://www.tenable.com/plugins/nessus/131971", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2019:4148 and \n# Oracle Linux Security Advisory ELSA-2019-4148 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(131971);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/05/29\");\n\n script_cve_id(\"CVE-2019-17005\", \"CVE-2019-17008\", \"CVE-2019-17010\", \"CVE-2019-17011\", \"CVE-2019-17012\");\n script_xref(name:\"RHSA\", value:\"2019:4148\");\n\n script_name(english:\"Oracle Linux 7 : thunderbird (ELSA-2019-4148)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Oracle Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"From Red Hat Security Advisory 2019:4148 :\n\nAn update for thunderbird is now available for Red Hat Enterprise\nLinux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 68.3.0.\n\nSecurity Fix(es) :\n\n* Mozilla: Use-after-free in worker destruction (CVE-2019-17008)\n\n* Mozilla: Memory safety bugs fixed in Firefox 71 and Firefox ESR 68.3\n(CVE-2019-17012)\n\n* Mozilla: Buffer overflow in plain text serializer (CVE-2019-17005)\n\n* Mozilla: Use-after-free when performing device orientation checks\n(CVE-2019-17010)\n\n* Mozilla: Use-after-free when retrieving a document in antitracking\n(CVE-2019-17011)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2019-December/009439.html\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected thunderbird package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-17012\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/01/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"thunderbird-68.3.0-1.0.1.el7_7\", allowmaj:TRUE)) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"thunderbird\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-25T14:31:59", "description": "An update for firefox is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nMozilla Firefox is an open source web browser, designed for standards compliance, performance, and portability.\n\nThis update upgrades Firefox to version 68.3.0 ESR.\n\nSecurity Fix(es) :\n\n* Mozilla: Use-after-free in worker destruction (CVE-2019-17008)\n\n* Mozilla: Memory safety bugs fixed in Firefox 71 and Firefox ESR 68.3 (CVE-2019-17012)\n\n* Mozilla: Buffer overflow in plain text serializer (CVE-2019-17005)\n\n* Mozilla: Use-after-free when performing device orientation checks (CVE-2019-17010)\n\n* Mozilla: Use-after-free when retrieving a document in antitracking (CVE-2019-17011)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {}, "published": "2019-12-12T00:00:00", "type": "nessus", "title": "CentOS 6 : firefox (CESA-2019:4108)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-17005", "CVE-2019-17008", "CVE-2019-17010", "CVE-2019-17011", "CVE-2019-17012"], "modified": "2020-02-18T00:00:00", "cpe": ["p-cpe:/a:centos:centos:firefox", "cpe:/o:centos:centos:6"], "id": "CENTOS_RHSA-2019-4108.NASL", "href": "https://www.tenable.com/plugins/nessus/131958", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2019:4108 and \n# CentOS Errata and Security Advisory 2019:4108 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(131958);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2020/02/18\");\n\n script_cve_id(\"CVE-2019-17005\", \"CVE-2019-17008\", \"CVE-2019-17010\", \"CVE-2019-17011\", \"CVE-2019-17012\");\n script_xref(name:\"RHSA\", value:\"2019:4108\");\n\n script_name(english:\"CentOS 6 : firefox (CESA-2019:4108)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for firefox is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Critical. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nMozilla Firefox is an open source web browser, designed for standards\ncompliance, performance, and portability.\n\nThis update upgrades Firefox to version 68.3.0 ESR.\n\nSecurity Fix(es) :\n\n* Mozilla: Use-after-free in worker destruction (CVE-2019-17008)\n\n* Mozilla: Memory safety bugs fixed in Firefox 71 and Firefox ESR 68.3\n(CVE-2019-17012)\n\n* Mozilla: Buffer overflow in plain text serializer (CVE-2019-17005)\n\n* Mozilla: Use-after-free when performing device orientation checks\n(CVE-2019-17010)\n\n* Mozilla: Use-after-free when retrieving a document in antitracking\n(CVE-2019-17011)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2019-December/023539.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e060e221\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2019-December/035577.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?bb68559e\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected firefox package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-17012\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/01/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 6.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-6\", reference:\"firefox-68.3.0-1.el6.centos\", allowmaj:TRUE)) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:33:48", "description": "An update for thunderbird is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 68.3.0.\n\nSecurity Fix(es) :\n\n* Mozilla: Use-after-free in worker destruction (CVE-2019-17008)\n\n* Mozilla: Memory safety bugs fixed in Firefox 71 and Firefox ESR 68.3 (CVE-2019-17012)\n\n* Mozilla: Buffer overflow in plain text serializer (CVE-2019-17005)\n\n* Mozilla: Use-after-free when performing device orientation checks (CVE-2019-17010)\n\n* Mozilla: Use-after-free when retrieving a document in antitracking (CVE-2019-17011)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {}, "published": "2019-12-27T00:00:00", "type": "nessus", "title": "CentOS 6 : thunderbird (CESA-2019:4205)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-17005", "CVE-2019-17008", "CVE-2019-17010", "CVE-2019-17011", "CVE-2019-17012"], "modified": "2020-05-29T00:00:00", "cpe": ["p-cpe:/a:centos:centos:thunderbird", "cpe:/o:centos:centos:6"], "id": "CENTOS_RHSA-2019-4205.NASL", "href": "https://www.tenable.com/plugins/nessus/132401", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2019:4205 and \n# CentOS Errata and Security Advisory 2019:4205 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(132401);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/05/29\");\n\n script_cve_id(\"CVE-2019-17005\", \"CVE-2019-17008\", \"CVE-2019-17010\", \"CVE-2019-17011\", \"CVE-2019-17012\");\n script_xref(name:\"RHSA\", value:\"2019:4205\");\n\n script_name(english:\"CentOS 6 : thunderbird (CESA-2019:4205)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote CentOS host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"An update for thunderbird is now available for Red Hat Enterprise\nLinux 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 68.3.0.\n\nSecurity Fix(es) :\n\n* Mozilla: Use-after-free in worker destruction (CVE-2019-17008)\n\n* Mozilla: Memory safety bugs fixed in Firefox 71 and Firefox ESR 68.3\n(CVE-2019-17012)\n\n* Mozilla: Buffer overflow in plain text serializer (CVE-2019-17005)\n\n* Mozilla: Use-after-free when performing device orientation checks\n(CVE-2019-17010)\n\n* Mozilla: Use-after-free when retrieving a document in antitracking\n(CVE-2019-17011)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2019-December/035580.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7d5966fb\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected thunderbird package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-17012\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/01/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/27\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 6.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-6\", reference:\"thunderbird-68.3.0-3.el6.centos\", allowmaj:TRUE)) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"thunderbird\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:23:33", "description": "The remote CentOS Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the CESA-2019:4195 advisory.\n\n - Mozilla: Buffer overflow in plain text serializer (CVE-2019-17005)\n\n - Mozilla: Use-after-free in worker destruction (CVE-2019-17008)\n\n - Mozilla: Use-after-free when performing device orientation checks (CVE-2019-17010)\n\n - Mozilla: Use-after-free when retrieving a document in antitracking (CVE-2019-17011)\n\n - Mozilla: Memory safety bugs fixed in Firefox 71 and Firefox ESR 68.3 (CVE-2019-17012)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-01-29T00:00:00", "type": "nessus", "title": "CentOS 8 : thunderbird (CESA-2019:4195)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-17005", "CVE-2019-17008", "CVE-2019-17010", "CVE-2019-17011", "CVE-2019-17012"], "modified": "2021-03-23T00:00:00", "cpe": ["cpe:/o:centos:centos:8", "p-cpe:/a:centos:centos:thunderbird"], "id": "CENTOS8_RHSA-2019-4195.NASL", "href": "https://www.tenable.com/plugins/nessus/145636", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# Red Hat Security Advisory RHSA-2019:4195. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(145636);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/03/23\");\n\n script_cve_id(\n \"CVE-2019-17005\",\n \"CVE-2019-17008\",\n \"CVE-2019-17010\",\n \"CVE-2019-17011\",\n \"CVE-2019-17012\"\n );\n script_xref(name:\"RHSA\", value:\"2019:4195\");\n\n script_name(english:\"CentOS 8 : thunderbird (CESA-2019:4195)\");\n script_summary(english:\"Checks the rpm output for the updated package\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CentOS host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote CentOS Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the\nCESA-2019:4195 advisory.\n\n - Mozilla: Buffer overflow in plain text serializer (CVE-2019-17005)\n\n - Mozilla: Use-after-free in worker destruction (CVE-2019-17008)\n\n - Mozilla: Use-after-free when performing device orientation checks (CVE-2019-17010)\n\n - Mozilla: Use-after-free when retrieving a document in antitracking (CVE-2019-17011)\n\n - Mozilla: Memory safety bugs fixed in Firefox 71 and Firefox ESR 68.3 (CVE-2019-17012)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2019:4195\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected thunderbird package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-17012\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/12/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/01/29\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:thunderbird\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CentOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/CentOS/release');\nif (isnull(release) || 'CentOS' >!< release) audit(AUDIT_OS_NOT, 'CentOS');\nos_ver = pregmatch(pattern: \"CentOS(?: Stream)?(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'CentOS');\nos_ver = os_ver[1];\nif ('CentOS Stream' >< release) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS Stream ' + os_ver);\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS ' + os_ver);\n\nif (!get_kb_item('Host/CentOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'CentOS', cpu);\n\npkgs = [\n {'reference':'thunderbird-68.3.0-2.el8_1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'CentOS-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'thunderbird');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-25T14:32:13", "description": "Security Fix(es) :\n\n - Mozilla: Use-after-free in worker destruction (CVE-2019-17008)\n\n - Mozilla: Memory safety bugs fixed in Firefox 71 and Firefox ESR 68.3 (CVE-2019-17012)\n\n - Mozilla: Buffer overflow in plain text serializer (CVE-2019-17005)\n\n - Mozilla: Use-after-free when performing device orientation checks (CVE-2019-17010)\n\n - Mozilla: Use-after-free when retrieving a document in antitracking (CVE-2019-17011)", "cvss3": {}, "published": "2019-12-09T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : firefox on SL6.x i386/x86_64 (20191205)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-17005", "CVE-2019-17008", "CVE-2019-17010", "CVE-2019-17011", "CVE-2019-17012"], "modified": "2020-05-29T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:firefox", "p-cpe:/a:fermilab:scientific_linux:firefox-debuginfo", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20191205_FIREFOX_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/nessus/131830", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(131830);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/05/29\");\n\n script_cve_id(\"CVE-2019-17005\", \"CVE-2019-17008\", \"CVE-2019-17010\", \"CVE-2019-17011\", \"CVE-2019-17012\");\n\n script_name(english:\"Scientific Linux Security Update : firefox on SL6.x i386/x86_64 (20191205)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Security Fix(es) :\n\n - Mozilla: Use-after-free in worker destruction\n (CVE-2019-17008)\n\n - Mozilla: Memory safety bugs fixed in Firefox 71 and\n Firefox ESR 68.3 (CVE-2019-17012)\n\n - Mozilla: Buffer overflow in plain text serializer\n (CVE-2019-17005)\n\n - Mozilla: Use-after-free when performing device\n orientation checks (CVE-2019-17010)\n\n - Mozilla: Use-after-free when retrieving a document in\n antitracking (CVE-2019-17011)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1912&L=SCIENTIFIC-LINUX-ERRATA&P=6721\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?50beda6d\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected firefox and / or firefox-debuginfo packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-17012\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:firefox-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/01/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 6.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"firefox-68.3.0-1.el6_10\", allowmaj:TRUE)) flag++;\nif (rpm_check(release:\"SL6\", reference:\"firefox-debuginfo-68.3.0-1.el6_10\", allowmaj:TRUE)) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox / firefox-debuginfo\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-25T14:32:12", "description": "The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 68.3. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2019-37 advisory, including the following:\n\n - When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. (CVE-2019-11745)\n\n - When using nested workers, a use-after-free could occur during worker destruction. This resulted in a potentially exploitable crash. (CVE-2019-17008)\n\n - Mozilla developers Christoph Diehl, Nathan Froyd, Jason Kratzer, Christian Holler, Karl Tomlinson, Tyson Smith reported memory safety bugs present in Firefox 70 and Firefox ESR 68.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. (CVE-2019-17012)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2019-12-06T00:00:00", "type": "nessus", "title": "Mozilla Firefox ESR 68.x < 68.3 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11745", "CVE-2019-17005", "CVE-2019-17008", "CVE-2019-17010", "CVE-2019-17011", "CVE-2019-17012"], "modified": "2020-01-16T00:00:00", "cpe": ["cpe:/a:mozilla:firefox_esr"], "id": "MACOS_FIREFOX_68_3_ESR.NASL", "href": "https://www.tenable.com/plugins/nessus/131766", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n# The descriptive text and package checks in this plugin were\n# extracted from Mozilla Foundation Security Advisory mfsa2019-37.\n# The text itself is copyright (C) Mozilla Foundation.\n\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(131766);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2020/01/16\");\n\n script_cve_id(\n \"CVE-2019-11745\",\n \"CVE-2019-17005\",\n \"CVE-2019-17008\",\n \"CVE-2019-17010\",\n \"CVE-2019-17011\",\n \"CVE-2019-17012\"\n );\n script_xref(name:\"MFSA\", value:\"2019-37\");\n\n script_name(english:\"Mozilla Firefox ESR 68.x < 68.3 Multiple Vulnerabilities\");\n script_summary(english:\"Checks version of Firefox\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote macOS or Mac OS X host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 68.3. It is, therefore, affected\nby multiple vulnerabilities as referenced in the mfsa2019-37 advisory, including the following:\n\n - When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the\n block size, a small out of bounds write could occur. This could have caused heap corruption and a\n potentially exploitable crash. (CVE-2019-11745)\n\n - When using nested workers, a use-after-free could occur during worker destruction. This resulted in a\n potentially exploitable crash. (CVE-2019-17008)\n\n - Mozilla developers Christoph Diehl, Nathan Froyd, Jason Kratzer, Christian Holler, Karl Tomlinson, Tyson\n Smith reported memory safety bugs present in Firefox 70 and Firefox ESR 68.2. Some of these bugs showed\n evidence of memory corruption and we presume that with enough effort some of these could have been\n exploited to run arbitrary code. (CVE-2019-17012)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2019-37/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Mozilla Firefox ESR version 68.3 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-17012\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/12/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/06\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:firefox_esr\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_firefox_installed.nasl\");\n script_require_keys(\"MacOSX/Firefox/Version\");\n\n exit(0);\n}\n\ninclude('mozilla_version.inc');\n\nkb_base = 'MacOSX/Firefox';\nget_kb_item_or_exit(kb_base+'/Installed');\n\nversion = get_kb_item_or_exit(kb_base+'/Version', exit_code:1);\npath = get_kb_item_or_exit(kb_base+'/Path', exit_code:1);\n\nis_esr = get_kb_item(kb_base+'/is_esr');\nif (isnull(is_esr)) audit(AUDIT_NOT_INST, 'Mozilla Firefox ESR');\n\nmozilla_check_version(version:version, path:path, product:'firefox', esr:TRUE, fix:'68.3', min:'68.0.0', severity:SECURITY_WARNING);\n\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:55:19", "description": "This update for MozillaFirefox fixes the following issues :\n\nMozilla Firefox was updated to 68.3esr (MFSA 2019-37 bsc#1158328)	\n	 Security issues fixed :\n\n - CVE-2019-17008: Fixed a use-after-free in worker destruction (bmo#1546331)\n\n - CVE-2019-13722: Fixed a stack corruption due to incorrect number of arguments in WebRTC code (bmo#1580156)\n\n - CVE-2019-11745: Fixed an out of bounds write in NSS when encrypting with a block cipher (bmo#1586176)\n\n - CVE-2019-17009: Fixed an issue where updater temporary files accessible to unprivileged processes (bmo#1510494)\n\n - CVE-2019-17010: Fixed a use-after-free when performing device orientation checks (bmo#1581084)\n\n - CVE-2019-17005: Fixed a buffer overflow in plain text serializer (bmo#1584170)\n\n - CVE-2019-17011: Fixed a use-after-free when retrieving a document in antitracking (bmo#1591334)\n\n - CVE-2019-17012: Fixed multiple memmory issues (bmo#1449736, bmo#1533957, bmo#1560667,bmo#1567209, bmo#1580288, bmo#1585760, bmo#1592502)\n\nThis update was imported from the SUSE:SLE-15:Update update project.", "cvss3": {}, "published": "2020-01-10T00:00:00", "type": "nessus", "title": "openSUSE Security Update : MozillaFirefox (openSUSE-2020-2)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11745", "CVE-2019-13722", "CVE-2019-17005", "CVE-2019-17008", "CVE-2019-17009", "CVE-2019-17010", "CVE-2019-17011", "CVE-2019-17012"], "modified": "2020-01-15T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:mozillafirefox", "p-cpe:/a:novell:opensuse:mozillafirefox-branding-upstream", "p-cpe:/a:novell:opensuse:mozillafirefox-buildsymbols", "p-cpe:/a:novell:opensuse:mozillafirefox-debuginfo", "p-cpe:/a:novell:opensuse:mozillafirefox-debugsource", "p-cpe:/a:novell:opensuse:mozillafirefox-devel", "p-cpe:/a:novell:opensuse:mozillafirefox-translations-common", "p-cpe:/a:novell:opensuse:mozillafirefox-translations-other", "cpe:/o:novell:opensuse:15.1"], "id": "OPENSUSE-2020-2.NASL", "href": "https://www.tenable.com/plugins/nessus/132763", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2020-2.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(132763);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2020/01/15\");\n\n script_cve_id(\"CVE-2019-11745\", \"CVE-2019-13722\", \"CVE-2019-17005\", \"CVE-2019-17008\", \"CVE-2019-17009\", \"CVE-2019-17010\", \"CVE-2019-17011\", \"CVE-2019-17012\");\n\n script_name(english:\"openSUSE Security Update : MozillaFirefox (openSUSE-2020-2)\");\n script_summary(english:\"Check for the openSUSE-2020-2 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for MozillaFirefox fixes the following issues :\n\nMozilla Firefox was updated to 68.3esr (MFSA 2019-37 bsc#1158328)	\n	 Security issues fixed :\n\n - CVE-2019-17008: Fixed a use-after-free in worker\n destruction (bmo#1546331)\n\n - CVE-2019-13722: Fixed a stack corruption due to\n incorrect number of arguments in WebRTC code\n (bmo#1580156)\n\n - CVE-2019-11745: Fixed an out of bounds write in NSS when\n encrypting with a block cipher (bmo#1586176)\n\n - CVE-2019-17009: Fixed an issue where updater temporary\n files accessible to unprivileged processes (bmo#1510494)\n\n - CVE-2019-17010: Fixed a use-after-free when performing\n device orientation checks (bmo#1581084)\n\n - CVE-2019-17005: Fixed a buffer overflow in plain text\n serializer (bmo#1584170)\n\n - CVE-2019-17011: Fixed a use-after-free when retrieving a\n document in antitracking (bmo#1591334)\n\n - CVE-2019-17012: Fixed multiple memmory issues\n (bmo#1449736, bmo#1533957, bmo#1560667,bmo#1567209,\n bmo#1580288, bmo#1585760, bmo#1592502)\n\nThis update was imported from the SUSE:SLE-15:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1157652\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1158328\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected MozillaFirefox packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-17012\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-branding-upstream\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-buildsymbols\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/01/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/01/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/01/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.1\", reference:\"MozillaFirefox-68.3.0-lp151.2.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"MozillaFirefox-branding-upstream-68.3.0-lp151.2.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"MozillaFirefox-buildsymbols-68.3.0-lp151.2.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"MozillaFirefox-debuginfo-68.3.0-lp151.2.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"MozillaFirefox-debugsource-68.3.0-lp151.2.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"MozillaFirefox-devel-68.3.0-lp151.2.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"MozillaFirefox-translations-common-68.3.0-lp151.2.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"MozillaFirefox-translations-other-68.3.0-lp151.2.21.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MozillaFirefox / MozillaFirefox-branding-upstream / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:32:40", "description": "The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 68.3. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2019-38 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2019-12-12T00:00:00", "type": "nessus", "title": "Mozilla Thunderbird < 68.3", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11745", "CVE-2019-13722", "CVE-2019-17005", "CVE-2019-17008", "CVE-2019-17009", "CVE-2019-17010", "CVE-2019-17011", "CVE-2019-17012"], "modified": "2020-01-16T00:00:00", "cpe": ["cpe:/a:mozilla:thunderbird"], "id": "MACOS_THUNDERBIRD_68_3.NASL", "href": "https://www.tenable.com/plugins/nessus/131955", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from Mozilla Foundation Security Advisory mfsa2019-38.\n# The text itself is copyright (C) Mozilla Foundation.\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(131955);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2020/01/16\");\n\n script_cve_id(\n \"CVE-2019-11745\",\n \"CVE-2019-13722\",\n \"CVE-2019-17005\",\n \"CVE-2019-17008\",\n \"CVE-2019-17009\",\n \"CVE-2019-17010\",\n \"CVE-2019-17011\",\n \"CVE-2019-17012\"\n );\n script_xref(name:\"MFSA\", value:\"2019-38\");\n\n script_name(english:\"Mozilla Thunderbird < 68.3\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A mail client installed on the remote macOS or Mac OS X host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 68.3. It is, therefore, affected\nby multiple vulnerabilities as referenced in the mfsa2019-38 advisory. Note that Nessus has not tested for this issue\nbut has instead relied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2019-38/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Mozilla Thunderbird version 68.3 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-17012\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/12/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:thunderbird\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_thunderbird_installed.nasl\");\n script_require_keys(\"MacOSX/Thunderbird/Installed\");\n\n exit(0);\n}\n\ninclude('mozilla_version.inc');\n\nkb_base = 'MacOSX/Thunderbird';\nget_kb_item_or_exit(kb_base+'/Installed');\n\nversion = get_kb_item_or_exit(kb_base+'/Version', exit_code:1);\npath = get_kb_item_or_exit(kb_base+'/Path', exit_code:1);\n\nis_esr = get_kb_item(kb_base+'/is_esr');\nif (is_esr) exit(0, 'The Mozilla Thunderbird installation is in the ESR branch.');\n\nmozilla_check_version(version:version, path:path, product:'thunderbird', esr:FALSE, fix:'68.3', severity:SECURITY_WARNING);\n\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-25T14:32:12", "description": "The version of Firefox ESR installed on the remote Windows host is prior to 68.3. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2019-37 advisory, including the following:\n\n - When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. (CVE-2019-11745)\n\n - When using nested workers, a use-after-free could occur during worker destruction. This resulted in a potentially exploitable crash. (CVE-2019-17008)\n\n - Mozilla developers Christoph Diehl, Nathan Froyd, Jason Kratzer, Christian Holler, Karl Tomlinson, Tyson Smith reported memory safety bugs present in Firefox 70 and Firefox ESR 68.