ID RHSA-2005:789 Type redhat Reporter RedHat Modified 2018-03-14T19:27:09
Description
Mozilla is an open source Web browser, advanced email and newsgroup client,
IRC chat client, and HTML editor.
A bug was found in the way Mozilla processes XBM image files. If a user
views a specially crafted XBM file, it becomes possible to execute
arbitrary code as the user running Mozilla. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CAN-2005-2701 to
this issue.
A bug was found in the way Mozilla processes certain Unicode
sequences. It may be possible to execute arbitrary code as the user running
Mozilla, if the user views a specially crafted Unicode sequence.
(CAN-2005-2702)
A bug was found in the way Mozilla makes XMLHttp requests. It is possible
that a malicious web page could leverage this flaw to exploit other proxy
or server flaws from the victim's machine. It is also possible that this
flaw could be leveraged to send XMLHttp requests to hosts other than the
originator; the default behavior of the browser is to disallow this.
(CAN-2005-2703)
A bug was found in the way Mozilla implemented its XBL interface. It may be
possible for a malicious web page to create an XBL binding in a way
that would allow arbitrary JavaScript execution with chrome permissions.
Please note that in Mozilla 1.7.10 this issue is not directly exploitable
and would need to leverage other unknown exploits. (CAN-2005-2704)
An integer overflow bug was found in Mozilla's JavaScript engine. Under
favorable conditions, it may be possible for a malicious web page to
execute arbitrary code as the user running Mozilla. (CAN-2005-2705)
A bug was found in the way Mozilla displays about: pages. It is possible
for a malicious web page to open an about: page, such as about:mozilla, in
such a way that it becomes possible to execute JavaScript with chrome
privileges. (CAN-2005-2706)
A bug was found in the way Mozilla opens new windows. It is possible for a
malicious web site to construct a new window without any user interface
components, such as the address bar and the status bar. This window could
then be used to mislead the user for malicious purposes. (CAN-2005-2707)
Users of Mozilla are advised to upgrade to this updated package that
contains Mozilla version 1.7.12 and is not vulnerable to these issues.
{"id": "RHSA-2005:789", "hash": "d991c249d9e07c7dcf0a6f212d1eae6f", "type": "redhat", "bulletinFamily": "unix", "title": "(RHSA-2005:789) mozilla security update", "description": "Mozilla is an open source Web browser, advanced email and newsgroup client,\r\nIRC chat client, and HTML editor.\r\n\r\nA bug was found in the way Mozilla processes XBM image files. If a user\r\nviews a specially crafted XBM file, it becomes possible to execute\r\narbitrary code as the user running Mozilla. The Common Vulnerabilities and\r\nExposures project (cve.mitre.org) has assigned the name CAN-2005-2701 to\r\nthis issue.\r\n\r\nA bug was found in the way Mozilla processes certain Unicode\r\nsequences. It may be possible to execute arbitrary code as the user running\r\nMozilla, if the user views a specially crafted Unicode sequence.\r\n(CAN-2005-2702)\r\n\r\nA bug was found in the way Mozilla makes XMLHttp requests. It is possible\r\nthat a malicious web page could leverage this flaw to exploit other proxy\r\nor server flaws from the victim's machine. It is also possible that this\r\nflaw could be leveraged to send XMLHttp requests to hosts other than the\r\noriginator; the default behavior of the browser is to disallow this.\r\n(CAN-2005-2703)\r\n\r\nA bug was found in the way Mozilla implemented its XBL interface. It may be\r\npossible for a malicious web page to create an XBL binding in a way\r\nthat would allow arbitrary JavaScript execution with chrome permissions.