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. (CVE-2019-17012)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2019-12-06T00:00:00", "type": "nessus", "title": "Mozilla Firefox ESR 68.x < 68.3 Multiple vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11745", "CVE-2019-13722", "CVE-2019-17005", "CVE-2019-17008", "CVE-2019-17009", "CVE-2019-17010", "CVE-2019-17011", "CVE-2019-17012"], "modified": "2020-01-16T00:00:00", "cpe": ["cpe:/a:mozilla:firefox_esr"], "id": "MOZILLA_FIREFOX_68_3_ESR.NASL", "href": "https://www.tenable.com/plugins/nessus/131767", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n# The descriptive text and package checks in this plugin were\n# extracted from Mozilla Foundation Security Advisory mfsa2019-37.\n# The text itself is copyright (C) Mozilla Foundation.\n\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(131767);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2020/01/16\");\n\n script_cve_id(\n \"CVE-2019-11745\",\n \"CVE-2019-13722\",\n \"CVE-2019-17005\",\n \"CVE-2019-17008\",\n \"CVE-2019-17009\",\n \"CVE-2019-17010\",\n \"CVE-2019-17011\",\n \"CVE-2019-17012\"\n );\n script_xref(name:\"MFSA\", value:\"2019-37\");\n\n script_name(english:\"Mozilla Firefox ESR 68.x < 68.3 Multiple vulnerabilities\");\n script_summary(english:\"Checks version of Firefox ESR\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Firefox ESR installed on the remote Windows host is prior to 68.3. It is, therefore, affected by\nmultiple vulnerabilities as referenced in the mfsa2019-37 advisory, including the following:\n\n - When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the\n block size, a small out of bounds write could occur. This could have caused heap corruption and a\n potentially exploitable crash. (CVE-2019-11745)\n\n - When using nested workers, a use-after-free could occur during worker destruction. This resulted in a\n potentially exploitable crash. (CVE-2019-17008)\n\n - Mozilla developers Christoph Diehl, Nathan Froyd, Jason Kratzer, Christian Holler, Karl Tomlinson, Tyson\n Smith reported memory safety bugs present in Firefox 70 and Firefox ESR 68.2. Some of these bugs showed\n evidence of memory corruption and we presume that with enough effort some of these could have been\n exploited to run arbitrary code. (CVE-2019-17012)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2019-37/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Mozilla Firefox ESR version 68.3 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-17012\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/12/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/06\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:firefox_esr\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"mozilla_org_installed.nasl\");\n script_require_keys(\"Mozilla/Firefox/Version\");\n\n exit(0);\n}\n\ninclude('mozilla_version.inc');\n\nport = get_kb_item('SMB/transport');\nif (!port) port = 445;\n\ninstalls = get_kb_list('SMB/Mozilla/Firefox/*');\nif (isnull(installs)) audit(AUDIT_NOT_INST, 'Firefox');\n\nmozilla_check_version(installs:installs, product:'firefox', esr:TRUE, fix:'68.3', min:'68.0.0', severity:SECURITY_WARNING);\n\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:33:30", "description": "This update for MozillaFirefox fixes the following issues :\n\nMozilla Firefox was updated to 68.3esr (MFSA 2019-37 bsc#1158328)\n\nSecurity issues fixed :\n\nCVE-2019-17008: Fixed a use-after-free in worker destruction (bmo#1546331)\n\nCVE-2019-13722: Fixed a stack corruption due to incorrect number of arguments in WebRTC code (bmo#1580156)\n\nCVE-2019-11745: Fixed an out of bounds write in NSS when encrypting with a block cipher (bmo#1586176)\n\nCVE-2019-17009: Fixed an issue where updater temporary files accessible to unprivileged processes (bmo#1510494)\n\nCVE-2019-17010: Fixed a use-after-free when performing device orientation checks (bmo#1581084)\n\nCVE-2019-17005: Fixed a buffer overflow in plain text serializer (bmo#1584170)\n\nCVE-2019-17011: Fixed a use-after-free when retrieving a document in antitracking (bmo#1591334)\n\nCVE-2019-17012: Fixed multiple memmory issues (bmo#1449736, bmo#1533957, bmo#1560667,bmo#1567209, bmo#1580288, bmo#1585760, bmo#1592502)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-12-19T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : MozillaFirefox (SUSE-SU-2019:3337-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11745", "CVE-2019-13722", "CVE-2019-17005", "CVE-2019-17008", "CVE-2019-17009", "CVE-2019-17010", "CVE-2019-17011", "CVE-2019-17012"], "modified": "2021-01-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:mozillafirefox", "p-cpe:/a:novell:suse_linux:mozillafirefox-branding-upstream", "p-cpe:/a:novell:suse_linux:mozillafirefox-buildsymbols", "p-cpe:/a:novell:suse_linux:mozillafirefox-debuginfo", "p-cpe:/a:novell:suse_linux:mozillafirefox-debugsource", "p-cpe:/a:novell:suse_linux:mozillafirefox-devel", "p-cpe:/a:novell:suse_linux:mozillafirefox-translations-common", "p-cpe:/a:novell:suse_linux:mozillafirefox-translations-other", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2019-3337-1.NASL", "href": "https://www.tenable.com/plugins/nessus/132308", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:3337-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(132308);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/13\");\n\n script_cve_id(\"CVE-2019-11745\", \"CVE-2019-13722\", \"CVE-2019-17005\", \"CVE-2019-17008\", \"CVE-2019-17009\", \"CVE-2019-17010\", \"CVE-2019-17011\", \"CVE-2019-17012\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : MozillaFirefox (SUSE-SU-2019:3337-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for MozillaFirefox fixes the following issues :\n\nMozilla Firefox was updated to 68.3esr (MFSA 2019-37 bsc#1158328)\n\nSecurity issues fixed :\n\nCVE-2019-17008: Fixed a use-after-free in worker destruction\n(bmo#1546331)\n\nCVE-2019-13722: Fixed a stack corruption due to incorrect number of\narguments in WebRTC code (bmo#1580156)\n\nCVE-2019-11745: Fixed an out of bounds write in NSS when encrypting\nwith a block cipher (bmo#1586176)\n\nCVE-2019-17009: Fixed an issue where updater temporary files\naccessible to unprivileged processes (bmo#1510494)\n\nCVE-2019-17010: Fixed a use-after-free when performing device\norientation checks (bmo#1581084)\n\nCVE-2019-17005: Fixed a buffer overflow in plain text serializer\n(bmo#1584170)\n\nCVE-2019-17011: Fixed a use-after-free when retrieving a document in\nantitracking (bmo#1591334)\n\nCVE-2019-17012: Fixed multiple memmory issues (bmo#1449736,\nbmo#1533957, bmo#1560667,bmo#1567209, bmo#1580288, bmo#1585760,\nbmo#1592502)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1157652\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158328\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-11745/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-13722/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-17005/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-17008/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-17009/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-17010/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-17011/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-17012/\"\n );\n # https://www.suse.com/support/update/announcement/2019/suse-su-20193337-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0253c174\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Module for Open Buildservice Development Tools\n15-SP1:zypper in -t patch\nSUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-3337=1\n\nSUSE Linux Enterprise Module for Open Buildservice Development Tools\n15:zypper in -t patch\nSUSE-SLE-Module-Development-Tools-OBS-15-2019-3337=1\n\nSUSE Linux Enterprise Module for Desktop Applications 15-SP1:zypper in\n-t patch SUSE-SLE-Module-Desktop-Applications-15-SP1-2019-3337=1\n\nSUSE Linux Enterprise Module for Desktop Applications 15:zypper in -t\npatch SUSE-SLE-Module-Desktop-Applications-15-2019-3337=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-17012\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:MozillaFirefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:MozillaFirefox-branding-upstream\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:MozillaFirefox-buildsymbols\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:MozillaFirefox-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:MozillaFirefox-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:MozillaFirefox-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:MozillaFirefox-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:MozillaFirefox-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/01/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/19\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED15 / SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(0|1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP0/1\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(0|1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP0/1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"MozillaFirefox-buildsymbols-68.3.0-3.62.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"MozillaFirefox-devel-68.3.0-3.62.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"s390x\", reference:\"MozillaFirefox-devel-68.3.0-3.62.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"MozillaFirefox-68.3.0-3.62.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"MozillaFirefox-branding-upstream-68.3.0-3.62.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"MozillaFirefox-debuginfo-68.3.0-3.62.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"MozillaFirefox-debugsource-68.3.0-3.62.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"MozillaFirefox-translations-common-68.3.0-3.62.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"MozillaFirefox-translations-other-68.3.0-3.62.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"MozillaFirefox-68.3.0-3.62.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"MozillaFirefox-branding-upstream-68.3.0-3.62.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"MozillaFirefox-debuginfo-68.3.0-3.62.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"MozillaFirefox-debugsource-68.3.0-3.62.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"MozillaFirefox-devel-68.3.0-3.62.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"MozillaFirefox-translations-common-68.3.0-3.62.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"MozillaFirefox-translations-other-68.3.0-3.62.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"MozillaFirefox-buildsymbols-68.3.0-3.62.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"MozillaFirefox-devel-68.3.0-3.62.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"s390x\", reference:\"MozillaFirefox-devel-68.3.0-3.62.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"MozillaFirefox-68.3.0-3.62.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"MozillaFirefox-branding-upstream-68.3.0-3.62.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"MozillaFirefox-debuginfo-68.3.0-3.62.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"MozillaFirefox-debugsource-68.3.0-3.62.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"MozillaFirefox-translations-common-68.3.0-3.62.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"MozillaFirefox-translations-other-68.3.0-3.62.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"MozillaFirefox-68.3.0-3.62.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"MozillaFirefox-branding-upstream-68.3.0-3.62.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"MozillaFirefox-debuginfo-68.3.0-3.62.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"MozillaFirefox-debugsource-68.3.0-3.62.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"MozillaFirefox-devel-68.3.0-3.62.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"MozillaFirefox-translations-common-68.3.0-3.62.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"MozillaFirefox-translations-other-68.3.0-3.62.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MozillaFirefox\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:54:43", "description": "This update for MozillaThunderbird fixes the following issues :\n\nMozilla Thunderbird was updated to 68.3esr (MFSA 2019-38 bsc#1158328) 	 \n\nSecurity issues fixed :\n\n - CVE-2019-17008: Fixed a use-after-free in worker destruction (bmo#1546331)\n\n - CVE-2019-13722: Fixed a stack corruption due to incorrect number of arguments in WebRTC code (bmo#1580156)\n\n - CVE-2019-11745: Fixed an out of bounds write in NSS when encrypting with a block cipher (bmo#1586176)\n\n - CVE-2019-17009: Fixed an issue where updater temporary files accessible to unprivileged processes (bmo#1510494)\n\n - CVE-2019-17010: Fixed a use-after-free when performing device orientation checks (bmo#1581084)\n\n - CVE-2019-17005: Fixed a buffer overflow in plain text serializer (bmo#1584170)\n\n - CVE-2019-17011: Fixed a use-after-free when retrieving a document in antitracking (bmo#1591334)\n\n - CVE-2019-17012: Fixed multiple memmory issues (bmo#1449736, bmo#1533957, bmo#1560667,bmo#1567209, bmo#1580288, bmo#1585760, bmo#1592502)\n\nOther issues addressed :\n\n - New: Message display toolbar action WebExtension API (bmo#1531597)\n\n - New: Navigation buttons are now available in content tabs (bmo#787683)\n\n - Fixed an issue where write window was not always correct (bmo#1593280)\n\n - Fixed toolbar issues (bmo#1584160)\n\n - Fixed issues with LDAP lookup when SSL was enabled (bmo#1576364)\n\n - Fixed an issue with scam link confirmation panel (bmo#1596413)\n\n - Fixed an issue with the write window where the Link Properties dialog was not showing named anchors in context menu (bmo#1593629)\n\n - Fixed issues with calendar (bmo#1588516)\n\n - Fixed issues with chat where reordering via drag-and-drop was not working on Instant messaging status dialog (bmo#1591505)\n\nThis update was imported from the SUSE:SLE-15:Update update project.", "cvss3": {}, "published": "2020-01-10T00:00:00", "type": "nessus", "title": "openSUSE Security Update : MozillaThunderbird (openSUSE-2020-3)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11745", "CVE-2019-13722", "CVE-2019-17005", "CVE-2019-17008", "CVE-2019-17009", "CVE-2019-17010", "CVE-2019-17011", "CVE-2019-17012"], "modified": "2020-01-15T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:mozillathunderbird", "p-cpe:/a:novell:opensuse:mozillathunderbird-debuginfo", "p-cpe:/a:novell:opensuse:mozillathunderbird-debugsource", "p-cpe:/a:novell:opensuse:mozillathunderbird-translations-common", "p-cpe:/a:novell:opensuse:mozillathunderbird-translations-other", "cpe:/o:novell:opensuse:15.1"], "id": "OPENSUSE-2020-3.NASL", "href": "https://www.tenable.com/plugins/nessus/132764", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2020-3.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(132764);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2020/01/15\");\n\n script_cve_id(\"CVE-2019-11745\", \"CVE-2019-13722\", \"CVE-2019-17005\", \"CVE-2019-17008\", \"CVE-2019-17009\", \"CVE-2019-17010\", \"CVE-2019-17011\", \"CVE-2019-17012\");\n\n script_name(english:\"openSUSE Security Update : MozillaThunderbird (openSUSE-2020-3)\");\n script_summary(english:\"Check for the openSUSE-2020-3 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for MozillaThunderbird fixes the following issues :\n\nMozilla Thunderbird was updated to 68.3esr (MFSA 2019-38 bsc#1158328)\n	 \n\nSecurity issues fixed :\n\n - CVE-2019-17008: Fixed a use-after-free in worker\n destruction (bmo#1546331)\n\n - CVE-2019-13722: Fixed a stack corruption due to\n incorrect number of arguments in WebRTC code\n (bmo#1580156)\n\n - CVE-2019-11745: Fixed an out of bounds write in NSS when\n encrypting with a block cipher (bmo#1586176)\n\n - CVE-2019-17009: Fixed an issue where updater temporary\n files accessible to unprivileged processes (bmo#1510494)\n\n - CVE-2019-17010: Fixed a use-after-free when performing\n device orientation checks (bmo#1581084)\n\n - CVE-2019-17005: Fixed a buffer overflow in plain text\n serializer (bmo#1584170)\n\n - CVE-2019-17011: Fixed a use-after-free when retrieving a\n document in antitracking (bmo#1591334)\n\n - CVE-2019-17012: Fixed multiple memmory issues\n (bmo#1449736, bmo#1533957, bmo#1560667,bmo#1567209,\n bmo#1580288, bmo#1585760, bmo#1592502)\n\nOther issues addressed :\n\n - New: Message display toolbar action WebExtension API\n (bmo#1531597)\n\n - New: Navigation buttons are now available in content\n tabs (bmo#787683)\n\n - Fixed an issue where write window was not always correct\n (bmo#1593280)\n\n - Fixed toolbar issues (bmo#1584160)\n\n - Fixed issues with LDAP lookup when SSL was enabled\n (bmo#1576364)\n\n - Fixed an issue with scam link confirmation panel\n (bmo#1596413)\n\n - Fixed an issue with the write window where the Link\n Properties dialog was not showing named anchors in\n context menu (bmo#1593629)\n\n - Fixed issues with calendar (bmo#1588516)\n\n - Fixed issues with chat where reordering via\n drag-and-drop was not working on Instant messaging\n status dialog (bmo#1591505)\n\nThis update was imported from the SUSE:SLE-15:Update update project.\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected MozillaThunderbird packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-17012\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/01/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/01/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/01/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.1\", reference:\"MozillaThunderbird-68.3.0-lp151.2.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"MozillaThunderbird-debuginfo-68.3.0-lp151.2.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"MozillaThunderbird-debugsource-68.3.0-lp151.2.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"MozillaThunderbird-translations-common-68.3.0-lp151.2.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"MozillaThunderbird-translations-other-68.3.0-lp151.2.19.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MozillaThunderbird / MozillaThunderbird-debuginfo / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:29:33", "description": "The remote SUSE Linux SLES11 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2019:14260-1 advisory.\n\n - When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71. (CVE-2019-11745)\n\n - Inappropriate implementation in WebRTC in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2019-13722)\n\n - The plain text serializer used a fixed-size array for the number of elements it could process;\n however it was possible to overflow the static-sized array leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71.\n (CVE-2019-17005)\n\n - When using nested workers, a use-after-free could occur during worker destruction. This resulted in a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71. (CVE-2019-17008)\n\n - When running, the updater service wrote status and log files to an unrestricted location; potentially allowing an unprivileged process to locate and exploit a vulnerability in file handling in the updater service. *Note: This attack requires local system access and only affects Windows. Other operating systems are not affected.*. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71.\n (CVE-2019-17009)\n\n - Under certain conditions, when checking the Resist Fingerprinting preference during device orientation checks, a race condition could have caused a use-after-free and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71. (CVE-2019-17010)\n\n - Under certain conditions, when retrieving a document from a DocShell in the antitracking code, a race condition could cause a use-after-free condition and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71. (CVE-2019-17011)\n\n - Mozilla developers reported memory safety bugs present in Firefox 70 and Firefox ESR 68.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71. (CVE-2019-17012)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-06-10T00:00:00", "type": "nessus", "title": "SUSE SLES11 Security Update : MozillaFirefox, mozilla-nspr, mozilla-nss (SUSE-SU-2019:14260-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11745", "CVE-2019-13722", "CVE-2019-17005", "CVE-2019-17008", "CVE-2019-17009", "CVE-2019-17010", "CVE-2019-17011", "CVE-2019-17012"], "modified": "2021-06-10T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:mozillafirefox", "p-cpe:/a:novell:suse_linux:mozillafirefox-translations-common", "p-cpe:/a:novell:suse_linux:mozillafirefox-translations-other", "p-cpe:/a:novell:suse_linux:libfreebl3", "p-cpe:/a:novell:suse_linux:libfreebl3-32bit", "p-cpe:/a:novell:suse_linux:libsoftokn3", "p-cpe:/a:novell:suse_linux:libsoftokn3-32bit", "p-cpe:/a:novell:suse_linux:mozilla-nspr", "p-cpe:/a:novell:suse_linux:mozilla-nspr-32bit", "p-cpe:/a:novell:suse_linux:mozilla-nspr-devel", "p-cpe:/a:novell:suse_linux:mozilla-nss", "p-cpe:/a:novell:suse_linux:mozilla-nss-32bit", "p-cpe:/a:novell:suse_linux:mozilla-nss-certs", "p-cpe:/a:novell:suse_linux:mozilla-nss-certs-32bit", "p-cpe:/a:novell:suse_linux:mozilla-nss-devel", "p-cpe:/a:novell:suse_linux:mozilla-nss-tools", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_SU-2019-14260-1.NASL", "href": "https://www.tenable.com/plugins/nessus/150601", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2019:14260-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(150601);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/06/10\");\n\n script_cve_id(\n \"CVE-2019-11745\",\n \"CVE-2019-13722\",\n \"CVE-2019-17005\",\n \"CVE-2019-17008\",\n \"CVE-2019-17009\",\n \"CVE-2019-17010\",\n \"CVE-2019-17011\",\n \"CVE-2019-17012\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2019:14260-1\");\n script_xref(name:\"IAVA\", value:\"2019-A-0438-S\");\n\n script_name(english:\"SUSE SLES11 Security Update : MozillaFirefox, mozilla-nspr, mozilla-nss (SUSE-SU-2019:14260-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES11 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe SUSE-SU-2019:14260-1 advisory.\n\n - When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the\n block size, a small out of bounds write could occur. This could have caused heap corruption and a\n potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and\n Firefox < 71. (CVE-2019-11745)\n\n - Inappropriate implementation in WebRTC in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2019-13722)\n\n - The plain text serializer used a fixed-size array for the number of elements it could process;\n however it was possible to overflow the static-sized array leading to memory corruption and a potentially\n exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71.\n (CVE-2019-17005)\n\n - When using nested workers, a use-after-free could occur during worker destruction. This resulted in a\n potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and\n Firefox < 71. (CVE-2019-17008)\n\n - When running, the updater service wrote status and log files to an unrestricted location; potentially\n allowing an unprivileged process to locate and exploit a vulnerability in file handling in the updater\n service. *Note: This attack requires local system access and only affects Windows. Other operating systems\n are not affected.*. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71.\n (CVE-2019-17009)\n\n - Under certain conditions, when checking the Resist Fingerprinting preference during device orientation\n checks, a race condition could have caused a use-after-free and a potentially exploitable crash. This\n vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71. (CVE-2019-17010)\n\n - Under certain conditions, when retrieving a document from a DocShell in the antitracking code, a race\n condition could cause a use-after-free condition and a potentially exploitable crash. This vulnerability\n affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71. (CVE-2019-17011)\n\n - Mozilla developers reported memory safety bugs present in Firefox 70 and Firefox ESR 68.2. Some of these\n bugs showed evidence of memory corruption and we presume that with enough effort some of these could have\n been exploited to run arbitrary code. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3,\n and Firefox < 71. (CVE-2019-17012)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1158328\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1158527\");\n # https://lists.suse.com/pipermail/sle-security-updates/2019-December/006283.