\r\nPlease note that in Mozilla 1.7.10 this issue is not directly exploitable\r\nand would need to leverage other unknown exploits. (CAN-2005-2704)\r\n\r\nAn integer overflow bug was found in Mozilla's JavaScript engine. Under\r\nfavorable conditions, it may be possible for a malicious web page to\r\nexecute arbitrary code as the user running Mozilla. (CAN-2005-2705)\r\n\r\nA bug was found in the way Mozilla displays about: pages. It is possible\r\nfor a malicious web page to open an about: page, such as about:mozilla, in\r\nsuch a way that it becomes possible to execute JavaScript with chrome\r\nprivileges. (CAN-2005-2706)\r\n\r\nA bug was found in the way Mozilla opens new windows. It is possible for a\r\nmalicious web site to construct a new window without any user interface\r\ncomponents, such as the address bar and the status bar. This window could\r\nthen be used to mislead the user for malicious purposes. (CAN-2005-2707)\r\n\r\nUsers of Mozilla are advised to upgrade to this updated package that\r\ncontains Mozilla version 1.7.12 and is not vulnerable to these issues.", "published": "2005-09-22T04:00:00", "modified": "2018-03-14T19:27:09", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "href": "https://access.redhat.com/errata/RHSA-2005:789", "reporter": "RedHat", "references": [], "cvelist": ["CVE-2005-2701", "CVE-2005-2702", "CVE-2005-2703", "CVE-2005-2704", "CVE-2005-2705", "CVE-2005-2706", "CVE-2005-2707"], "lastseen": "2019-05-29T14:35:23", "history": [{"bulletin": {"id": "RHSA-2005:789", "hash": "", "type": "redhat", "bulletinFamily": "unix", "title": "(RHSA-2005:789) mozilla security update", "description": "Mozilla is an open source Web browser, advanced email and newsgroup client,\r\nIRC chat client, and HTML editor.\r\n\r\nA bug was found in the way Mozilla processes XBM image files. If a user\r\nviews a specially crafted XBM file, it becomes possible to execute\r\narbitrary code as the user running Mozilla. The Common Vulnerabilities and\r\nExposures project (cve.mitre.org) has assigned the name CAN-2005-2701 to\r\nthis issue.\r\n\r\nA bug was found in the way Mozilla processes certain Unicode\r\nsequences. It may be possible to execute arbitrary code as the user running\r\nMozilla, if the user views a specially crafted Unicode sequence.\r\n(CAN-2005-2702)\r\n\r\nA bug was found in the way Mozilla makes XMLHttp requests. It is possible\r\nthat a malicious web page could leverage this flaw to exploit other proxy\r\nor server flaws from the victim's machine. It is also possible that this\r\nflaw could be leveraged to send XMLHttp requests to hosts other than the\r\noriginator; the default behavior of the browser is to disallow this.\r\n(CAN-2005-2703)\r\n\r\nA bug was found in the way Mozilla implemented its XBL interface. It may be\r\npossible for a malicious web page to create an XBL binding in a way\r\nthat would allow arbitrary JavaScript execution with chrome permissions.\r\nPlease note that in Mozilla 1.7.10 this issue is not directly exploitable\r\nand would need to leverage other unknown exploits. (CAN-2005-2704)\r\n\r\nAn integer overflow bug was found in Mozilla's JavaScript engine. Under\r\nfavorable conditions, it may be possible for a malicious web page to\r\nexecute arbitrary code as the user running Mozilla. (CAN-2005-2705)\r\n\r\nA bug was found in the way Mozilla displays about: pages. It is possible\r\nfor a malicious web page to open an about: page, such as about:mozilla, in\r\nsuch a way that it becomes possible to execute JavaScript with chrome\r\nprivileges. (CAN-2005-2706)\r\n\r\nA bug was found in the way Mozilla opens new windows. It is possible for a\r\nmalicious web site to construct a new window without any user interface\r\ncomponents, such as the address bar and the status bar. This window could\r\nthen be used to mislead the user for malicious purposes. (CAN-2005-2707)\r\n\r\nUsers of Mozilla are advised to upgrade to this updated package that\r\ncontains Mozilla version 1.7.12 and is not vulnerable to these issues.", "published": "2005-09-22T04:00:00", "modified": "2015-04-24T14:19:16", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://access.redhat.com/errata/RHSA-2005:789", "reporter": "RedHat", "references": [], "cvelist": ["CVE-2005-2707", "CVE-2005-2705", "CVE-2005-3089", "CVE-2005-2706", "CVE-2005-2701", "CVE-2005-2702", "CVE-2005-2704", "CVE-2005-2703"], "lastseen": "2016-09-04T11:17:46", "history": [], "viewCount": 0, "enchantments": {}, "objectVersion": "1.4", "affectedPackage": [{"packageVersion": "0.9.2-2.4.7", "packageName": "devhelp-devel", "packageFilename": "devhelp-devel-0.9.2-2.4.7.ppc.rpm", "operator": "lt", "OSVersion": "any", "OS": "RedHat", "arch": "ppc"}, {"packageVersion": "0.9.2-2.4.7", "packageName": "devhelp-devel", "packageFilename": "devhelp-devel-0.9.2-2.4.7.x86_64.rpm", "operator": "lt", "OSVersion": "any", "OS": "RedHat", "arch": "x86_64"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-nss", "packageFilename": "mozilla-nss-1.7.12-1.4.1.s390.rpm", "operator": "lt", "OSVersion": "any", "OS": "RedHat", "arch": "s390"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-nspr-devel", "packageFilename": "mozilla-nspr-devel-1.7.12-1.4.1.x86_64.rpm", "operator": "lt", "OSVersion": "any", "OS": "RedHat", "arch": "x86_64"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-js-debugger", "packageFilename": "mozilla-js-debugger-1.7.12-1.4.1.x86_64.rpm", "operator": "lt", "OSVersion": "any", "OS": "RedHat", "arch": "x86_64"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-nss-devel", "packageFilename": "mozilla-nss-devel-1.7.12-1.4.1.s390x.rpm", "operator": "lt", "OSVersion": "any", "OS": "RedHat", "arch": "s390x"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-js-debugger", "packageFilename": "mozilla-js-debugger-1.7.12-1.4.1.s390x.rpm", "operator": "lt", "OSVersion": "any", "OS": "RedHat", "arch": "s390x"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-dom-inspector", "packageFilename": "mozilla-dom-inspector-1.7.12-1.4.1.ia64.rpm", "operator": "lt", "OSVersion": "any", "OS": "RedHat", "arch": "ia64"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-nspr", "packageFilename": "mozilla-nspr-1.7.12-1.4.1.i386.rpm", "operator": "lt", "OSVersion": "any", "OS": "RedHat", "arch": "i386"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-dom-inspector", "packageFilename": "mozilla-dom-inspector-1.7.12-1.4.1.s390x.rpm", "operator": "lt", "OSVersion": "any", "OS": "RedHat", "arch": "s390x"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-mail", "packageFilename": "mozilla-mail-1.7.12-1.4.1.s390.rpm", "operator": "lt", "OSVersion": "any", "OS": "RedHat", "arch": "s390"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-devel", "packageFilename": "mozilla-devel-1.7.12-1.4.1.i386.rpm", "operator": "lt", "OSVersion": "any", "OS": "RedHat", "arch": "i386"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-nspr-devel", "packageFilename": "mozilla-nspr-devel-1.7.12-1.4.1.ia64.rpm", "operator": "lt", "OSVersion": "any", "OS": "RedHat", "arch": "ia64"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-chat", "packageFilename": "mozilla-chat-1.7.12-1.4.1.i386.rpm", "operator": "lt", "OSVersion": "any", "OS": "RedHat", "arch": "i386"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-devel", "packageFilename": "mozilla-devel-1.7.12-1.4.1.ppc.rpm", "operator": "lt", "OSVersion": "any", "OS": "RedHat", "arch": "ppc"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-nspr-devel", "packageFilename": "mozilla-nspr-devel-1.7.12-1.4.1.s390x.rpm", "operator": "lt", "OSVersion": "any", "OS": "RedHat", "arch": "s390x"}, {"packageVersion": "0.9.2-2.4.7", "packageName": "devhelp", "packageFilename": "devhelp-0.9.2-2.4.7.src.rpm", "operator": "lt", "OSVersion": "any", "OS": "RedHat", "arch": "src"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-chat", "packageFilename": "mozilla-chat-1.7.12-1.4.1.ia64.rpm", "operator": "lt", "OSVersion": "any", "OS": "RedHat", "arch": "ia64"}, {"packageVersion": "0.9.2-2.4.7", "packageName": "devhelp-devel", "packageFilename": "devhelp-devel-0.9.2-2.4.7.i386.rpm", "operator": "lt", "OSVersion": "any", "OS": "RedHat", "arch": "i386"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-dom-inspector", "packageFilename": "mozilla-dom-inspector-1.7.12-1.4.1.ppc.rpm", "operator": "lt", "OSVersion": "any", "OS": "RedHat", "arch": "ppc"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-js-debugger", "packageFilename": "mozilla-js-debugger-1.7.12-1.4.1.s390.rpm", "operator": "lt", "OSVersion": "any", "OS": "RedHat", "arch": "s390"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-chat", "packageFilename": "mozilla-chat-1.7.12-1.4.1.s390.rpm", "operator": "lt", "OSVersion": "any", "OS": "RedHat", "arch": "s390"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-nspr", "packageFilename": "mozilla-nspr-1.7.12-1.4.1.s390x.rpm", "operator": "lt", "OSVersion": "any", "OS": "RedHat", "arch": "s390x"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-nss-devel", "packageFilename": "mozilla-nss-devel-1.7.12-1.4.1.x86_64.rpm", "operator": "lt", "OSVersion": "any", "OS": "RedHat", "arch": "x86_64"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-devel", "packageFilename": "mozilla-devel-1.7.12-1.4.1.x86_64.rpm", "operator": "lt", "OSVersion": "any", "OS": "RedHat", "arch": "x86_64"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