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b7248b61\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-11745\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-13722\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-17005\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-17008\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-17009\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-17010\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-17011\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-17012\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-17012\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/12/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/06/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:MozillaFirefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:MozillaFirefox-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:MozillaFirefox-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libfreebl3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libfreebl3-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsoftokn3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsoftokn3-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mozilla-nspr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mozilla-nspr-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mozilla-nspr-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mozilla-nss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mozilla-nss-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mozilla-nss-certs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mozilla-nss-certs-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mozilla-nss-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mozilla-nss-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES11', 'SUSE ' + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE ' + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP4\", os_ver + \" SP\" + sp);\n\npkgs = [\n {'reference':'MozillaFirefox-68.3.0-78.54', 'sp':'4', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'MozillaFirefox-translations-common-68.3.0-78.54', 'sp':'4', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'MozillaFirefox-translations-other-68.3.0-78.54', 'sp':'4', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'libfreebl3-3.47.1-38.12', 'sp':'4', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'libfreebl3-32bit-3.47.1-38.12', 'sp':'4', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'libsoftokn3-3.47.1-38.12', 'sp':'4', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'libsoftokn3-32bit-3.47.1-38.12', 'sp':'4', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'mozilla-nspr-32bit-4.23-29.9', 'sp':'4', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'mozilla-nspr-4.23-29.9', 'sp':'4', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'mozilla-nspr-devel-4.23-29.9', 'sp':'4', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'mozilla-nss-3.47.1-38.12', 'sp':'4', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'mozilla-nss-32bit-3.47.1-38.12', 'sp':'4', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'mozilla-nss-certs-3.47.1-38.12', 'sp':'4', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'mozilla-nss-certs-32bit-3.47.1-38.12', 'sp':'4', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'mozilla-nss-devel-3.47.1-38.12', 'sp':'4', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'mozilla-nss-tools-3.47.1-38.12', 'sp':'4', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'MozillaFirefox-68.3.0-78.54', 'sp':'4', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'MozillaFirefox-translations-common-68.3.0-78.54', 'sp':'4', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'MozillaFirefox-translations-other-68.3.0-78.54', 'sp':'4', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'libfreebl3-3.47.1-38.12', 'sp':'4', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'libfreebl3-32bit-3.47.1-38.12', 'sp':'4', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'libsoftokn3-3.47.1-38.12', 'sp':'4', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'libsoftokn3-32bit-3.47.1-38.12', 'sp':'4', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'mozilla-nspr-32bit-4.23-29.9', 'sp':'4', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'mozilla-nspr-4.23-29.9', 'sp':'4', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'mozilla-nspr-devel-4.23-29.9', 'sp':'4', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'mozilla-nss-3.47.1-38.12', 'sp':'4', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'mozilla-nss-32bit-3.47.1-38.12', 'sp':'4', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'mozilla-nss-certs-3.47.1-38.12', 'sp':'4', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'mozilla-nss-certs-32bit-3.47.1-38.12', 'sp':'4', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'mozilla-nss-devel-3.47.1-38.12', 'sp':'4', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'mozilla-nss-tools-3.47.1-38.12', 'sp':'4', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n exists_check = NULL;\n rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release && exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n else if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n ltss_plugin_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in SUSE Enterprise Linux Server LTSS\\n' +\n 'repositories. Access to these package security updates require\\n' +\n 'a paid SUSE LTSS subscription.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + ltss_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'MozillaFirefox / MozillaFirefox-translations-common / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:33:03", "description": "This update for MozillaFirefox fixes the following issues :\n\nMozilla Firefox was updated to 68.3esr (MFSA 2019-37 bsc#1158328)\n\nSecurity issues fixed :\n\nCVE-2019-17008: Fixed a use-after-free in worker destruction (bmo#1546331)\n\nCVE-2019-13722: Fixed a stack corruption due to incorrect number of arguments in WebRTC code (bmo#1580156)\n\nCVE-2019-11745: Fixed an out of bounds write in NSS when encrypting with a block cipher (bmo#1586176)\n\nCVE-2019-17009: Fixed an issue where updater temporary files accessible to unprivileged processes (bmo#1510494)\n\nCVE-2019-17010: Fixed a use-after-free when performing device orientation checks (bmo#1581084)\n\nCVE-2019-17005: Fixed a buffer overflow in plain text serializer (bmo#1584170)\n\nCVE-2019-17011: Fixed a use-after-free when retrieving a document in antitracking (bmo#1591334)\n\nCVE-2019-17012: Fixed multiple memmory issues (bmo#1449736, bmo#1533957, bmo#1560667,bmo#1567209, bmo#1580288, bmo#1585760, bmo#1592502)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-12-20T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : MozillaFirefox (SUSE-SU-2019:3347-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11745", "CVE-2019-13722", "CVE-2019-17005", "CVE-2019-17008", "CVE-2019-17009", "CVE-2019-17010", "CVE-2019-17011", "CVE-2019-17012"], "modified": "2021-01-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:mozillafirefox", "p-cpe:/a:novell:suse_linux:mozillafirefox-debuginfo", "p-cpe:/a:novell:suse_linux:mozillafirefox-debugsource", "p-cpe:/a:novell:suse_linux:mozillafirefox-devel", "p-cpe:/a:novell:suse_linux:mozillafirefox-translations-common", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2019-3347-1.NASL", "href": "https://www.tenable.com/plugins/nessus/132336", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:3347-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(132336);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/13\");\n\n script_cve_id(\"CVE-2019-11745\", \"CVE-2019-13722\", \"CVE-2019-17005\", \"CVE-2019-17008\", \"CVE-2019-17009\", \"CVE-2019-17010\", \"CVE-2019-17011\", \"CVE-2019-17012\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : MozillaFirefox (SUSE-SU-2019:3347-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for MozillaFirefox fixes the following issues :\n\nMozilla Firefox was updated to 68.3esr (MFSA 2019-37 bsc#1158328)\n\nSecurity issues fixed :\n\nCVE-2019-17008: Fixed a use-after-free in worker destruction\n(bmo#1546331)\n\nCVE-2019-13722: Fixed a stack corruption due to incorrect number of\narguments in WebRTC code (bmo#1580156)\n\nCVE-2019-11745: Fixed an out of bounds write in NSS when encrypting\nwith a block cipher (bmo#1586176)\n\nCVE-2019-17009: Fixed an issue where updater temporary files\naccessible to unprivileged processes (bmo#1510494)\n\nCVE-2019-17010: Fixed a use-after-free when performing device\norientation checks (bmo#1581084)\n\nCVE-2019-17005: Fixed a buffer overflow in plain text serializer\n(bmo#1584170)\n\nCVE-2019-17011: Fixed a use-after-free when retrieving a document in\nantitracking (bmo#1591334)\n\nCVE-2019-17012: Fixed multiple memmory issues (bmo#1449736,\nbmo#1533957, bmo#1560667,bmo#1567209, bmo#1580288, bmo#1585760,\nbmo#1592502)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158328\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-11745/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-13722/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-17005/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-17008/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-17009/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-17010/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-17011/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-17012/\"\n );\n # https://www.suse.com/support/update/announcement/2019/suse-su-20193347-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?769ae548\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE OpenStack Cloud Crowbar 8:zypper in -t patch\nSUSE-OpenStack-Cloud-Crowbar-8-2019-3347=1\n\nSUSE OpenStack Cloud 8:zypper in -t patch\nSUSE-OpenStack-Cloud-8-2019-3347=1\n\nSUSE OpenStack Cloud 7:zypper in -t patch\nSUSE-OpenStack-Cloud-7-2019-3347=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP5:zypper in -t\npatch SUSE-SLE-SDK-12-SP5-2019-3347=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP4:zypper in -t\npatch SUSE-SLE-SDK-12-SP4-2019-3347=1\n\nSUSE Linux Enterprise Server for SAP 12-SP3:zypper in -t patch\nSUSE-SLE-SAP-12-SP3-2019-3347=1\n\nSUSE Linux Enterprise Server for SAP 12-SP2:zypper in -t patch\nSUSE-SLE-SAP-12-SP2-2019-3347=1\n\nSUSE Linux Enterprise Server for SAP 12-SP1:zypper in -t patch\nSUSE-SLE-SAP-12-SP1-2019-3347=1\n\nSUSE Linux Enterprise Server 12-SP5:zypper in -t patch\nSUSE-SLE-SERVER-12-SP5-2019-3347=1\n\nSUSE Linux Enterprise Server 12-SP4:zypper in -t patch\nSUSE-SLE-SERVER-12-SP4-2019-3347=1\n\nSUSE Linux Enterprise Server 12-SP3-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-SP3-2019-3347=1\n\nSUSE Linux Enterprise Server 12-SP3-BCL:zypper in -t patch\nSUSE-SLE-SERVER-12-SP3-BCL-2019-3347=1\n\nSUSE Linux Enterprise Server 12-SP2-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-2019-3347=1\n\nSUSE Linux Enterprise Server 12-SP2-BCL:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-BCL-2019-3347=1\n\nSUSE Linux Enterprise Server 12-SP1-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-SP1-2019-3347=1\n\nSUSE Linux Enterprise Desktop 12-SP4:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP4-2019-3347=1\n\nSUSE Enterprise Storage 5:zypper in -t patch\nSUSE-Storage-5-2019-3347=1\n\nHPE Helion Openstack 8:zypper in -t patch\nHPE-Helion-OpenStack-8-2019-3347=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-17012\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:MozillaFirefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:MozillaFirefox-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:MozillaFirefox-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:MozillaFirefox-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:MozillaFirefox-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/01/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(1|2|3|4|5)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP1/2/3/4/5\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"MozillaFirefox-68.3.0-109.98.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"MozillaFirefox-debuginfo-68.3.0-109.98.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"MozillaFirefox-debugsource-68.3.0-109.98.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"MozillaFirefox-devel-68.3.0-109.98.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"MozillaFirefox-translations-common-68.3.0-109.98.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"MozillaFirefox-68.3.0-109.98.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"MozillaFirefox-debuginfo-68.3.0-109.98.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"MozillaFirefox-debugsource-68.3.0-109.98.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"MozillaFirefox-translations-common-68.3.0-109.98.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"MozillaFirefox-68.3.0-109.98.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"MozillaFirefox-debuginfo-68.3.0-109.98.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"MozillaFirefox-debugsource-68.3.0-109.98.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"MozillaFirefox-translations-common-68.3.0-109.98.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"MozillaFirefox-68.3.0-109.98.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"MozillaFirefox-debuginfo-68.3.0-109.98.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"MozillaFirefox-debugsource-68.3.0-109.98.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"MozillaFirefox-devel-68.3.0-109.98.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"MozillaFirefox-translations-common-68.3.0-109.98.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"MozillaFirefox-68.3.0-109.98.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"MozillaFirefox-debuginfo-68.3.0-109.98.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"MozillaFirefox-debugsource-68.3.0-109.98.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"MozillaFirefox-translations-common-68.3.0-109.98.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"MozillaFirefox-68.3.0-109.98.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"MozillaFirefox-debuginfo-68.3.0-109.98.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"MozillaFirefox-debugsource-68.3.0-109.98.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"MozillaFirefox-translations-common-68.3.0-109.98.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MozillaFirefox\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:33:28", "description": "The version of Thunderbird installed on the remote Windows host is prior to 68.3. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2019-38 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2019-12-12T00:00:00", "type": "nessus", "title": "Mozilla Thunderbird < 68.3", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11745", "CVE-2019-13722", "CVE-2019-17005", "CVE-2019-17008", "CVE-2019-17009", "CVE-2019-17010", "CVE-2019-17011", "CVE-2019-17012"], "modified": "2020-01-16T00:00:00", "cpe": ["cpe:/a:mozilla:thunderbird"], "id": "MOZILLA_THUNDERBIRD_68_3.NASL", "href": "https://www.tenable.com/plugins/nessus/131956", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from Mozilla Foundation Security Advisory mfsa2019-38.\n# The text itself is copyright (C) Mozilla Foundation.\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(131956);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2020/01/16\");\n\n script_cve_id(\n \"CVE-2019-11745\",\n \"CVE-2019-13722\",\n \"CVE-2019-17005\",\n \"CVE-2019-17008\",\n \"CVE-2019-17009\",\n \"CVE-2019-17010\",\n \"CVE-2019-17011\",\n \"CVE-2019-17012\"\n );\n script_xref(name:\"MFSA\", value:\"2019-38\");\n\n script_name(english:\"Mozilla Thunderbird < 68.3\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A mail client installed on the remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Thunderbird installed on the remote Windows host is prior to 68.3. It is, therefore, affected by multiple\nvulnerabilities as referenced in the mfsa2019-38 advisory. Note that Nessus has not tested for this issue but has\ninstead relied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2019-38/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Mozilla Thunderbird version 68.3 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-17012\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/12/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:thunderbird\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"mozilla_org_installed.nasl\");\n script_require_keys(\"Mozilla/Thunderbird/Version\");\n\n exit(0);\n}\n\ninclude('mozilla_version.inc');\n\ninstalls = get_kb_list(\"SMB/Mozilla/Thunderbird/*\");\nif (isnull(installs)) audit(AUDIT_NOT_INST, \"Thunderbird\");\n\nmozilla_check_version(installs:installs, product:'thunderbird', esr:FALSE, fix:'68.3', severity:SECURITY_WARNING);\n\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:32:51", "description": "New mozilla-firefox packages are available for Slackware 14.2 and\n-current to fix security issues.", "cvss3": {}, "published": "2019-12-04T00:00:00", "type": "nessus", "title": "Slackware 14.2 / current : mozilla-firefox (SSA:2019-337-01)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11745", "CVE-2019-13722", "CVE-2019-17005", "CVE-2019-17008", "CVE-2019-17009", "CVE-2019-17010", "CVE-2019-17011", "CVE-2019-17012"], "modified": "2020-01-15T00:00:00", "cpe": ["p-cpe:/a:slackware:slackware_linux:mozilla-firefox", "cpe:/o:slackware:slackware_linux", "cpe:/o:slackware:slackware_linux:14.2"], "id": "SLACKWARE_SSA_2019-337-01.NASL", "href": "https://www.tenable.com/plugins/nessus/131681", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2019-337-01. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(131681);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2020/01/15\");\n\n script_cve_id(\"CVE-2019-11745\", \"CVE-2019-13722\", \"CVE-2019-17005\", \"CVE-2019-17008\", \"CVE-2019-17009\", \"CVE-2019-17010\", \"CVE-2019-17011\", \"CVE-2019-17012\");\n script_xref(name:\"SSA\", value:\"2019-337-01\");\n\n script_name(english:\"Slackware 14.2 / current : mozilla-firefox (SSA:2019-337-01)\");\n script_summary(english:\"Checks for updated package in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New mozilla-firefox packages are available for Slackware 14.2 and\n-current to fix security issues.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2019&m=slackware-security.408297\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?dce2c441\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mozilla-firefox package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-17012\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:mozilla-firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/01/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/04\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"14.2\", pkgname:\"mozilla-firefox\", pkgver:\"68.3.0esr\", pkgarch:\"i686\", pkgnum:\"1_slack14.2\")) flag++;\nif (slackware_check(osver:\"14.2\", arch:\"x86_64\", pkgname:\"mozilla-firefox\", pkgver:\"68.3.0esr\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.2\")) flag++;\n\nif (slackware_check(osver:\"current\", pkgname:\"mozilla-firefox\", pkgver:\"68.3.0esr\", pkgarch:\"i686\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", arch:\"x86_64\", pkgname:\"mozilla-firefox\", pkgver:\"68.3.0esr\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:slackware_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-21T16:52:40", "description": "Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, or execute arbitrary code.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-12-10T00:00:00", "type": "nessus", "title": "Ubuntu 18.04 LTS : Firefox vulnerabilities (USN-4216-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11745", "CVE-2019-11756", "CVE-2019-17005", "CVE-2019-17008", "CVE-2019-17010", "CVE-2019-17011", "CVE-2019-17012", "CVE-2019-17013", "CVE-2019-17014"], "modified": "2023-10-21T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:firefox", "p-cpe:/a:canonical:ubuntu_linux:firefox-dev", "p-cpe:/a:canonical:ubuntu_linux:firefox-geckodriver", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-af", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-an", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ar", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-as", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ast", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-az", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-be", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-bg", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-gu", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-he", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-hi", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-hr", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-hsb", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-hu", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-hy", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ia", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-id", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-is", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-it", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ja", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ka", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-kab", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-kk", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-km", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-kn", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ko", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ku", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-lg", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-lt", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-lv", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-mai", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-mk", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ml", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-mn", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-mr", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ms", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-my", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-nb", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ne", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-nl", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-nn", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-nso", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-oc", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-or", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-pa", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-pl", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-pt", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ro", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ru", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-si", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-sk", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-sl", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-sq", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-sr", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-sv", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-sw", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ta", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-te", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-th", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-tr", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-uk", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ur", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-uz", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-vi", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-xh", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-zh-hans", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-zh-hant", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-zu", "p-cpe:/a:canonical:ubuntu_linux:firefox-mozsymbols", "cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-bn", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-br", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-bs", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ca", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-cak", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-cs", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-csb", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-cy", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-da", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-de", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-el", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-en", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-eo", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-es", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-et", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-eu", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-fa", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-fi", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-fr", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-fy", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ga", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-gd", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-gl", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-gn"], "id": "UBUNTU_USN-4216-1.NASL", "href": "https://www.tenable.com/plugins/nessus/131924", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4216-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(131924);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/21\");\n\n script_cve_id(\n \"CVE-2019-11745\",\n \"CVE-2019-11756\",\n \"CVE-2019-17005\",\n \"CVE-2019-17008\",\n \"CVE-2019-17010\",\n \"CVE-2019-17011\",\n \"CVE-2019-17012\",\n \"CVE-2019-17013\",\n \"CVE-2019-17014\"\n );\n script_xref(name:\"USN\", value:\"4216-1\");\n\n script_name(english:\"Ubuntu 18.04 LTS : Firefox vulnerabilities (USN-4216-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"Multiple security issues were discovered in Firefox. If a user were\ntricked in to opening a specially crafted website, an attacker could\npotentially exploit these to cause a denial of service, obtain\nsensitive information, or execute arbitrary code.