-nspr", "packageFilename": "mozilla-nspr-1.7.12-1.4.1.x86_64.rpm", "operator": "lt", "OSVersion": "any", "OS": "RedHat", "arch": "x86_64"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-devel", "packageFilename": "mozilla-devel-1.7.12-1.4.1.s390x.rpm", "operator": "lt", "OSVersion": "any", "OS": "RedHat", "arch": "s390x"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-nss-devel", "packageFilename": "mozilla-nss-devel-1.7.12-1.4.1.i386.rpm", "operator": "lt", "OSVersion": "any", "OS": "RedHat", "arch": "i386"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-mail", "packageFilename": "mozilla-mail-1.7.12-1.4.1.x86_64.rpm", "operator": "lt", "OSVersion": "any", "OS": "RedHat", "arch": "x86_64"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla", "packageFilename": "mozilla-1.7.12-1.4.1.ppc.rpm", "operator": "lt", "OSVersion": "any", "OS": "RedHat", "arch": "ppc"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-nspr-devel", "packageFilename": "mozilla-nspr-devel-1.7.12-1.4.1.i386.rpm", "operator": "lt", "OSVersion": "any", "OS": "RedHat", "arch": "i386"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-devel", "packageFilename": "mozilla-devel-1.7.12-1.4.1.ia64.rpm", "operator": "lt", "OSVersion": "any", "OS": "RedHat", "arch": "ia64"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla", "packageFilename": "mozilla-1.7.12-1.4.1.i386.rpm", "operator": "lt", "OSVersion": "any", "OS": "RedHat", "arch": "i386"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-js-debugger", "packageFilename": "mozilla-js-debugger-1.7.12-1.4.1.i386.rpm", "operator": "lt", "OSVersion": "any", "OS": "RedHat", "arch": "i386"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-nss", "packageFilename": "mozilla-nss-1.7.12-1.4.1.ppc.rpm", "operator": "lt", "OSVersion": "any", "OS": "RedHat", "arch": "ppc"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-dom-inspector", "packageFilename": "mozilla-dom-inspector-1.7.12-1.4.1.s390.rpm", "operator": "lt", "OSVersion": "any", "OS": "RedHat", "arch": "s390"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-mail", "packageFilename": "mozilla-mail-1.7.12-1.4.1.ppc.rpm", "operator": "lt", "OSVersion": "any", "OS": "RedHat", "arch": "ppc"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla", "packageFilename": "mozilla-1.7.12-1.4.1.src.rpm", "operator": "lt", "OSVersion": "any", "OS": "RedHat", "arch": "src"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-nss", "packageFilename": "mozilla-nss-1.7.12-1.4.1.x86_64.rpm", "operator": "lt", "OSVersion": "any", "OS": "RedHat", "arch": "x86_64"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-nss-devel", "packageFilename": "mozilla-nss-devel-1.7.12-1.4.1.ppc.rpm", "operator": "lt", "OSVersion": "any", "OS": "RedHat", "arch": "ppc"}, {"packageVersion": "0.9.2-2.4.7", "packageName": "devhelp", "packageFilename": "devhelp-0.9.2-2.4.7.i386.rpm", "operator": "lt", "OSVersion": "any", "OS": "RedHat", "arch": "i386"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-nspr-devel", "packageFilename": "mozilla-nspr-devel-1.7.12-1.4.1.s390.rpm", "operator": "lt", "OSVersion": "any", "OS": "RedHat", "arch": "s390"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-mail", "packageFilename": "mozilla-mail-1.7.12-1.4.1.ia64.rpm", "operator": "lt", "OSVersion": "any", "OS": "RedHat", "arch": "ia64"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-dom-inspector", "packageFilename": "mozilla-dom-inspector-1.7.12-1.4.1.x86_64.rpm", "operator": "lt", "OSVersion": "any", "OS": "RedHat", "arch": "x86_64"}, {"packageVersion": "0.9.2-2.4.7", "packageName": "devhelp", "packageFilename": "devhelp-0.9.2-2.4.7.ppc.rpm", "operator": "lt", "OSVersion": "any", "OS": "RedHat", "arch": "ppc"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-nspr", "packageFilename": "mozilla-nspr-1.7.12-1.4.1.ppc.rpm", "operator": "lt", "OSVersion": "any", "OS": "RedHat", "arch": "ppc"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-nspr", "packageFilename": "mozilla-nspr-1.7.12-1.4.1.ia64.rpm", "operator": "lt", "OSVersion": "any", "OS": "RedHat", "arch": "ia64"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-chat", "packageFilename": "mozilla-chat-1.7.12-1.4.1.x86_64.rpm", "operator": "lt", "OSVersion": "any", "OS": "RedHat", "arch": "x86_64"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-js-debugger", "packageFilename": "mozilla-js