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-4216-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-17013\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/01/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-geckodriver\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-af\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-an\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-as\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ast\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-az\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-be\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-bg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-bn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-br\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-bs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ca\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-cak\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-cs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-csb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-cy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-da\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-de\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-en\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-eo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-es\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-et\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-eu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-fa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-fi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-fr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-fy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ga\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-gl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-gn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-gu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-he\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-hi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-hr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-hsb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-hu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-hy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ia\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-id\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-is\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-it\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ja\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ka\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-kab\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-kk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-km\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-kn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ko\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ku\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-lg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-lt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-lv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-mai\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-mk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-mn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-mr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-my\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-nb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ne\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-nl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-nn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-nso\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-oc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-or\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-pa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-pl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-pt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ro\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ru\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-si\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-sk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-sl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-sq\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-sr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-sv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-sw\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ta\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-te\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-th\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-tr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-uk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ur\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-uz\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-vi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-xh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-zh-hans\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-zh-hant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-zu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-mozsymbols\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2019-2023 Canonical, Inc. / NASL script (C) 2019-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nos_release = chomp(os_release);\nif (! ('18.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 18.04', 'Ubuntu ' + os_release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar pkgs = [\n {'osver': '18.04', 'pkgname': 'firefox', 'pkgver': '71.0+build5-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'firefox-dev', 'pkgver': '71.0+build5-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'firefox-geckodriver', 'pkgver': '71.0+build5-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-af', 'pkgver': '71.0+build5-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-an', 'pkgver': '71.0+build5-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-ar', 'pkgver': '71.0+build5-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-as', 'pkgver': '71.0+build5-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-ast', 'pkgver': '71.0+build5-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-az', 'pkgver': '71.0+build5-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-be', 'pkgver': '71.0+build5-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-bg', 'pkgver': '71.0+build5-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-bn', 'pkgver': '71.0+build5-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-br', 'pkgver': '71.0+build5-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-bs', 'pkgver': '71.0+build5-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-ca', 'pkgver': '71.0+build5-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-cak', 'pkgver': '71.0+build5-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-cs', 'pkgver': '71.0+build5-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-csb', 'pkgver': '71.0+build5-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-cy', 'pkgver': '71.0+build5-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-da', 'pkgver': '71.0+build5-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-de', 'pkgver': '71.0+build5-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-el', 'pkgver': '71.0+build5-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-en', 'pkgver': '71.0+build5-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-eo', 'pkgver': '71.0+build5-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-es', 'pkgver': '71.0+build5-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-et', 'pkgver': '71.0+build5-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-eu', 'pkgver': '71.0+build5-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-fa', 'pkgver': '71.0+build5-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-fi', 'pkgver': '71.0+build5-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-fr', 'pkgver': '71.0+build5-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-fy', 'pkgver': '71.0+build5-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-ga', 'pkgver': '71.0+build5-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-gd', 'pkgver': '71.0+build5-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-gl', 'pkgver': '71.0+build5-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-gn', 'pkgver': '71.0+build5-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-gu', 'pkgver': '71.0+build5-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-he', 'pkgver': '71.0+build5-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-hi', 'pkgver': '71.0+build5-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-hr', 'pkgver': '71.0+build5-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-hsb', 'pkgver': '71.0+build5-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-hu', 'pkgver': '71.0+build5-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-hy', 'pkgver': '71.0+build5-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-ia', 'pkgver': '71.0+build5-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-id', 'pkgver': '71.0+build5-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-is', 'pkgver': '71.0+build5-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-it', 'pkgver': '71.0+build5-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-ja', 'pkgver': '71.0+build5-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-ka', 'pkgver': '71.0+build5-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-kab', 'pkgver': '71.0+build5-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-kk', 'pkgver': '71.0+build5-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-km', 'pkgver': '71.0+build5-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-kn', 'pkgver': '71.0+build5-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-ko', 'pkgver': '71.0+build5-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-ku', 'pkgver': '71.0+build5-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-lg', 'pkgver': '71.0+build5-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-lt', 'pkgver': '71.0+build5-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-lv', 'pkgver': '71.0+build5-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-mai', 'pkgver': '71.0+build5-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-mk', 'pkgver': '71.0+build5-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-ml', 'pkgver': '71.0+build5-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-mn', 'pkgver': '71.0+build5-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-mr', 'pkgver': '71.0+build5-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-ms', 'pkgver': '71.0+build5-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-my', 'pkgver': '71.0+build5-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-nb', 'pkgver': '71.0+build5-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-ne', 'pkgver': '71.0+build5-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-nl', 'pkgver': '71.0+build5-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-nn', 'pkgver': '71.0+build5-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-nso', 'pkgver': '71.0+build5-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-oc', 'pkgver': '71.0+build5-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-or', 'pkgver': '71.0+build5-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-pa', 'pkgver': '71.0+build5-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-pl', 'pkgver': '71.0+build5-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-pt', 'pkgver': '71.0+build5-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-ro', 'pkgver': '71.0+build5-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-ru', 'pkgver': '71.0+build5-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-si', 'pkgver': '71.0+build5-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-sk', 'pkgver': '71.0+build5-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-sl', 'pkgver': '71.0+build5-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-sq', 'pkgver': '71.0+build5-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-sr', 'pkgver': '71.0+build5-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-sv', 'pkgver': '71.0+build5-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-sw', 'pkgver': '71.0+build5-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-ta', 'pkgver': '71.0+build5-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-te', 'pkgver': '71.0+build5-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-th', 'pkgver': '71.0+build5-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-tr', 'pkgver': '71.0+build5-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-uk', 'pkgver': '71.0+build5-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-ur', 'pkgver': '71.0+build5-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-uz', 'pkgver': '71.0+build5-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-vi', 'pkgver': '71.0+build5-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-xh', 'pkgver': '71.0+build5-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-zh-hans', 'pkgver': '71.0+build5-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-zh-hant', 'pkgver': '71.0+build5-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-zu', 'pkgver': '71.0+build5-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'firefox-mozsymbols', 'pkgver': '71.0+build5-0ubuntu0.18.04.1'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var osver = NULL;\n var pkgname = NULL;\n var pkgver = NULL;\n if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];\n if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];\n if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];\n if (osver && pkgname && pkgver) {\n if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'firefox / firefox-dev / firefox-geckodriver / firefox-locale-af / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:32:54", "description": "The version of Firefox installed on the remote macOS or Mac OS X host is prior to 71.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2019-36 advisory. \n\n - When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. (CVE-2019-11745)\n\n - Improper refcounting of soft token session objects could cause a use-after-free and crash (likely limited to a denial of service). (CVE-2019-11756)\n\n - When using nested workers, a use-after-free could occur during worker destruction. This resulted in a potentially exploitable crash. (CVE-2019-17008)\n\n - Under certain conditions, when checking the Resist Fingerprinting preference during device orientation checks, a race condition could have caused a use-after-free and a potentially exploitable crash. (CVE-2019-17010)\n\n - Under certain conditions, when retrieving a document from a DocShell in the antitracking code, a race condition could cause a use-after-free condition and a potentially exploitable crash. (CVE-2019-17011)\n\n - Mozilla developers Christoph Diehl, Nathan Froyd, Jason Kratzer, Christian Holler, Karl Tomlinson, Tyson Smith reported memory safety bugs present in Firefox 70 and Firefox ESR 68.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.\n (CVE-2019-17012)\n\n - Mozilla developers and community members Philipp, Diego Calleja, Mikhail Gavrilov, Jason Kratzer, Christian Holler, Markus Stange, Tyson Smith reported memory safety bugs present in Firefox 70. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. (CVE-2019-17013)\n\n - If an image had not loaded correctly (such as when it is not actually an image), it could be dragged and dropped cross-domain, resulting in a cross-origin information leak.\n (CVE-2019-17014)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2019-12-06T00:00:00", "type": "nessus", "title": "Mozilla Firefox < 71.0", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11745", "CVE-2019-11756", "CVE-2019-17005", "CVE-2019-17008", "CVE-2019-17010", "CVE-2019-17011", "CVE-2019-17012", "CVE-2019-17013", "CVE-2019-17014"], "modified": "2020-01-16T00:00:00", "cpe": ["cpe:/a:mozilla:firefox"], "id": "MACOS_FIREFOX_71_0.NASL", "href": "https://www.tenable.com/plugins/nessus/131772", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n# The descriptive text and package checks in this plugin were\n# extracted from Mozilla Foundation Security Advisory mfsa2019-36.\n# The text itself is copyright (C) Mozilla Foundation.\n\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(131772);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2020/01/16\");\n\n script_cve_id(\n \"CVE-2019-11745\",\n \"CVE-2019-11756\",\n \"CVE-2019-17005\",\n \"CVE-2019-17008\",\n \"CVE-2019-17010\",\n \"CVE-2019-17011\",\n \"CVE-2019-17012\",\n \"CVE-2019-17013\",\n \"CVE-2019-17014\"\n );\n script_xref(name:\"MFSA\", value:\"2019-36\");\n\n script_name(english:\"Mozilla Firefox < 71.0\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote macOS or Mac OS X host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Firefox installed on the remote macOS or Mac OS X host is prior to 71.0. It is, therefore, affected by\nmultiple vulnerabilities as referenced in the mfsa2019-36 advisory. \n\n - When encrypting with a block cipher, if a call to \n NSC_EncryptUpdate was made with data smaller than the block \n size, a small out of bounds write could occur. This could \n have caused heap corruption and a potentially exploitable \n crash. (CVE-2019-11745)\n\n - Improper refcounting of soft token session objects could \n cause a use-after-free and crash (likely limited to a denial \n of service). (CVE-2019-11756)\n\n - When using nested workers, a use-after-free could occur \n during worker destruction. This resulted in a potentially\n exploitable crash. (CVE-2019-17008)\n\n - Under certain conditions, when checking the Resist \n Fingerprinting preference during device orientation checks, \n a race condition could have caused a use-after-free and a\n potentially exploitable crash. (CVE-2019-17010)\n\n - Under certain conditions, when retrieving a document from \n a DocShell in the antitracking code, a race condition \n could cause a use-after-free condition and a potentially \n exploitable crash. (CVE-2019-17011)\n\n - Mozilla developers Christoph Diehl, Nathan Froyd, Jason \n Kratzer, Christian Holler, Karl Tomlinson, Tyson Smith \n reported memory safety bugs present in Firefox 70 and \n Firefox ESR 68.2. Some of these bugs showed evidence of \n memory corruption and we presume that with enough effort \n some of these could have been exploited to run arbitrary code.\n (CVE-2019-17012)\n\n - Mozilla developers and community members Philipp, Diego \n Calleja, Mikhail Gavrilov, Jason Kratzer, Christian \n Holler, Markus Stange, Tyson Smith reported memory safety \n bugs present in Firefox 70. Some of these bugs showed \n evidence of memory corruption and we presume that with \n enough effort some of these could have been exploited to \n run arbitrary code. (CVE-2019-17013)\n\n - If an image had not loaded correctly (such as when it is \n not actually an image), it could be dragged and dropped \n cross-domain, resulting in a cross-origin information leak.\n (CVE-2019-17014)\n\nNote that Nessus has not tested for this issue but has instead relied\nonly on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2019-36/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Mozilla Firefox version 71.0 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-17013\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/12/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/06\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:firefox\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_firefox_installed.nasl\");\n script_require_keys(\"MacOSX/Firefox/Installed\");\n\n exit(0);\n}\n\ninclude('mozilla_version.inc');\n\nkb_base = 'MacOSX/Firefox';\nget_kb_item_or_exit(kb_base+'/Installed');\n\nversion = get_kb_item_or_exit(kb_base+'/Version', exit_code:1);\npath = get_kb_item_or_exit(kb_base+'/Path', exit_code:1);\n\nis_esr = get_kb_item(kb_base+'/is_esr');\nif (is_esr) exit(0, 'The Mozilla Firefox installation is in the ESR branch.');\n\nmozilla_check_version(version:version, path:path, product:'firefox', esr:FALSE, fix:'71.0', severity:SECURITY_WARNING);\n\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-21T16:39:10", "description": "The remote Ubuntu 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4216-2 advisory.\n\n - When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71. (CVE-2019-11745)\n\n - Improper refcounting of soft token session objects could cause a use-after-free and crash (likely limited to a denial of service). This vulnerability affects Firefox < 71. (CVE-2019-11756)\n\n - The plain text serializer used a fixed-size array for the number of <ol> elements it could process;\n however it was possible to overflow the static-sized array leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71.\n (CVE-2019-17005)\n\n - When using nested workers, a use-after-free could occur during worker destruction. This resulted in a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71. (CVE-2019-17008)\n\n - Under certain conditions, when checking the Resist Fingerprinting preference during device orientation checks, a race condition could have caused a use-after-free and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71. (CVE-2019-17010)\n\n - Under certain conditions, when retrieving a document from a DocShell in the antitracking code, a race condition could cause a use-after-free condition and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71. (CVE-2019-17011)\n\n - Mozilla developers reported memory safety bugs present in Firefox 70 and Firefox ESR 68.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71. (CVE-2019-17012)\n\n - Mozilla developers reported memory safety bugs present in Firefox 70. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 71. (CVE-2019-17013)\n\n - If an image had not loaded correctly (such as when it is not actually an image), it could be dragged and dropped cross-domain, resulting in a cross-origin information leak. This vulnerability affects Firefox < 71. (CVE-2019-17014)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-10-20T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS : Firefox vulnerabilities (USN-4216-2)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11745", "CVE-2019-11756", "CVE-2019-17005", "CVE-2019-17008", "CVE-2019-17010", "CVE-2019-17011", "CVE-2019-17012", "CVE-2019-17013", "CVE-2019-17014"], "modified": "2023-10-20T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:16.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:firefox", "p-cpe:/a:canonical:ubuntu_linux:firefox-dev", "p-cpe:/a:canonical:ubuntu_linux:firefox-geckodriver", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-af", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-an", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ar", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-as", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ast", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-az", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-be", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-bg", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-bn", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-br", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-bs", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ca", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-cak", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-cs", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-csb", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-cy", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-da", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-de", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-el", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-en", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-eo", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-es", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-et", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-eu", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-my", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-nb", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ne", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-nl", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-nn", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-nso", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-oc", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-or", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-pa", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-pl", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-pt", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ro", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-fa", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-fi", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-fr", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-fy", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ga", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-gd", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-gl", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-gn", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-gu", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-he", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-hi", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-hr", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-hsb", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-hu", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-hy", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ia", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-id", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-is", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-it", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ja", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ka", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-kab", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-kk", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-km", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-kn", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ko", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ku", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-lg", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-lt", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-lv", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-mai", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-mk", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ml", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-mn", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-mr", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ms", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ru", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-si", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-sk", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-sl", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-sq", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-sr", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-sv", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-sw", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ta", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-te", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-th", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-tr", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-uk", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ur", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-uz", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-vi", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-xh", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-zh-hans", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-zh-hant", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-zu", "p-cpe:/a:canonical:ubuntu_linux:firefox-mozsymbols"], "id": "UBUNTU_USN-4216-2.NASL", "href": "https://www.tenable.com/plugins/nessus/183555", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4216-2. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(183555);\n script_version(\"1.0\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/20\");\n\n script_cve_id(\n \"CVE-2019-11745\",\n \"CVE-2019-11756\",\n \"CVE-2019-17005\",\n \"CVE-2019-17008\",\n \"CVE-2019-17010\",\n \"CVE-2019-17011\",\n \"CVE-2019-17012\",\n \"CVE-2019-17013\",\n \"CVE-2019-17014\"\n );\n script_xref(name:\"IAVA\", value:\"2019-A-0438-S\");\n script_xref(name:\"USN\", value:\"4216-2\");\n\n script_name(english:\"Ubuntu 16.04 LTS : Firefox vulnerabilities (USN-4216-2)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe USN-4216-2 advisory.\n\n - When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the\n block size, a small out of bounds write could occur. This could have caused heap corruption and a\n potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and\n Firefox < 71. (CVE-2019-11745)\n\n - Improper refcounting of soft token session objects could cause a use-after-free and crash (likely limited\n to a denial of service). This vulnerability affects Firefox < 71. (CVE-2019-11756)\n\n - The plain text serializer used a fixed-size array for the number of <ol> elements it could process;\n however it was possible to overflow the static-sized array leading to memory corruption and a potentially\n exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71.\n (CVE-2019-17005)\n\n - When using nested workers, a use-after-free could occur during worker destruction. This resulted in a\n potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and\n Firefox < 71. (CVE-2019-17008)\n\n - Under certain conditions, when checking the Resist Fingerprinting preference during device orientation\n checks, a race condition could have caused a use-after-free and a potentially exploitable crash. This\n vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71. (CVE-2019-17010)\n\n - Under certain conditions, when retrieving a document from a DocShell in the antitracking code, a race\n condition could cause a use-after-free condition and a potentially exploitable crash. This vulnerability\n affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71. (CVE-2019-17011)\n\n - Mozilla developers reported memory safety bugs present in Firefox 70 and Firefox ESR 68.2. Some of these\n bugs showed evidence of memory corruption and we presume that with enough effort some of these could have\n been exploited to run arbitrary code. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3,\n and Firefox < 71. (CVE-2019-17012)\n\n - Mozilla developers reported memory safety bugs present in Firefox 70. Some of these bugs showed evidence\n of memory corruption and we presume that with enough effort some of these could have been exploited to run\n arbitrary code. This vulnerability affects Firefox < 71. (CVE-2019-17013)\n\n - If an image had not loaded correctly (such as when it is not actually an image), it could be dragged and\n dropped cross-domain, resulting in a cross-origin information leak. This vulnerability affects Firefox <\n 71. (CVE-2019-17014)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-4216-2\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-17013\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/12/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/10/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-geckodriver\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-af\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-an\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-as\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ast\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-az\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-be\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-bg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-bn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-br\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-bs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ca\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-cak\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-cs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-csb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-cy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-da\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-de\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-en\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-eo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-es\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-et\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-eu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-fa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-fi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-fr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-fy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ga\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-gl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-gn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-gu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-he\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-hi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-hr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-hsb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-hu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-hy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ia\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-id\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-is\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-it\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ja\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ka\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-kab\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-kk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-km\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-kn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ko\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ku\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-lg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-lt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-lv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-mai\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-mk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-mn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-mr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-my\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-nb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ne\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-nl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-nn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-nso\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-oc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-or\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-pa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-pl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-pt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ro\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ru\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-si\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-sk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-sl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-sq\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-sr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-sv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-sw\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ta\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-te\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-th\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-tr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-uk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ur\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-uz\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-vi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-xh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-zh-hans\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-zh-hant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-zu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-mozsymbols\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2023 Canonical, Inc. / NASL script (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nos_release = chomp(os_release);\nif (! ('16.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 16.04', 'Ubuntu ' + os_release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar pkgs = [\n {'osver': '16.04', 'pkgname': 'firefox', 'pkgver': '71.0+build5-0ubuntu0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'firefox-dev', 'pkgver': '71.0+build5-0ubuntu0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'firefox-geckodriver', 'pkgver': '71.0+build5-0ubuntu0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-af', 'pkgver': '71.0+build5-0ubuntu0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-an', 'pkgver': '71.0+build5-0ubuntu0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-ar', 'pkgver': '71.0+build5-0ubuntu0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-as', 'pkgver': '71.0+build5-0ubuntu0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-ast', 'pkgver': '71.0+build5-0ubuntu0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-az', 'pkgver': '71.0+build5-0ubuntu0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-be', 'pkgver': '71.0+build5-0ubuntu0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-bg', 'pkgver': '71.0+build5-0ubuntu0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-bn', 'pkgver': '71.0+build5-0ubuntu0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-br', 'pkgver': '71.0+build5-0ubuntu0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-bs', 'pkgver': '71.0+build5-0ubuntu0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-ca', 'pkgver': '71.0+build5-0ubuntu0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-cak', 'pkgver': '71.0+build5-0ubuntu0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-cs', 'pkgver': '71.0+build5-0ubuntu0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-csb', 'pkgver': '71.0+build5-0ubuntu0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-cy', 'pkgver': '71.0+build5-0ubuntu0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-da', 'pkgver': '71.0+build5-0ubuntu0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-de', 'pkgver': '71.0+build5-0ubuntu0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-el', 'pkgver': '71.0+build5-0ubuntu0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-en', 'pkgver': '71.0+build5-0ubuntu0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-eo', 'pkgver': '71.0+build5-0ubuntu0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-es', 'pkgver': '71.0+build5-0ubuntu0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-et', 'pkgver': '71.0+build5-0ubuntu0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-eu', 'pkgver': '71.0+build5-0ubuntu0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-fa', 'pkgver': '71.0+build5-0ubuntu0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-fi', 'pkgver': '71.0+build5-0ubuntu0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-fr', 'pkgver': '71.0+build5-0ubuntu0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-fy', 'pkgver': '71.0+build5-0ubuntu0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-ga', 'pkgver': '71.0+build5-0ubuntu0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-gd', 'pkgver': '71.0+build5-0ubuntu0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-gl', 'pkgver': '71.0+build5-0ubuntu0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-gn', 'pkgver': '71.0+build5-0ubuntu0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-gu', 'pkgver': '71.0+build5-0ubuntu0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-he', 'pkgver': '71.0+build5-0ubuntu0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-hi', 'pkgver': '71.0+build5-0ubuntu0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-hr', 'pkgver': '71.0+build5-0ubuntu0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-hsb', 'pkgver': '71.0+build5-0ubuntu0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-hu', 'pkgver': '71.0+build5-0ubuntu0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-hy', 'pkgver': '71.0+build5-0ubuntu0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-ia', 'pkgver': '71.0+build5-0ubuntu0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-id', 'pkgver': '71.0+build5-0ubuntu0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-is', 'pkgver': '71.0+build5-0ubuntu0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-it', 'pkgver': '71.0+build5-0ubuntu0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-ja', 'pkgver': '71.0+build5-0ubuntu0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-ka', 'pkgver': '71.0+build5-0ubuntu0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-kab', 'pkgver': '71.0+build5-0ubuntu0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-kk', 'pkgver': '71.0+build5-0ubuntu0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-km', 'pkgver': '71.0+build5-0ubuntu0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-kn', 'pkgver': '71.0+build5-0ubuntu0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-ko', 'pkgver': '71.0+build5-0ubuntu0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-ku', 'pkgver': '71.0+build5-0ubuntu0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-lg', 'pkgver': '71.0+build5-0ubuntu0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-lt', 'pkgver': '71.0+build5-0ubuntu0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-lv', 'pkgver': '71.0+build5-0ubuntu0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-mai', 'pkgver': '71.0+build5-0ubuntu0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-mk', 'pkgver': '71.0+build5-0ubuntu0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-ml', 'pkgver': '71.0+build5-0ubuntu0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-mn', 'pkgver': '71.0+build5-0ubuntu0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-mr', 'pkgver': '71.0+build5-0ubuntu0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-ms', 'pkgver': '71.0+build5-0ubuntu0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-my', 'pkgver': '71.0+build5-0ubuntu0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-nb', 'pkgver': '71.0+build5-0ubuntu0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-ne', 'pkgver': '71.0+build5-0ubuntu0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-nl', 'pkgver': '71.0+build5-0ubuntu0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-nn', 'pkgver': '71.0+build5-0ubuntu0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-nso', 'pkgver': '71.0+build5-0ubuntu0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-oc', 'pkgver': '71.0+build5-0ubuntu0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-or', 'pkgver': '71.0+build5-0ubuntu0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-pa', 'pkgver': '71.0+build5-0ubuntu0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-pl', 'pkgver': '71.0+build5-0ubuntu0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-pt', 'pkgver': '71.0+build5-0ubuntu0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-ro', 'pkgver': '71.0+build5-0ubuntu0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-ru', 'pkgver': '71.0+build5-0ubuntu0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-si', 'pkgver': '71.0+build5-0ubuntu0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-sk', 'pkgver': '71.0+build5-0ubuntu0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-sl', 'pkgver': '71.0+build5-0ubuntu0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-sq', 'pkgver': '71.0+build5-0ubuntu0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-sr', 'pkgver': '71.0+build5-0ubuntu0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-sv', 'pkgver': '71.0+build5-0ubuntu0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-sw', 'pkgver': '71.0+build5-0ubuntu0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-ta', 'pkgver': '71.0+build5-0ubuntu0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-te', 'pkgver': '71.0+build5-0ubuntu0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-th', 'pkgver': '71.0+build5-0ubuntu0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-tr', 'pkgver': '71.0+build5-0ubuntu0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-uk', 'pkgver': '71.0+build5-0ubuntu0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-ur', 'pkgver': '71.0+build5-0ubuntu0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-uz', 'pkgver': '71.0+build5-0ubuntu0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-vi', 'pkgver': '71.0+build5-0ubuntu0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-xh', 'pkgver': '71.0+build5-0ubuntu0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-zh-hans', 'pkgver': '71.0+build5-0ubuntu0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-zh-hant', 'pkgver': '71.0+build5-0ubuntu0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-zu', 'pkgver': '71.0+build5-0ubuntu0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'firefox-mozsymbols', 'pkgver': '71.0+build5-0ubuntu0.16.04.1'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var osver = NULL;\n var pkgname = NULL;\n var pkgver = NULL;\n if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];\n if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];\n if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];\n if (osver && pkgname && pkgver) {\n if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'firefox / firefox-dev / firefox-geckodriver / firefox-locale-af / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-28T14:06:12", "description": "The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:0292 advisory.\n\n - Mozilla: Buffer overflow in plain text serializer (CVE-2019-17005)\n\n - Mozilla: Use-after-free in worker destruction (CVE-2019-17008)\n\n - Mozilla: Use-after-free when performing device orientation checks (CVE-2019-17010)\n\n - Mozilla: Use-after-free when retrieving a document in antitracking (CVE-2019-17011)\n\n - Mozilla: Memory safety bugs fixed in Firefox 71 and Firefox ESR 68.3 (CVE-2019-17012)\n\n - Mozilla: Bypass of @namespace CSS sanitization during pasting (CVE-2019-17016)\n\n - Mozilla: Type Confusion in XPCVariant.cpp (CVE-2019-17017)\n\n - Mozilla: CSS sanitization does not escape HTML tags (CVE-2019-17022)\n\n - Mozilla: Memory safety bugs fixed in Firefox 72 and Firefox ESR 68.4 (CVE-2019-17024)\n\n - Mozilla: IonMonkey type confusion with StoreElementHole and FallibleStoreElement (CVE-2019-17026)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-01-31T00:00:00", "type": "nessus", "title": "RHEL 8 : thunderbird (RHSA-2020:0292)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-17005", "CVE-2019-17008", "CVE-2019-17010", "CVE-2019-17011", "CVE-2019-17012", "CVE-2019-17016", "CVE-2019-17017", "CVE-2019-17022", "CVE-2019-17024", "CVE-2019-17026"], "modified": "2023-05-25T00:00:00", "cpe": ["cpe:/o:redhat:rhel_e4s:8.0", "p-cpe:/a:redhat:enterprise_linux:thunderbird"], "id": "REDHAT-RHSA-2020-0292.NASL", "href": "https://www.tenable.com/plugins/nessus/133384", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:0292. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(133384);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/25\");\n\n script_cve_id(\n \"CVE-2019-17005\",\n \"CVE-2019-17008\",\n \"CVE-2019-17010\",\n \"CVE-2019-17011\",\n \"CVE-2019-17012\",\n \"CVE-2019-17016\",\n \"CVE-2019-17017\",\n \"CVE-2019-17022\",\n \"CVE-2019-17024\",\n \"CVE-2019-17026\"\n );\n script_xref(name:\"RHSA\", value:\"2020:0292\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n script_xref(name:\"IAVA\", value:\"2020-A-0002-S\");\n script_xref(name:\"IAVA\", value:\"2019-A-0438-S\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0007\");\n\n script_name(english:\"RHEL 8 : thunderbird (RHSA-2020:0292)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:0292 advisory.\n\n - Mozilla: Buffer overflow in plain text serializer (CVE-2019-17005)\n\n - Mozilla: Use-after-free in worker destruction (CVE-2019-17008)\n\n - Mozilla: Use-after-free when performing device orientation checks (CVE-2019-17010)\n\n - Mozilla: Use-after-free when retrieving a document in antitracking (CVE-2019-17011)\n\n - Mozilla: Memory safety bugs fixed in Firefox 71 and Firefox ESR 68.3 (CVE-2019-17012)\n\n - Mozilla: Bypass of @namespace CSS sanitization during pasting (CVE-2019-17016)\n\n - Mozilla: Type Confusion in XPCVariant.cpp (CVE-2019-17017)\n\n - Mozilla: CSS sanitization does not escape HTML tags (CVE-2019-17022)\n\n - Mozilla: Memory safety bugs fixed in Firefox 72 and Firefox ESR 68.4 (CVE-2019-17024)\n\n - Mozilla: IonMonkey type confusion with StoreElementHole and FallibleStoreElement (CVE-2019-17026)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-17005\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-17008\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-17010\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-17011\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-17012\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-17016\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-17017\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-17022\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-17024\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-17026\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:0292\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1779431\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1779434\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1779435\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1779436\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1779437\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1788723\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1788724\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1788726\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1788727\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1789214\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected thunderbird package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-17026\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_cwe_id(79, 120, 416, 843);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/12/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/01/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/01/31\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:thunderbird\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'eq', os_version: os_ver, rhel_version: '8.0')) audit(AUDIT_OS_NOT, 'Red Hat 8.0', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/e4s/rhel8/8.0/ppc64le/appstream/debug',\n 'content/e4s/rhel8/8.0/ppc64le/appstream/os',\n 'content/e4s/rhel8/8.0/ppc64le/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.0/ppc64le/baseos/debug',\n 'content/e4s/rhel8/8.0/ppc64le/baseos/os',\n 'content/e4s/rhel8/8.0/ppc64le/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.0/ppc64le/highavailability/debug',\n 'content/e4s/rhel8/8.0/ppc64le/highavailability/os',\n 'content/e4s/rhel8/8.0/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.0/ppc64le/sap-solutions/debug',\n 'content/e4s/rhel8/8.0/ppc64le/sap-solutions/os',\n 'content/e4s/rhel8/8.0/ppc64le/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.0/ppc64le/sap/debug',\n 'content/e4s/rhel8/8.0/ppc64le/sap/os',\n 'content/e4s/rhel8/8.0/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel8/8.0/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.0/x86_64/appstream/os',\n 'content/e4s/rhel8/8.0/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.0/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.0/x86_64/baseos/os',\n 'content/e4s/rhel8/8.0/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.0/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.0/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.0/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.0/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.0/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.0/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.0/x86_64/sap/debug',\n 'content/e4s/rhel8/8.0/x86_64/sap/os',\n 'content/e4s/rhel8/8.0/x86_64/sap/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'thunderbird-68.4.1-2.el8_0', 'sp':'0', 'cpu':'ppc64le', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},\n {'reference':'thunderbird-68.4.1-2.el8_0', 'sp':'0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var subscription_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in the Red Hat Enterprise Linux\\n' +\n 'Update Services for SAP Solutions repository.\\n' +\n 'Access to this repository requires a paid RHEL subscription.\\n';\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = subscription_caveat + rpm_report_get() + redhat_report_repo_caveat();\n else extra = subscription_caveat + rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'thunderbird');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-26T14:16:55", "description": "The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:0295 advisory.\n\n - Mozilla: Buffer overflow in plain text serializer (CVE-2019-17005)\n\n - Mozilla: Use-after-free in worker destruction (CVE-2019-17008)\n\n - Mozilla: Use-after-free when performing device orientation checks (CVE-2019-17010)\n\n - Mozilla: Use-after-free when retrieving a document in antitracking (CVE-2019-17011)\n\n - Mozilla: Memory safety bugs fixed in Firefox 71 and Firefox ESR 68.3 (CVE-2019-17012)\n\n - Mozilla: Bypass of @namespace CSS sanitization during pasting (CVE-2019-17016)\n\n - Mozilla: Type Confusion in XPCVariant.cpp (CVE-2019-17017)\n\n - Mozilla: CSS sanitization does not escape HTML tags (CVE-2019-17022)\n\n - Mozilla: Memory safety bugs fixed in Firefox 72 and Firefox ESR 68.4 (CVE-2019-17024)\n\n - Mozilla: IonMonkey type confusion with StoreElementHole and FallibleStoreElement (CVE-2019-17026)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-01-31T00:00:00", "type": "nessus", "title": "RHEL 8 : firefox (RHSA-2020:0295)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-17005", "CVE-2019-17008", "CVE-2019-17010", "CVE-2019-17011", "CVE-2019-17012", "CVE-2019-17016", "CVE-2019-17017", "CVE-2019-17022", "CVE-2019-17024", "CVE-2019-17026"], "modified": "2023-05-25T00:00:00", "cpe": ["cpe:/o:redhat:rhel_e4s:8.0", "p-cpe:/a:redhat:enterprise_linux:firefox"], "id": "REDHAT-RHSA-2020-0295.NASL", "href": "https://www.tenable.com/plugins/nessus/133386", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:0295. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(133386);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/25\");\n\n script_cve_id(\n \"CVE-2019-17005\",\n \"CVE-2019-17008\",\n \"CVE-2019-17010\",\n \"CVE-2019-17011\",\n \"CVE-2019-17012\",\n \"CVE-2019-17016\",\n \"CVE-2019-17017\",\n \"CVE-2019-17022\",\n \"CVE-2019-17024\",\n \"CVE-2019-17026\"\n );\n script_xref(name:\"RHSA\", value:\"2020:0295\");\n script_xref(name:\"IAVA\", value:\"2019-A-0438-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0002-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0007\");\n\n script_name(english:\"RHEL 8 : firefox (RHSA-2020:0295)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:0295 advisory.\n\n - Mozilla: Buffer overflow in plain text serializer (CVE-2019-17005)\n\n - Mozilla: Use-after-free in worker destruction (CVE-2019-17008)\n\n - Mozilla: Use-after-free when performing device orientation checks (CVE-2019-17010)\n\n - Mozilla: Use-after-free when retrieving a document in antitracking (CVE-2019-17011)\n\n - Mozilla: Memory safety bugs fixed in Firefox 71 and Firefox ESR 68.3 (CVE-2019-17012)\n\n - Mozilla: Bypass of @namespace CSS sanitization during pasting (CVE-2019-17016)\n\n - Mozilla: Type Confusion in XPCVariant.cpp (CVE-2019-17017)\n\n - Mozilla: CSS sanitization does not escape HTML tags (CVE-2019-17022)\n\n - Mozilla: Memory safety bugs fixed in Firefox 72 and Firefox ESR 68.4 (CVE-2019-17024)\n\n - Mozilla: IonMonkey type confusion with StoreElementHole and FallibleStoreElement (CVE-2019-17026)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-17005\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-17008\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-17010\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-17011\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-17012\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-17016\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-17017\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-17022\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-17024\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-17026\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:0295\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1779431\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1779434\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1779435\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1779436\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1779437\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1788723\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1788724\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1788726\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1788727\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1789214\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected firefox package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-17026\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_cwe_id(79, 120, 416, 843);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/12/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/01/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/01/31\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:firefox\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'eq', os_version: os_ver, rhel_version: '8.0')) audit(AUDIT_OS_NOT, 'Red Hat 8.0', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/e4s/rhel8/8.0/ppc64le/appstream/debug',\n 'content/e4s/rhel8/8.0/ppc64le/appstream/os',\n 'content/e4s/rhel8/8.0/ppc64le/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.0/ppc64le/baseos/debug',\n 'content/e4s/rhel8/8.0/ppc64le/baseos/os',\n 'content/e4s/rhel8/8.0/ppc64le/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.0/ppc64le/highavailability/debug',\n 'content/e4s/rhel8/8.0/ppc64le/highavailability/os',\n 'content/e4s/rhel8/8.0/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.0/ppc64le/sap-solutions/debug',\n 'content/e4s/rhel8/8.0/ppc64le/sap-solutions/os',\n 'content/e4s/rhel8/8.0/ppc64le/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.0/ppc64le/sap/debug',\n 'content/e4s/rhel8/8.0/ppc64le/sap/os',\n 'content/e4s/rhel8/8.0/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel8/8.0/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.0/x86_64/appstream/os',\n 'content/e4s/rhel8/8.0/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.0/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.0/x86_64/baseos/os',\n 'content/e4s/rhel8/8.0/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.0/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.0/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.0/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.0/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.0/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.0/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.0/x86_64/sap/debug',\n 'content/e4s/rhel8/8.0/x86_64/sap/os',\n 'content/e4s/rhel8/8.0/x86_64/sap/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'firefox-68.4.1-1.el8_0', 'sp':'0', 'cpu':'ppc64le', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},\n {'reference':'firefox-68.4.1-1.el8_0', 'sp':'0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var subscription_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in the Red Hat Enterprise Linux\\n' +\n 'Update Services for SAP Solutions repository.\\n' +\n 'Access to this repository requires a paid RHEL subscription.\\n';\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = subscription_caveat + rpm_report_get() + redhat_report_repo_caveat();\n else extra = subscription_caveat + rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'firefox');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-25T14:32:13", "description": "The version of Firefox installed on the remote Windows host is prior to 71.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2019-36 advisory.\n\n - When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. (CVE-2019-11745)\n\n - Improper refcounting of soft token session objects could cause a use-after-free and crash (likely limited to a denial of service). (CVE-2019-11756)\n\n - When setting a thread name on Windows in WebRTC, an incorrect number of arguments could have been supplied, leading to stack corruption and a potentially exploitable crash.\n Note: this issue only occurs on Windows. Other operating systems are unaffected. (CVE-2019-13722)\n\n - When using nested workers, a use-after-free could occur during worker destruction. This resulted in a potentially exploitable crash. (CVE-2019-17008)\n\n - When running, the updater service wrote status and log files to an unrestricted location; potentially allowing an unprivileged process to locate and exploit a vulnerability in file handling in the updater service.\n - Note: This attack requires local system access and only affects Windows. Other operating systems are not affected.\n (CVE-2019-17009)\n\n - Under certain conditions, when checking the Resist Fingerprinting preference during device orientation checks, a race condition could have caused a use-after-free and a potentially exploitable crash. (CVE-2019-17010)\n\n - Under certain conditions, when retrieving a document from a DocShell in the antitracking code, a race condition could cause a use-after-free condition and a potentially exploitable crash. (CVE-2019-17011)\n\n - Mozilla developers Christoph Diehl, Nathan Froyd, Jason Kratzer, Christian Holler, Karl Tomlinson, Tyson Smith reported memory safety bugs present in Firefox 70 and Firefox ESR 68.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.\n (CVE-2019-17012)\n\n - Mozilla developers and community members Philipp, Diego Calleja, Mikhail Gavrilov, Jason Kratzer, Christian Holler, Markus Stange, Tyson Smith reported memory safety bugs present in Firefox 70. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. (CVE-2019-17013)\n\n - If an image had not loaded correctly (such as when it is not actually an image), it could be dragged and dropped cross-domain, resulting in a cross-origin information leak.\n (CVE-2019-17014) Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2019-12-06T00:00:00", "type": "nessus", "title": "Mozilla Firefox < 71.0", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11745", "CVE-2019-11756", "CVE-2019-13722", "CVE-2019-17005", "CVE-2019-17008", "CVE-2019-17009", "CVE-2019-17010", "CVE-2019-17011", "CVE-2019-17012", "CVE-2019-17013", "CVE-2019-17014"], "modified": "2020-01-16T00:00:00", "cpe": ["cpe:/a:mozilla:firefox"], "id": "MOZILLA_FIREFOX_71_0.NASL", "href": "https://www.tenable.com/plugins/nessus/131773", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n# The descriptive text and package checks in this plugin were\n# extracted from Mozilla Foundation Security Advisory mfsa2019-36.\n# The text itself is copyright (C) Mozilla Foundation.\n\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(131773);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2020/01/16\");\n\n script_cve_id(\n \"CVE-2019-11745\",\n \"CVE-2019-11756\",\n \"CVE-2019-13722\",\n \"CVE-2019-17005\",\n \"CVE-2019-17008\",\n \"CVE-2019-17009\",\n \"CVE-2019-17010\",\n \"CVE-2019-17011\",\n \"CVE-2019-17012\",\n \"CVE-2019-17013\",\n \"CVE-2019-17014\"\n );\n script_xref(name:\"MFSA\", value:\"2019-36\");\n\n script_name(english:\"Mozilla Firefox < 71.0\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Firefox installed on the remote Windows host is prior\nto 71.0. It is, therefore, affected by multiple vulnerabilities as\nreferenced in the mfsa2019-36 advisory.\n\n - When encrypting with a block cipher, if a call to \n NSC_EncryptUpdate was made with data smaller than the block \n size, a small out of bounds write could occur. This could \n have caused heap corruption and a potentially exploitable \n crash. (CVE-2019-11745)\n\n - Improper refcounting of soft token session objects could \n cause a use-after-free and crash (likely limited to a denial \n of service). (CVE-2019-11756)\n\n - When setting a thread name on Windows in WebRTC, an \n incorrect number of arguments could have been supplied, \n leading to stack corruption and a potentially exploitable \n crash.\n Note: this issue only occurs on Windows. Other operating \n systems are unaffected. (CVE-2019-13722)\n\n - When using nested workers, a use-after-free could occur \n during worker destruction. This resulted in a potentially\n exploitable crash. (CVE-2019-17008)\n\n - When running, the updater service wrote status and log \n files to an unrestricted location; potentially allowing \n an unprivileged process to locate and exploit a \n vulnerability in file handling in the updater service.\n - Note: This attack requires local system access and only \n affects Windows. Other operating systems are not affected.\n (CVE-2019-17009)\n\n - Under certain conditions, when checking the Resist \n Fingerprinting preference during device orientation checks, \n a race condition could have caused a use-after-free and a\n potentially exploitable crash. (CVE-2019-17010)\n\n - Under certain conditions, when retrieving a document from \n a DocShell in the antitracking code, a race condition \n could cause a use-after-free condition and a potentially \n exploitable crash. (CVE-2019-17011)\n\n - Mozilla developers Christoph Diehl, Nathan Froyd, Jason \n Kratzer, Christian Holler, Karl Tomlinson, Tyson Smith \n reported memory safety bugs present in Firefox 70 and \n Firefox ESR 68.2. Some of these bugs showed evidence of \n memory corruption and we presume that with enough effort \n some of these could have been exploited to run arbitrary code.\n (CVE-2019-17012)\n\n - Mozilla developers and community members Philipp, Diego \n Calleja, Mikhail Gavrilov, Jason Kratzer, Christian \n Holler, Markus Stange, Tyson Smith reported memory safety \n bugs present in Firefox 70. Some of these bugs showed \n evidence of memory corruption and we presume that with \n enough effort some of these could have been exploited to \n run arbitrary code. (CVE-2019-17013)\n\n - If an image had not loaded correctly (such as when it is \n not actually an image), it could be dragged and dropped \n cross-domain, resulting in a cross-origin information leak.\n (CVE-2019-17014)\n \nNote that Nessus has not tested for this issue but has instead relied\nonly on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2019-36/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Mozilla Firefox version 71.0 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-17013\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/12/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/06\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:firefox\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"mozilla_org_installed.nasl\");\n script_require_keys(\"Mozilla/Firefox/Version\");\n\n exit(0);\n}\n\ninclude('mozilla_version.inc');\n\nport = get_kb_item(\"SMB/transport\");\nif (!port) port = 445;\n\ninstalls = get_kb_list(\"SMB/Mozilla/Firefox/*\");\nif (isnull(installs)) audit(AUDIT_NOT_INST, \"Firefox\");\n\nmozilla_check_version(installs:installs, product:'firefox', esr:FALSE, fix:'71.0', severity:SECURITY_WARNING);\n\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-21T15:16:01", "description": "Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, conduct cross-site scripting (XSS) attacks, or execute arbitrary code. (CVE-2019-17005, CVE-2019-17008, CVE-2019-17010, CVE-2019-17011, CVE-2019-17012, CVE-2019-17016, CVE-2019-17017, CVE-2019-17022, CVE-2019-17024, CVE-2019-17026)\n\nIt was discovered that NSS incorrectly handled certain memory operations. A remote attacker could potentially exploit this to cause a denial of service, or execute arbitrary code. (CVE-2019-11745).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-01-17T00:00:00", "type": "nessus", "title": "Ubuntu 18.04 LTS : Thunderbird vulnerabilities (USN-4241-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11745", "CVE-2019-17005", "CVE-2019-17008", "CVE-2019-17010", "CVE-2019-17011", "CVE-2019-17012", "CVE-2019-17016", "CVE-2019-17017", "CVE-2019-17022", "CVE-2019-17024", "CVE-2019-17026"], "modified": "2023-10-21T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:thunderbird", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-dev", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-gnome-support", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-af", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-ar", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-ast", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-be", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-bg", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-bn", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-bn-bd", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-br", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-ca", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-cak", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-cs", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-cy", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-da", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-de", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-dsb", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-el", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-en", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-en-gb", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-en-us", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-es", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-es-ar", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-es-es", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-et", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-eu", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-fi", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-fr", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-fy", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-fy-nl", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-ga", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-ga-ie", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-gd", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-gl", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-he", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-hr", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-hsb", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-hu", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-hy", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-id", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-is", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-it", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-ja", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-ka", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-kab", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-kk", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-ko", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-lt", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-mk", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-ms", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-nb", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-nb-no", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-nl", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-nn", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-nn-no", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-pa", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-pa-in", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-pl", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-pt", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-pt-br", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-pt-pt", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-rm", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-ro", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-ru", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-si", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-sk", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-sl", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-sq", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-sr", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-sv", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-sv-se", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-ta", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-ta-lk", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-tr", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-uk", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-uz", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-vi", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-zh-cn", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-zh-hans", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-zh-hant", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-zh-tw", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-mozsymbols", "p-cpe:/a:canonical:ubuntu_linux:xul-ext-calendar-timezones", "p-cpe:/a:canonical:ubuntu_linux:xul-ext-gdata-provider", "p-cpe:/a:canonical:ubuntu_linux:xul-ext-lightning", "cpe:/o:canonical:ubuntu_linux:18.04:-:lts"], "id": "UBUNTU_USN-4241-1.NASL", "href": "https://www.tenable.com/plugins/nessus/133040", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4241-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(133040);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/21\");\n\n script_cve_id(\n \"CVE-2019-11745\",\n \"CVE-2019-17005\",\n \"CVE-2019-17008\",\n \"CVE-2019-17010\",\n \"CVE-2019-17011\",\n \"CVE-2019-17012\",\n \"CVE-2019-17016\",\n \"CVE-2019-17017\",\n \"CVE-2019-17022\",\n \"CVE-2019-17024\",\n \"CVE-2019-17026\"\n );\n script_xref(name:\"USN\", value:\"4241-1\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0007\");\n\n script_name(english:\"Ubuntu 18.04 LTS : Thunderbird vulnerabilities (USN-4241-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"Multiple security issues were discovered in Thunderbird. If a user\nwere tricked in to opening a specially crafted website in a browsing\ncontext, an attacker could potentially exploit these to cause a denial\nof service, conduct cross-site scripting (XSS) attacks, or execute\narbitrary code. (CVE-2019-17005, CVE-2019-17008, CVE-2019-17010,\nCVE-2019-17011, CVE-2019-17012, CVE-2019-17016, CVE-2019-17017,\nCVE-2019-17022, CVE-2019-17024, CVE-2019-17026)\n\nIt was discovered that NSS incorrectly handled certain memory\noperations. A remote attacker could potentially exploit this to cause\na denial of service, or execute arbitrary code. (CVE-2019-11745).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-4241-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-17026\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/01/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/01/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/01/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-gnome-support\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-af\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-ar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-ast\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-be\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-bg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-bn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-bn-bd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-br\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-ca\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-cak\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-cs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-cy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-da\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-de\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-dsb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-en\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-en-gb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-en-us\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-es\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-es-ar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-es-es\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-et\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-eu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-fi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-fr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-fy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-fy-nl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-ga\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-ga-ie\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-gl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-he\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-hr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-hsb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-hu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-hy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-id\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-is\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-it\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-ja\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-ka\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-kab\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-kk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-ko\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-lt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-mk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-ms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-nb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-nb-no\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-nl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-nn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-nn-no\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-pa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-pa-in\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-pl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-pt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-pt-br\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-pt-pt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-rm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-ro\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-ru\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-si\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-sk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-sl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-sq\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-sr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-sv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-sv-se\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-ta\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-ta-lk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-tr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-uk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-uz\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-vi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-zh-cn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-zh-hans\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-zh-hant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-zh-tw\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-mozsymbols\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:xul-ext-calendar-timezones\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:xul-ext-gdata-provider\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:xul-ext-lightning\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2020-2023 Canonical, Inc. / NASL script (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nos_release = chomp(os_release);\nif (! ('18.