-debugger-1.7.12-1.4.1.ia64.rpm", "operator": "lt", "OSVersion": "any", "OS": "RedHat", "arch": "ia64"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-chat", "packageFilename": "mozilla-chat-1.7.12-1.4.1.s390x.rpm", "operator": "lt", "OSVersion": "any", "OS": "RedHat", "arch": "s390x"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-chat", "packageFilename": "mozilla-chat-1.7.12-1.4.1.ppc.rpm", "operator": "lt", "OSVersion": "any", "OS": "RedHat", "arch": "ppc"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla", "packageFilename": "mozilla-1.7.12-1.4.1.s390x.rpm", "operator": "lt", "OSVersion": "any", "OS": "RedHat", "arch": "s390x"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla", "packageFilename": "mozilla-1.7.12-1.4.1.ia64.rpm", "operator": "lt", "OSVersion": "any", "OS": "RedHat", "arch": "ia64"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-nss", "packageFilename": "mozilla-nss-1.7.12-1.4.1.ia64.rpm", "operator": "lt", "OSVersion": "any", "OS": "RedHat", "arch": "ia64"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-nss", "packageFilename": "mozilla-nss-1.7.12-1.4.1.i386.rpm", "operator": "lt", "OSVersion": "any", "OS": "RedHat", "arch": "i386"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-nss-devel", "packageFilename": "mozilla-nss-devel-1.7.12-1.4.1.ia64.rpm", "operator": "lt", "OSVersion": "any", "OS": "RedHat", "arch": "ia64"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-nspr-devel", "packageFilename": "mozilla-nspr-devel-1.7.12-1.4.1.ppc.rpm", "operator": "lt", "OSVersion": "any", "OS": "RedHat", "arch": "ppc"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla", "packageFilename": "mozilla-1.7.12-1.4.1.s390.rpm", "operator": "lt", "OSVersion": "any", "OS": "RedHat", "arch": "s390"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-devel", "packageFilename": "mozilla-devel-1.7.12-1.4.1.s390.rpm", "operator": "lt", "OSVersion": "any", "OS": "RedHat", "arch": "s390"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-mail", "packageFilename": "mozilla-mail-1.7.12-1.4.1.s390x.rpm", "operator": "lt", "OSVersion": "any", "OS": "RedHat", "arch": "s390x"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-js-debugger", "packageFilename": "mozilla-js-debugger-1.7.12-1.4.1.ppc.rpm", "operator": "lt", "OSVersion": "any", "OS": "RedHat", "arch": "ppc"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-dom-inspector", "packageFilename": "mozilla-dom-inspector-1.7.12-1.4.1.i386.rpm", "operator": "lt", "OSVersion": "any", "OS": "RedHat", "arch": "i386"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-nss", "packageFilename": "mozilla-nss-1.7.12-1.4.1.s390x.rpm", "operator": "lt", "OSVersion": "any", "OS": "RedHat", "arch": "s390x"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-nspr", "packageFilename": "mozilla-nspr-1.7.12-1.4.1.s390.rpm", "operator": "lt", "OSVersion": "any", "OS": "RedHat", "arch": "s390"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla", "packageFilename": "mozilla-1.7.12-1.4.1.x86_64.rpm", "operator": "lt", "OSVersion": "any", "OS": "RedHat", "arch": "x86_64"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-nss-devel", "packageFilename": "mozilla-nss-devel-1.7.12-1.4.1.s390.rpm", "operator": "lt", "OSVersion": "any", "OS": "RedHat", "arch": "s390"}, {"packageVersion": "0.9.2-2.4.7", "packageName": "devhelp", "packageFilename": "devhelp-0.9.2-2.4.7.x86_64.rpm", "operator": "lt", "OSVersion": "any", "OS": "RedHat", "arch": "x86_64"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-mail", "packageFilename": "mozilla-mail-1.7.12-1.4.1.i386.rpm", "operator": "lt", "OSVersion": "any", "OS": "RedHat", "arch": "i386"}]}, "lastseen": "2016-09-04T11:17:46", "differentElements": ["affectedPackage", "modified"], "edition": 1}, {"bulletin": {"id": "RHSA-2005:789", "hash": "", "type": "redhat", "bulletinFamily": "unix", "title": "(RHSA-2005:789) mozilla security update", "description": "Mozilla is an open source Web browser, advanced email and newsgroup client,\r\nIRC chat client, and HTML editor.\r\n\r\nA bug was found in the way Mozilla processes XBM image files. If a user\r\nviews a specially crafted XBM file, it becomes possible to execute\r\narbitrary code as the user running Mozilla. The Common Vulnerabilities and\r\nExposures project (cve.mitre.org) has assigned the name CAN-2005-2701 to\r\nthis issue.