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 18.04', 'Ubuntu ' + os_release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar pkgs = [\n {'osver': '18.04', 'pkgname': 'thunderbird', 'pkgver': '1:68.4.1+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-dev', 'pkgver': '1:68.4.1+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-gnome-support', 'pkgver': '1:68.4.1+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-af', 'pkgver': '1:68.4.1+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-ar', 'pkgver': '1:68.4.1+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-ast', 'pkgver': '1:68.4.1+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-be', 'pkgver': '1:68.4.1+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-bg', 'pkgver': '1:68.4.1+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-bn', 'pkgver': '1:68.4.1+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-bn-bd', 'pkgver': '1:68.4.1+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-br', 'pkgver': '1:68.4.1+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-ca', 'pkgver': '1:68.4.1+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-cak', 'pkgver': '1:68.4.1+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-cs', 'pkgver': '1:68.4.1+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-cy', 'pkgver': '1:68.4.1+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-da', 'pkgver': '1:68.4.1+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-de', 'pkgver': '1:68.4.1+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-dsb', 'pkgver': '1:68.4.1+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-el', 'pkgver': '1:68.4.1+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-en', 'pkgver': '1:68.4.1+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-en-gb', 'pkgver': '1:68.4.1+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-en-us', 'pkgver': '1:68.4.1+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-es', 'pkgver': '1:68.4.1+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-es-ar', 'pkgver': '1:68.4.1+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-es-es', 'pkgver': '1:68.4.1+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-et', 'pkgver': '1:68.4.1+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-eu', 'pkgver': '1:68.4.1+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-fi', 'pkgver': '1:68.4.1+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-fr', 'pkgver': '1:68.4.1+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-fy', 'pkgver': '1:68.4.1+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-fy-nl', 'pkgver': '1:68.4.1+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-ga', 'pkgver': '1:68.4.1+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-ga-ie', 'pkgver': '1:68.4.1+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-gd', 'pkgver': '1:68.4.1+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-gl', 'pkgver': '1:68.4.1+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-he', 'pkgver': '1:68.4.1+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-hr', 'pkgver': '1:68.4.1+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-hsb', 'pkgver': '1:68.4.1+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-hu', 'pkgver': '1:68.4.1+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-hy', 'pkgver': '1:68.4.1+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-id', 'pkgver': '1:68.4.1+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-is', 'pkgver': '1:68.4.1+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-it', 'pkgver': '1:68.4.1+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-ja', 'pkgver': '1:68.4.1+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-ka', 'pkgver': '1:68.4.1+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-kab', 'pkgver': '1:68.4.1+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-kk', 'pkgver': '1:68.4.1+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-ko', 'pkgver': '1:68.4.1+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-lt', 'pkgver': '1:68.4.1+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-mk', 'pkgver': '1:68.4.1+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-ms', 'pkgver': '1:68.4.1+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-nb', 'pkgver': '1:68.4.1+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-nb-no', 'pkgver': '1:68.4.1+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-nl', 'pkgver': '1:68.4.1+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-nn', 'pkgver': '1:68.4.1+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-nn-no', 'pkgver': '1:68.4.1+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-pa', 'pkgver': '1:68.4.1+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-pa-in', 'pkgver': '1:68.4.1+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-pl', 'pkgver': '1:68.4.1+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-pt', 'pkgver': '1:68.4.1+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-pt-br', 'pkgver': '1:68.4.1+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-pt-pt', 'pkgver': '1:68.4.1+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-rm', 'pkgver': '1:68.4.1+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-ro', 'pkgver': '1:68.4.1+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-ru', 'pkgver': '1:68.4.1+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-si', 'pkgver': '1:68.4.1+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-sk', 'pkgver': '1:68.4.1+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-sl', 'pkgver': '1:68.4.1+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-sq', 'pkgver': '1:68.4.1+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-sr', 'pkgver': '1:68.4.1+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-sv', 'pkgver': '1:68.4.1+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-sv-se', 'pkgver': '1:68.4.1+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-ta', 'pkgver': '1:68.4.1+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-ta-lk', 'pkgver': '1:68.4.1+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-tr', 'pkgver': '1:68.4.1+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-uk', 'pkgver': '1:68.4.1+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-uz', 'pkgver': '1:68.4.1+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-vi', 'pkgver': '1:68.4.1+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-zh-cn', 'pkgver': '1:68.4.1+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-zh-hans', 'pkgver': '1:68.4.1+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-zh-hant', 'pkgver': '1:68.4.1+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-zh-tw', 'pkgver': '1:68.4.1+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-mozsymbols', 'pkgver': '1:68.4.1+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'xul-ext-calendar-timezones', 'pkgver': '1:68.4.1+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'xul-ext-gdata-provider', 'pkgver': '1:68.4.1+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'xul-ext-lightning', 'pkgver': '1:68.4.1+build1-0ubuntu0.18.04.1'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var osver = NULL;\n var pkgname = NULL;\n var pkgver = NULL;\n if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];\n if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];\n if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];\n if (osver && pkgname && pkgver) {\n if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'thunderbird / thunderbird-dev / thunderbird-gnome-support / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:55:07", "description": "The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has firefox packages installed that are affected by multiple vulnerabilities:\n\n - When following the value's prototype chain, it was possible to retain a reference to a locale, delete it, and subsequently reference it. This resulted in a use- after-free and a potentially exploitable crash. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR < 68.2. (CVE-2019-11757)\n\n - Mozilla community member Philipp reported a memory safety bug present in Firefox 68 when 360 Total Security was installed. This bug showed evidence of memory corruption in the accessibility engine and we presume that with enough effort that it could be exploited to run arbitrary code. This vulnerability affects Firefox < 69, Thunderbird < 68.2, and Firefox ESR < 68.2.\n (CVE-2019-11758)\n\n - If two same-origin documents set document.domain differently to become cross-origin, it was possible for them to call arbitrary DOM methods/getters/setters on the now-cross-origin window. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR < 68.2. (CVE-2019-11762)\n\n - Failure to correctly handle null bytes when processing HTML entities resulted in Firefox incorrectly parsing these entities. This could have led to HTML comment text being treated as HTML which could have led to XSS in a web application under certain conditions. It could have also led to HTML entities being masked from filters - enabling the use of entities to mask the actual characters of interest from filters. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR < 68.2. (CVE-2019-11763)\n\n - Mozilla developers and community members reported memory safety bugs present in Firefox 69 and Firefox ESR 68.1.\n Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR < 68.2. (CVE-2019-11764)\n\n - An attacker could have caused 4 bytes of HMAC output to be written past the end of a buffer stored on the stack.\n This could be used by an attacker to execute arbitrary code or more likely lead to a crash. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR < 68.2. (CVE-2019-11759)\n\n - A fixed-size stack buffer could overflow in nrappkit when doing WebRTC signaling. This resulted in a potentially exploitable crash in some instances. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR < 68.2. (CVE-2019-11760)\n\n - By using a form with a data URI it was possible to gain access to the privileged JSONView object that had been cloned into content. Impact from exposing this object appears to be minimal, however it was a bypass of existing defense in depth mechanisms. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR < 68.2. (CVE-2019-11761)\n\n - Under certain conditions, when checking the Resist Fingerprinting preference during device orientation checks, a race condition could have caused a use-after- free and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71. (CVE-2019-17010)\n\n - Under certain conditions, when retrieving a document from a DocShell in the antitracking code, a race condition could cause a use-after-free condition and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71. (CVE-2019-17011)\n\n - Mozilla developers reported memory safety bugs present in Firefox 70 and Firefox ESR 68.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71. (CVE-2019-17012)\n\n - When using nested workers, a use-after-free could occur during worker destruction. This resulted in a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71. (CVE-2019-17008)\n\n - The plain text serializer used a fixed-size array for the number of elements it could process; however it was possible to overflow the static-sized array leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71. (CVE-2019-17005)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-01-20T00:00:00", "type": "nessus", "title": "NewStart CGSL CORE 5.05 / MAIN 5.05 : firefox Multiple Vulnerabilities (NS-SA-2020-0004)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11757", "CVE-2019-11758", "CVE-2019-11759", "CVE-2019-11760", "CVE-2019-11761", "CVE-2019-11762", "CVE-2019-11763", "CVE-2019-11764", "CVE-2019-17005", "CVE-2019-17008", "CVE-2019-17010", "CVE-2019-17011", "CVE-2019-17012"], "modified": "2021-01-14T00:00:00", "cpe": [], "id": "NEWSTART_CGSL_NS-SA-2020-0004_FIREFOX.NASL", "href": "https://www.tenable.com/plugins/nessus/133080", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\n\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2020-0004. The text\n# itself is copyright (C) ZTE, Inc.\n\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(133080);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\n \"CVE-2019-11757\",\n \"CVE-2019-11758\",\n \"CVE-2019-11759\",\n \"CVE-2019-11760\",\n \"CVE-2019-11761\",\n \"CVE-2019-11762\",\n \"CVE-2019-11763\",\n \"CVE-2019-11764\",\n \"CVE-2019-17005\",\n \"CVE-2019-17008\",\n \"CVE-2019-17010\",\n \"CVE-2019-17011\",\n \"CVE-2019-17012\"\n );\n\n script_name(english:\"NewStart CGSL CORE 5.05 / MAIN 5.05 : firefox Multiple Vulnerabilities (NS-SA-2020-0004)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote machine is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has firefox packages installed that are affected\nby multiple vulnerabilities:\n\n - When following the value's prototype chain, it was\n possible to retain a reference to a locale, delete it,\n and subsequently reference it. This resulted in a use-\n after-free and a potentially exploitable crash. This\n vulnerability affects Firefox < 70, Thunderbird < 68.2,\n and Firefox ESR < 68.2. (CVE-2019-11757)\n\n - Mozilla community member Philipp reported a memory\n safety bug present in Firefox 68 when 360 Total Security\n was installed. This bug showed evidence of memory\n corruption in the accessibility engine and we presume\n that with enough effort that it could be exploited to\n run arbitrary code. This vulnerability affects Firefox <\n 69, Thunderbird < 68.2, and Firefox ESR < 68.2.\n (CVE-2019-11758)\n\n - If two same-origin documents set document.domain\n differently to become cross-origin, it was possible for\n them to call arbitrary DOM methods/getters/setters on\n the now-cross-origin window. This vulnerability affects\n Firefox < 70, Thunderbird < 68.2, and Firefox ESR <\n 68.2. (CVE-2019-11762)\n\n - Failure to correctly handle null bytes when processing\n HTML entities resulted in Firefox incorrectly parsing\n these entities. This could have led to HTML comment text\n being treated as HTML which could have led to XSS in a\n web application under certain conditions. It could have\n also led to HTML entities being masked from filters -\n enabling the use of entities to mask the actual\n characters of interest from filters. This vulnerability\n affects Firefox < 70, Thunderbird < 68.2, and Firefox\n ESR < 68.2. (CVE-2019-11763)\n\n - Mozilla developers and community members reported memory\n safety bugs present in Firefox 69 and Firefox ESR 68.1.\n Some of these bugs showed evidence of memory corruption\n and we presume that with enough effort some of these\n could be exploited to run arbitrary code. This\n vulnerability affects Firefox < 70, Thunderbird < 68.2,\n and Firefox ESR < 68.2. (CVE-2019-11764)\n\n - An attacker could have caused 4 bytes of HMAC output to\n be written past the end of a buffer stored on the stack.\n This could be used by an attacker to execute arbitrary\n code or more likely lead to a crash. This vulnerability\n affects Firefox < 70, Thunderbird < 68.2, and Firefox\n ESR < 68.2. (CVE-2019-11759)\n\n - A fixed-size stack buffer could overflow in nrappkit\n when doing WebRTC signaling. This resulted in a\n potentially exploitable crash in some instances. This\n vulnerability affects Firefox < 70, Thunderbird < 68.2,\n and Firefox ESR < 68.2. (CVE-2019-11760)\n\n - By using a form with a data URI it was possible to gain\n access to the privileged JSONView object that had been\n cloned into content. Impact from exposing this object\n appears to be minimal, however it was a bypass of\n existing defense in depth mechanisms. This vulnerability\n affects Firefox < 70, Thunderbird < 68.2, and Firefox\n ESR < 68.2. (CVE-2019-11761)\n\n - Under certain conditions, when checking the Resist\n Fingerprinting preference during device orientation\n checks, a race condition could have caused a use-after-\n free and a potentially exploitable crash. This\n vulnerability affects Thunderbird < 68.3, Firefox ESR <\n 68.3, and Firefox < 71. (CVE-2019-17010)\n\n - Under certain conditions, when retrieving a document\n from a DocShell in the antitracking code, a race\n condition could cause a use-after-free condition and a\n potentially exploitable crash. This vulnerability\n affects Thunderbird < 68.3, Firefox ESR < 68.3, and\n Firefox < 71. (CVE-2019-17011)\n\n - Mozilla developers reported memory safety bugs present\n in Firefox 70 and Firefox ESR 68.2. Some of these bugs\n showed evidence of memory corruption and we presume that\n with enough effort some of these could have been\n exploited to run arbitrary code. This vulnerability\n affects Thunderbird < 68.3, Firefox ESR < 68.3, and\n Firefox < 71. (CVE-2019-17012)\n\n - When using nested workers, a use-after-free could occur\n during worker destruction. This resulted in a\n potentially exploitable crash. This vulnerability\n affects Thunderbird < 68.3, Firefox ESR < 68.3, and\n Firefox < 71. (CVE-2019-17008)\n\n - The plain text serializer used a fixed-size array for\n the number of elements it could process; however it\n was possible to overflow the static-sized array leading\n to memory corruption and a potentially exploitable\n crash. This vulnerability affects Thunderbird < 68.3,\n Firefox ESR < 68.3, and Firefox < 71. (CVE-2019-17005)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2020-0004\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL firefox packages. Note that updated packages may not be available yet. Please contact ZTE\nfor more information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-17012\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/01/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/01/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/01/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/ZTE-CGSL/release\");\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, \"NewStart Carrier Grade Server Linux\");\n\nif (release !~ \"CGSL CORE 5.05\" &&\n release !~ \"CGSL MAIN 5.05\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL CORE 5.05 / NewStart CGSL MAIN 5.05');\n\nif (!get_kb_item(\"Host/ZTE-CGSL/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"NewStart Carrier Grade Server Linux\", cpu);\n\nflag = 0;\n\npkgs = {\n \"CGSL CORE 5.05\": [\n \"firefox-68.3.0-1.el7.centos\",\n \"firefox-debuginfo-68.3.0-1.el7.centos\"\n ],\n \"CGSL MAIN 5.05\": [\n \"firefox-68.3.0-1.el7.centos\",\n \"firefox-debuginfo-68.3.0-1.el7.centos\"\n ]\n};\npkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:\"ZTE \" + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-20T14:14:07", "description": "The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has thunderbird packages installed that are affected by multiple vulnerabilities:\n\n - In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer over-read.\n (CVE-2019-15903)\n\n - When following the value's prototype chain, it was possible to retain a reference to a locale, delete it, and subsequently reference it. This resulted in a use- after-free and a potentially exploitable crash. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR < 68.2. (CVE-2019-11757)\n\n - Mozilla community member Philipp reported a memory safety bug present in Firefox 68 when 360 Total Security was installed. This bug showed evidence of memory corruption in the accessibility engine and we presume that with enough effort that it could be exploited to run arbitrary code. This vulnerability affects Firefox < 69, Thunderbird < 68.2, and Firefox ESR < 68.2.\n (CVE-2019-11758)\n\n - If two same-origin documents set document.domain differently to become cross-origin, it was possible for them to call arbitrary DOM methods/getters/setters on the now-cross-origin window. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR < 68.2. (CVE-2019-11762)\n\n - Failure to correctly handle null bytes when processing HTML entities resulted in Firefox incorrectly parsing these entities. This could have led to HTML comment text being treated as HTML which could have led to XSS in a web application under certain conditions. It could have also led to HTML entities being masked from filters - enabling the use of entities to mask the actual characters of interest from filters. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR < 68.2. (CVE-2019-11763)\n\n - Mozilla developers and community members reported memory safety bugs present in Firefox 69 and Firefox ESR 68.1.\n Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR < 68.2. (CVE-2019-11764)\n\n - An attacker could have caused 4 bytes of HMAC output to be written past the end of a buffer stored on the stack.\n This could be used by an attacker to execute arbitrary code or more likely lead to a crash. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR < 68.2. (CVE-2019-11759)\n\n - A fixed-size stack buffer could overflow in nrappkit when doing WebRTC signaling. This resulted in a potentially exploitable crash in some instances. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR < 68.2. (CVE-2019-11760)\n\n - By using a form with a data URI it was possible to gain access to the privileged JSONView object that had been cloned into content. Impact from exposing this object appears to be minimal, however it was a bypass of existing defense in depth mechanisms. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR < 68.2. (CVE-2019-11761)\n\n - Under certain conditions, when checking the Resist Fingerprinting preference during device orientation checks, a race condition could have caused a use-after- free and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71. (CVE-2019-17010)\n\n - Under certain conditions, when retrieving a document from a DocShell in the antitracking code, a race condition could cause a use-after-free condition and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71. (CVE-2019-17011)\n\n - Mozilla developers reported memory safety bugs present in Firefox 70 and Firefox ESR 68.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71. (CVE-2019-17012)\n\n - When using nested workers, a use-after-free could occur during worker destruction. This resulted in a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71. (CVE-2019-17008)\n\n - The plain text serializer used a fixed-size array for the number of elements it could process; however it was possible to overflow the static-sized array leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71. (CVE-2019-17005)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-01-20T00:00:00", "type": "nessus", "title": "NewStart CGSL CORE 5.05 / MAIN 5.05 : thunderbird Multiple Vulnerabilities (NS-SA-2020-0003)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11757", "CVE-2019-11758", "CVE-2019-11759", "CVE-2019-11760", "CVE-2019-11761", "CVE-2019-11762", "CVE-2019-11763", "CVE-2019-11764", "CVE-2019-15903", "CVE-2019-17005", "CVE-2019-17008", "CVE-2019-17010", "CVE-2019-17011", "CVE-2019-17012"], "modified": "2021-01-14T00:00:00", "cpe": [], "id": "NEWSTART_CGSL_NS-SA-2020-0003_THUNDERBIRD.NASL", "href": "https://www.tenable.com/plugins/nessus/133071", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\n\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2020-0003. The text\n# itself is copyright (C) ZTE, Inc.\n\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(133071);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\n \"CVE-2019-11757\",\n \"CVE-2019-11758\",\n \"CVE-2019-11759\",\n \"CVE-2019-11760\",\n \"CVE-2019-11761\",\n \"CVE-2019-11762\",\n \"CVE-2019-11763\",\n \"CVE-2019-11764\",\n \"CVE-2019-15903\",\n \"CVE-2019-17005\",\n \"CVE-2019-17008\",\n \"CVE-2019-17010\",\n \"CVE-2019-17011\",\n \"CVE-2019-17012\"\n );\n\n script_name(english:\"NewStart CGSL CORE 5.05 / MAIN 5.05 : thunderbird Multiple Vulnerabilities (NS-SA-2020-0003)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote machine is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has thunderbird packages installed that are\naffected by multiple vulnerabilities:\n\n - In libexpat before 2.2.8, crafted XML input could fool\n the parser into changing from DTD parsing to document\n parsing too early; a consecutive call to\n XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber)\n then resulted in a heap-based buffer over-read.\n (CVE-2019-15903)\n\n - When following the value's prototype chain, it was\n possible to retain a reference to a locale, delete it,\n and subsequently reference it. This resulted in a use-\n after-free and a potentially exploitable crash. This\n vulnerability affects Firefox < 70, Thunderbird < 68.2,\n and Firefox ESR < 68.2. (CVE-2019-11757)\n\n - Mozilla community member Philipp reported a memory\n safety bug present in Firefox 68 when 360 Total Security\n was installed. This bug showed evidence of memory\n corruption in the accessibility engine and we presume\n that with enough effort that it could be exploited to\n run arbitrary code. This vulnerability affects Firefox <\n 69, Thunderbird < 68.2, and Firefox ESR < 68.2.\n (CVE-2019-11758)\n\n - If two same-origin documents set document.domain\n differently to become cross-origin, it was possible for\n them to call arbitrary DOM methods/getters/setters on\n the now-cross-origin window. This vulnerability affects\n Firefox < 70, Thunderbird < 68.2, and Firefox ESR <\n 68.2. (CVE-2019-11762)\n\n - Failure to correctly handle null bytes when processing\n HTML entities resulted in Firefox incorrectly parsing\n these entities. This could have led to HTML comment text\n being treated as HTML which could have led to XSS in a\n web application under certain conditions. It could have\n also led to HTML entities being masked from filters -\n enabling the use of entities to mask the actual\n characters of interest from filters. This vulnerability\n affects Firefox < 70, Thunderbird < 68.2, and Firefox\n ESR < 68.2. (CVE-2019-11763)\n\n - Mozilla developers and community members reported memory\n safety bugs present in Firefox 69 and Firefox ESR 68.1.\n Some of these bugs showed evidence of memory corruption\n and we presume that with enough effort some of these\n could be exploited to run arbitrary code. This\n vulnerability affects Firefox < 70, Thunderbird < 68.2,\n and Firefox ESR < 68.2. (CVE-2019-11764)\n\n - An attacker could have caused 4 bytes of HMAC output to\n be written past the end of a buffer stored on the stack.