\r\n\r\nA bug was found in the way Mozilla processes certain Unicode\r\nsequences. It may be possible to execute arbitrary code as the user running\r\nMozilla, if the user views a specially crafted Unicode sequence.\r\n(CAN-2005-2702)\r\n\r\nA bug was found in the way Mozilla makes XMLHttp requests. It is possible\r\nthat a malicious web page could leverage this flaw to exploit other proxy\r\nor server flaws from the victim's machine. It is also possible that this\r\nflaw could be leveraged to send XMLHttp requests to hosts other than the\r\noriginator; the default behavior of the browser is to disallow this.\r\n(CAN-2005-2703)\r\n\r\nA bug was found in the way Mozilla implemented its XBL interface. It may be\r\npossible for a malicious web page to create an XBL binding in a way\r\nthat would allow arbitrary JavaScript execution with chrome permissions.\r\nPlease note that in Mozilla 1.7.10 this issue is not directly exploitable\r\nand would need to leverage other unknown exploits. (CAN-2005-2704)\r\n\r\nAn integer overflow bug was found in Mozilla's JavaScript engine. Under\r\nfavorable conditions, it may be possible for a malicious web page to\r\nexecute arbitrary code as the user running Mozilla. (CAN-2005-2705)\r\n\r\nA bug was found in the way Mozilla displays about: pages. It is possible\r\nfor a malicious web page to open an about: page, such as about:mozilla, in\r\nsuch a way that it becomes possible to execute JavaScript with chrome\r\nprivileges. (CAN-2005-2706)\r\n\r\nA bug was found in the way Mozilla opens new windows. It is possible for a\r\nmalicious web site to construct a new window without any user interface\r\ncomponents, such as the address bar and the status bar. This window could\r\nthen be used to mislead the user for malicious purposes. (CAN-2005-2707)\r\n\r\nUsers of Mozilla are advised to upgrade to this updated package that\r\ncontains Mozilla version 1.7.12 and is not vulnerable to these issues.", "published": "2005-09-22T04:00:00", "modified": "2017-07-29T20:31:23", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://access.redhat.com/errata/RHSA-2005:789", "reporter": "RedHat", "references": [], "cvelist": ["CVE-2005-2701", "CVE-2005-2702", "CVE-2005-2703", "CVE-2005-2704", "CVE-2005-2705", "CVE-2005-2706", "CVE-2005-2707", "CVE-2005-3089"], "lastseen": "2017-08-02T22:57:54", "history": [], "viewCount": 0, "enchantments": {}, "objectVersion": "1.4", "affectedPackage": [{"packageVersion": "0.9.2-2.4.7", "packageName": "devhelp", "packageFilename": "devhelp-0.9.2-2.4.7.ppc.rpm", "arch": "ppc", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "0.9.2-2.4.7", "packageName": "devhelp-devel", "packageFilename": "devhelp-devel-0.9.2-2.4.7.ppc.rpm", "arch": "ppc", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla", "packageFilename": "mozilla-1.7.12-1.4.1.ppc.rpm", "arch": "ppc", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-chat", "packageFilename": "mozilla-chat-1.7.12-1.4.1.ppc.rpm", "arch": "ppc", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-devel", "packageFilename": "mozilla-devel-1.7.12-1.4.1.ppc.rpm", "arch": "ppc", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-dom-inspector", "packageFilename": "mozilla-dom-inspector-1.7.12-1.4.1.ppc.rpm", "arch": "ppc", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-js-debugger", "packageFilename": "mozilla-js-debugger-1.7.12-1.4.1.ppc.rpm", "arch": "ppc", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-mail", "packageFilename": "mozilla-mail-1.7.12-1.4.1.ppc.rpm", "arch": "ppc", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-nspr", "packageFilename": "mozilla-nspr-1.7.12-1.4.1.ppc.rpm", "arch": "ppc", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-nspr-devel", "packageFilename": "mozilla-nspr-devel-1.7.12-1.4.1.ppc.rpm", "arch": "ppc", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-nss", "packageFilename": "mozilla-nss-1.7.12-1.4.1.ppc.rpm", "arch": "ppc", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-nss-devel", "packageFilename": "mozilla-nss-devel-1.7.12-1.4.1.ppc.rpm", "arch": "ppc", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}]}, "lastseen": "2017-08-02T22:57:54", "differentElements": ["affectedPackage", "modified"], "edition": 2}, {"bulletin": {"id": "RHSA-2005:789", "hash": "", "type": "redhat", "bulletinFamily": "unix", "title": "(RHSA-2005:789) mozilla security update", "description": "Mozilla is an open source Web browser, advanced email and newsgroup client,\r\nIRC chat client, and HTML editor.