\n This could be used by an attacker to execute arbitrary\n code or more likely lead to a crash. This vulnerability\n affects Firefox < 70, Thunderbird < 68.2, and Firefox\n ESR < 68.2. (CVE-2019-11759)\n\n - A fixed-size stack buffer could overflow in nrappkit\n when doing WebRTC signaling. This resulted in a\n potentially exploitable crash in some instances. This\n vulnerability affects Firefox < 70, Thunderbird < 68.2,\n and Firefox ESR < 68.2. (CVE-2019-11760)\n\n - By using a form with a data URI it was possible to gain\n access to the privileged JSONView object that had been\n cloned into content. Impact from exposing this object\n appears to be minimal, however it was a bypass of\n existing defense in depth mechanisms. This vulnerability\n affects Firefox < 70, Thunderbird < 68.2, and Firefox\n ESR < 68.2. (CVE-2019-11761)\n\n - Under certain conditions, when checking the Resist\n Fingerprinting preference during device orientation\n checks, a race condition could have caused a use-after-\n free and a potentially exploitable crash. This\n vulnerability affects Thunderbird < 68.3, Firefox ESR <\n 68.3, and Firefox < 71. (CVE-2019-17010)\n\n - Under certain conditions, when retrieving a document\n from a DocShell in the antitracking code, a race\n condition could cause a use-after-free condition and a\n potentially exploitable crash. This vulnerability\n affects Thunderbird < 68.3, Firefox ESR < 68.3, and\n Firefox < 71. (CVE-2019-17011)\n\n - Mozilla developers reported memory safety bugs present\n in Firefox 70 and Firefox ESR 68.2. Some of these bugs\n showed evidence of memory corruption and we presume that\n with enough effort some of these could have been\n exploited to run arbitrary code. This vulnerability\n affects Thunderbird < 68.3, Firefox ESR < 68.3, and\n Firefox < 71. (CVE-2019-17012)\n\n - When using nested workers, a use-after-free could occur\n during worker destruction. This resulted in a\n potentially exploitable crash. This vulnerability\n affects Thunderbird < 68.3, Firefox ESR < 68.3, and\n Firefox < 71. (CVE-2019-17008)\n\n - The plain text serializer used a fixed-size array for\n the number of elements it could process; however it\n was possible to overflow the static-sized array leading\n to memory corruption and a potentially exploitable\n crash. This vulnerability affects Thunderbird < 68.3,\n Firefox ESR < 68.3, and Firefox < 71. (CVE-2019-17005)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2020-0003\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL thunderbird packages. Note that updated packages may not be available yet. Please contact\nZTE for more information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-17012\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/09/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/01/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/01/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/ZTE-CGSL/release\");\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, \"NewStart Carrier Grade Server Linux\");\n\nif (release !~ \"CGSL CORE 5.05\" &&\n release !~ \"CGSL MAIN 5.05\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL CORE 5.05 / NewStart CGSL MAIN 5.05');\n\nif (!get_kb_item(\"Host/ZTE-CGSL/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"NewStart Carrier Grade Server Linux\", cpu);\n\nflag = 0;\n\npkgs = {\n \"CGSL CORE 5.05\": [\n \"thunderbird-68.3.0-1.el7.centos\",\n \"thunderbird-debuginfo-68.3.0-1.el7.centos\"\n ],\n \"CGSL MAIN 5.05\": [\n \"thunderbird-68.3.0-1.el7.centos\",\n \"thunderbird-debuginfo-68.3.0-1.el7.centos\"\n ]\n};\npkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:\"ZTE \" + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"thunderbird\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-07T15:55:22", "description": "The version of Mozilla Firefox installed on the remote Windows host is prior to 52.0.1. It is, therefore, affected by an integer overflow condition in the nsGlobalWindow::CreateImageBitmap() function within file dom/base/nsGlobalWindow.cpp due to improper validation of certain input. An unauthenticated, remote attacker can exploit this to corrupt memory, possibly resulting in the execution of arbitrary code.\n\nNote that this function runs in the content sandbox, requiring a second vulnerability to compromise a user's computer.", "cvss3": {}, "published": "2017-03-31T00:00:00", "type": "nessus", "title": "Mozilla Firefox < 52.0.1 CreateImageBitmap RCE", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5428"], "modified": "2019-11-13T00:00:00", "cpe": ["cpe:/a:mozilla:firefox"], "id": "MOZILLA_FIREFOX_52_0_1.NASL", "href": "https://www.tenable.com/plugins/nessus/99125", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(99125);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2019/11/13\");\n\n script_cve_id(\"CVE-2017-5428\");\n script_bugtraq_id(96959);\n script_xref(name:\"MFSA\", value:\"2017-08\");\n\n script_name(english:\"Mozilla Firefox < 52.0.1 CreateImageBitmap RCE\");\n script_summary(english:\"Checks the version of Firefox.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host contains a web browser that is affected by\na remote code execution vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Mozilla Firefox installed on the remote Windows host is\nprior to 52.0.1. It is, therefore, affected by an integer overflow\ncondition in the nsGlobalWindow::CreateImageBitmap() function within\nfile dom/base/nsGlobalWindow.cpp due to improper validation of certain\ninput. An unauthenticated, remote attacker can exploit this to corrupt\nmemory, possibly resulting in the execution of arbitrary code.\n\nNote that this function runs in the content sandbox, requiring a\nsecond vulnerability to compromise a user's computer.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2017-08/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Mozilla Firefox version 52.0.1 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-5428\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/03/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/03/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/03/31\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:firefox\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"mozilla_org_installed.nasl\");\n script_require_keys(\"Mozilla/Firefox/Version\");\n\n exit(0);\n}\n\ninclude(\"mozilla_version.inc\");\n\nport = get_kb_item(\"SMB/transport\");\nif (!port) port = 445;\n\ninstalls = get_kb_list(\"SMB/Mozilla/Firefox/*\");\nif (isnull(installs)) audit(AUDIT_NOT_INST, \"Firefox\");\n\nmozilla_check_version(installs:installs, product:'firefox', fix:'52.0.1', severity:SECURITY_HOLE);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-08T14:58:10", "description": "An update for firefox is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nMozilla Firefox is an open source web browser.\n\nSecurity Fix(es) :\n\n* A flaw was found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2017-5428)\n\nRed Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Chaitin Security Research Lab via Trend Micro's Zero Day Initiative as the original reporters.\n\nNote that Tenable Network Security has attempted to extract the preceding description block directly from the corresponding Red Hat security advisory. Virtuozzo provides no description for VZLSA advisories. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-07-13T00:00:00", "type": "nessus", "title": "Virtuozzo 7 : firefox (VZLSA-2017-0558)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5428"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:virtuozzo:virtuozzo:firefox", "cpe:/o:virtuozzo:virtuozzo:7"], "id": "VIRTUOZZO_VZLSA-2017-0558.NASL", "href": "https://www.tenable.com/plugins/nessus/101439", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(101439);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\n \"CVE-2017-5428\"\n );\n\n script_name(english:\"Virtuozzo 7 : firefox (VZLSA-2017-0558)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Virtuozzo host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update for firefox is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Critical. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nMozilla Firefox is an open source web browser.\n\nSecurity Fix(es) :\n\n* A flaw was found in the processing of malformed web content. A web\npage containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning Firefox. (CVE-2017-5428)\n\nRed Hat would like to thank the Mozilla project for reporting this\nissue. Upstream acknowledges Chaitin Security Research Lab via Trend\nMicro's Zero Day Initiative as the original reporters.\n\nNote that Tenable Network Security has attempted to extract the\npreceding description block directly from the corresponding Red Hat\nsecurity advisory. Virtuozzo provides no description for VZLSA\nadvisories. Tenable has attempted to automatically clean and format\nit as much as possible without introducing additional issues.\");\n # http://repo.virtuozzo.com/vzlinux/announcements/json/VZLSA-2017-0558.json\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?de10e00c\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2017-0558\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected firefox package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:ND\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:X\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/03/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:virtuozzo:virtuozzo:7\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/07/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Virtuozzo Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Virtuozzo/release\", \"Host/Virtuozzo/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/Virtuozzo/release\");\nif (isnull(release) || \"Virtuozzo\" >!< release) audit(AUDIT_OS_NOT, \"Virtuozzo\");\nos_ver = pregmatch(pattern: \"Virtuozzo Linux release ([0-9]+\\.[0-9])(\\D|$)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Virtuozzo\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Virtuozzo 7.x\", \"Virtuozzo \" + os_ver);\n\nif (!get_kb_item(\"Host/Virtuozzo/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Virtuozzo\", cpu);\n\nflag = 0;\n\npkgs = [\"firefox-52.0-5.vl7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"Virtuozzo-7\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-08T14:52:00", "description": "Mozilla Firefox was updated to 52.0.1 to fix one security issue :\n\n - CVE-2017-5428: integer overflow in createImageBitmap() (boo#1029822, MFSA 2017-08)", "cvss3": {}, "published": "2017-03-21T00:00:00", "type": "nessus", "title": "openSUSE Security Update : Mozilla Firefox (openSUSE-2017-368)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5428"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:mozillafirefox", "p-cpe:/a:novell:opensuse:mozillafirefox-branding-upstream", "p-cpe:/a:novell:opensuse:mozillafirefox-buildsymbols", "p-cpe:/a:novell:opensuse:mozillafirefox-debuginfo", "p-cpe:/a:novell:opensuse:mozillafirefox-debugsource", "p-cpe:/a:novell:opensuse:mozillafirefox-devel", "p-cpe:/a:novell:opensuse:mozillafirefox-translations-common", "p-cpe:/a:novell:opensuse:mozillafirefox-translations-other", "cpe:/o:novell:opensuse:42.1", "cpe:/o:novell:opensuse:42.2"], "id": "OPENSUSE-2017-368.NASL", "href": "https://www.tenable.com/plugins/nessus/97843", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2017-368.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(97843);\n script_version(\"3.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2017-5428\");\n\n script_name(english:\"openSUSE Security Update : Mozilla Firefox (openSUSE-2017-368)\");\n script_summary(english:\"Check for the openSUSE-2017-368 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Mozilla Firefox was updated to 52.0.1 to fix one security issue :\n\n - CVE-2017-5428: integer overflow in createImageBitmap()\n (boo#1029822, MFSA 2017-08)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1029822\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected Mozilla Firefox packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-branding-upstream\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-buildsymbols\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/03/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/03/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.1|SUSE42\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.1 / 42.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"MozillaFirefox-52.0.1-58.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"MozillaFirefox-branding-upstream-52.0.1-58.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"MozillaFirefox-buildsymbols-52.0.1-58.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"MozillaFirefox-debuginfo-52.0.1-58.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"MozillaFirefox-debugsource-52.0.1-58.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"MozillaFirefox-devel-52.0.1-58.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"MozillaFirefox-translations-common-52.0.1-58.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"MozillaFirefox-translations-other-52.0.1-58.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"MozillaFirefox-52.0.1-57.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"MozillaFirefox-branding-upstream-52.0.1-57.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"MozillaFirefox-buildsymbols-52.0.1-57.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"MozillaFirefox-debuginfo-52.0.1-57.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"MozillaFirefox-debugsource-52.0.1-57.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"MozillaFirefox-devel-52.0.1-57.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"MozillaFirefox-translations-common-52.0.1-57.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"MozillaFirefox-translations-other-52.0.1-57.3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MozillaFirefox / MozillaFirefox-branding-upstream / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-08T14:52:01", "description": "From Red Hat Security Advisory 2017:0558 :\n\nAn update for firefox is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nMozilla Firefox is an open source web browser.\n\nSecurity Fix(es) :\n\n* A flaw was found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2017-5428)\n\nRed Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Chaitin Security Research Lab via Trend Micro's Zero Day Initiative as the original reporters.", "cvss3": {}, "published": "2017-03-20T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : firefox (ELSA-2017-0558)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5428"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:firefox", "cpe:/o:oracle:linux:7"], "id": "ORACLELINUX_ELSA-2017-0558.NASL", "href": "https://www.tenable.com/plugins/nessus/97820", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2017:0558 and \n# Oracle Linux Security Advisory ELSA-2017-0558 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(97820);\n script_version(\"3.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2017-5428\");\n script_xref(name:\"RHSA\", value:\"2017:0558\");\n\n script_name(english:\"Oracle Linux 7 : firefox (ELSA-2017-0558)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Oracle Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"From Red Hat Security Advisory 2017:0558 :\n\nAn update for firefox is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Critical. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nMozilla Firefox is an open source web browser.\n\nSecurity Fix(es) :\n\n* A flaw was found in the processing of malformed web content. A web\npage containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning Firefox. (CVE-2017-5428)\n\nRed Hat would like to thank the Mozilla project for reporting this\nissue. Upstream acknowledges Chaitin Security Research Lab via Trend\nMicro's Zero Day Initiative as the original reporters.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2017-March/006787.html\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected firefox package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/06/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/03/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/03/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"firefox-52.0-5.0.1.el7_3\", allowmaj:TRUE)) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-08T14:52:17", "description": "An integer overflow was discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could exploit this to cause a denial of service via application crash or execute arbitrary code. (CVE-2017-5428).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-03-21T00:00:00", "type": "nessus", "title": "Ubuntu 14.04 LTS / 16.04 LTS : Firefox vulnerability (USN-3238-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5428"], "modified": "2023-10-20T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:firefox-locale-az", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-be", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-bg", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-bn", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-br", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-bs", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ca", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-cak", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-cs", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-csb", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-cy", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-da", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-de", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-el", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-en", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-eo", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-es", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-et", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-eu", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-fa", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-fi", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-fr", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-fy", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ga", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-gd", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-gl", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-gn", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-gu", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-he", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-hi", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-hr", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-hsb", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-hu", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-hy", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-id", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-is", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-it", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ja", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ka", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-kab", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-kk", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-km", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-kn", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ko", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ku", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-lg", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-lt", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-lv", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-mai", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-mk", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ml", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-mn", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-mr", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ms", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-nb", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-nl", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-nn", "p-cpe:/a:canonical:ubuntu_linux:firefox", "p-cpe:/a:canonical:ubuntu_linux:firefox-dev", "p-cpe:/a:canonical:ubuntu_linux:firefox-globalmenu", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-af", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-an", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ar", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-as", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ast", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-nso", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-oc", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-or", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-pa", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-pl", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-pt", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ro", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ru", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-si", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-sk", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-sl", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-sq", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-sr", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-sv", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-sw", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ta", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-te", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-th", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-tr", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-uk", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-uz", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-vi", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-xh", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-zh-hans", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-zh-hant", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-zu", "p-cpe:/a:canonical:ubuntu_linux:firefox-mozsymbols", "p-cpe:/a:canonical:ubuntu_linux:firefox-testsuite", "cpe:/o:canonical:ubuntu_linux:14.04:-:lts", "cpe:/o:canonical:ubuntu_linux:16.04:-:lts"], "id": "UBUNTU_USN-3238-1.NASL", "href": "https://www.tenable.com/plugins/nessus/97855", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3238-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(97855);\n script_version(\"3.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/20\");\n\n script_cve_id(\"CVE-2017-5428\");\n script_xref(name:\"USN\", value:\"3238-1\");\n\n script_name(english:\"Ubuntu 14.04 LTS / 16.04 LTS : Firefox vulnerability (USN-3238-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"An integer overflow was discovered in Firefox. If a user were tricked\nin to opening a specially crafted website, an attacker could exploit\nthis to cause a denial of service via application crash or execute\narbitrary code. (CVE-2017-5428).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-3238-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-5428\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/06/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/03/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/03/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-globalmenu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-af\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-an\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-as\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ast\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-az\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-be\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-bg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-bn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-br\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-bs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ca\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-cak\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-cs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-csb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-cy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-da\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-de\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-en\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-eo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-es\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-et\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-eu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-fa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-fi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-fr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-fy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ga\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-gl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-gn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-gu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-he\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-hi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-hr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-hsb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-hu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-hy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-id\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-is\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-it\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ja\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ka\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-kab\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-kk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-km\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-kn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ko\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ku\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-lg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-lt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-lv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-mai\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-mk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-mn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-mr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-nb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-nl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-nn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-nso\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-oc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-or\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-pa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:f
firefox security update