\r\n\r\nA bug was found in the way Mozilla processes XBM image files. If a user\r\nviews a specially crafted XBM file, it becomes possible to execute\r\narbitrary code as the user running Mozilla. The Common Vulnerabilities and\r\nExposures project (cve.mitre.org) has assigned the name CAN-2005-2701 to\r\nthis issue.\r\n\r\nA bug was found in the way Mozilla processes certain Unicode\r\nsequences. It may be possible to execute arbitrary code as the user running\r\nMozilla, if the user views a specially crafted Unicode sequence.\r\n(CAN-2005-2702)\r\n\r\nA bug was found in the way Mozilla makes XMLHttp requests. It is possible\r\nthat a malicious web page could leverage this flaw to exploit other proxy\r\nor server flaws from the victim's machine. It is also possible that this\r\nflaw could be leveraged to send XMLHttp requests to hosts other than the\r\noriginator; the default behavior of the browser is to disallow this.\r\n(CAN-2005-2703)\r\n\r\nA bug was found in the way Mozilla implemented its XBL interface. It may be\r\npossible for a malicious web page to create an XBL binding in a way\r\nthat would allow arbitrary JavaScript execution with chrome permissions.\r\nPlease note that in Mozilla 1.7.10 this issue is not directly exploitable\r\nand would need to leverage other unknown exploits. (CAN-2005-2704)\r\n\r\nAn integer overflow bug was found in Mozilla's JavaScript engine. Under\r\nfavorable conditions, it may be possible for a malicious web page to\r\nexecute arbitrary code as the user running Mozilla. (CAN-2005-2705)\r\n\r\nA bug was found in the way Mozilla displays about: pages. It is possible\r\nfor a malicious web page to open an about: page, such as about:mozilla, in\r\nsuch a way that it becomes possible to execute JavaScript with chrome\r\nprivileges. (CAN-2005-2706)\r\n\r\nA bug was found in the way Mozilla opens new windows. It is possible for a\r\nmalicious web site to construct a new window without any user interface\r\ncomponents, such as the address bar and the status bar. This window could\r\nthen be used to mislead the user for malicious purposes. (CAN-2005-2707)\r\n\r\nUsers of Mozilla are advised to upgrade to this updated package that\r\ncontains Mozilla version 1.7.12 and is not vulnerable to these issues.", "published": "2005-09-22T04:00:00", "modified": "2017-09-08T11:55:06", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://access.redhat.com/errata/RHSA-2005:789", "reporter": "RedHat", "references": [], "cvelist": ["CVE-2005-2701", "CVE-2005-2702", "CVE-2005-2703", "CVE-2005-2704", "CVE-2005-2705", "CVE-2005-2706", "CVE-2005-2707", "CVE-2005-3089"], "lastseen": "2017-09-09T07:19:35", "history": [], "viewCount": 0, "enchantments": {"score": {"value": 6.8, "modified": "2017-09-09T07:19:35"}}, "objectVersion": "1.4", "affectedPackage": [{"packageVersion": "0.9.2-2.4.7", "packageName": "devhelp", "packageFilename": "devhelp-0.9.2-2.4.7.i386.rpm", "arch": "i386", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "0.9.2-2.4.7", "packageName": "devhelp-devel", "packageFilename": "devhelp-devel-0.9.2-2.4.7.i386.rpm", "arch": "i386", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla", "packageFilename": "mozilla-1.7.12-1.4.1.i386.rpm", "arch": "i386", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-chat", "packageFilename": "mozilla-chat-1.7.12-1.4.1.i386.rpm", "arch": "i386", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-devel", "packageFilename": "mozilla-devel-1.7.12-1.4.1.i386.rpm", "arch": "i386", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-dom-inspector", "packageFilename": "mozilla-dom-inspector-1.7.12-1.4.1.i386.rpm", "arch": "i386", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-js-debugger", "packageFilename": "mozilla-js-debugger-1.7.12-1.4.1.i386.rpm", "arch": "i386", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-mail", "packageFilename": "mozilla-mail-1.7.12-1.4.1.i386.rpm", "arch": "i386", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-nspr", "packageFilename": "mozilla-nspr-1.7.12-1.4.1.i386.rpm", "arch": "i386", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-nspr-devel", "packageFilename": "mozilla-nspr-devel-1.7.12-1.4.1.i386.rpm", "arch": "i386", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-nss", "packageFilename": "mozilla-nss-1.7.12-1.4.1.i386.rpm", "arch": "i386", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-nss-devel", "packageFilename": "mozilla-nss-devel-1.7.12-1.4.1.i386.rpm", "arch": "i386", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "0.9.2-2.4.7", "packageName": "devhelp", "packageFilename": "devhelp-0.9.2-2.4.7.src.rpm", "arch": "src", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla", "packageFilename": "mozilla-1.7.12-1.4.1.src.rpm", "arch": "src", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla", "packageFilename": "mozilla-1.7.12-1.4.1.ia64.rpm", "arch": "ia64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-chat", "packageFilename": "mozilla-chat-1.7.12-1.4.1.ia64.rpm", "arch": "ia64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-devel", "packageFilename": "mozilla-devel-1.7.12-1.4.1.ia64.rpm", "arch": "ia64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-dom-inspector", "packageFilename": "mozilla-dom-inspector-1.7.12-1.4.1.ia64.rpm", "arch": "ia64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-js-debugger", "packageFilename": "mozilla-js-debugger-1.7.12-1.4.1.ia64.rpm", "arch": "ia64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-mail", "packageFilename": "mozilla-mail-1.7.12-1.4.1.ia64.rpm", "arch": "ia64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-nspr", "packageFilename": "mozilla-nspr-1.7.12-1.4.1.ia64.rpm", "arch": "ia64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-nspr-devel", "packageFilename": "mozilla-nspr-devel-1.7.12-1.4.1.ia64.rpm", "arch": "ia64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-nss", "packageFilename": "mozilla-nss-1.7.12-1.4.1.ia64.rpm", "arch": "ia64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-nss-devel", "packageFilename": "mozilla-nss-devel-1.7.12-1.4.1.ia64.rpm", "arch": "ia64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "0.9.2-2.4.7", "packageName": "devhelp", "packageFilename": "devhelp-0.9.2-2.4.7.x86_64.rpm", "arch": "x86_64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "0.9.2-2.4.7", "packageName": "devhelp-devel", "packageFilename": "devhelp-devel-0.9.2-2.4.7.x86_64.rpm", "arch": "x86_64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla", "packageFilename": "mozilla-1.7.12-1.4.1.x86_64.rpm", "arch": "x86_64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-chat", "packageFilename": "mozilla-chat-1.7.12-1.4.1.x86_64.rpm", "arch": "x86_64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-devel", "packageFilename": "mozilla-devel-1.7.12-1.4.1.x86_64.rpm", "arch": "x86_64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-dom-inspector", "packageFilename": "mozilla-dom-inspector-1.7.12-1.4.1.x86_64.rpm", "arch": "x86_64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-js-debugger", "packageFilename": "mozilla-js-debugger-1.7.12-1.4.1.x86_64.rpm", "arch": "x86_64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-mail", "packageFilename": "mozilla-mail-1.7.12-1.4.1.x86_64.rpm", "arch": "x86_64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-nspr", "packageFilename": "mozilla-nspr-1.7.12-1.4.1.x86_64.rpm", "arch": "x86_64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-nspr-devel", "packageFilename": "mozilla-nspr-devel-1.7.12-1.4.1.x86_64.rpm", "arch": "x86_64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-nss", "packageFilename": "mozilla-nss-1.7.12-1.4.1.x86_64.rpm", "arch": "x86_64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-nss-devel", "packageFilename": "mozilla-nss-devel-1.7.12-1.4.1.x86_64.rpm", "arch": "x86_64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "0.9.2-2.4.7", "packageName": "devhelp", "packageFilename": "devhelp-0.9.2-2.4.7.ppc.rpm", "arch": "ppc", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "0.9.2-2.4.7", "packageName": "devhelp-devel", "packageFilename": "devhelp-devel-0.9.2-2.4.7.ppc.rpm", "arch": "ppc", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla", "packageFilename": "mozilla-1.7.12-1.4.1.ppc.rpm", "arch": "ppc", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-chat", "packageFilename": "mozilla-chat-1.7.12-1.4.1.ppc.rpm", "arch": "ppc", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-devel", "packageFilename": "mozilla-devel-1.7.12-1.4.1.ppc.rpm", "arch": "ppc", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-dom-inspector", "packageFilename": "mozilla-dom-inspector-1.7.12-1.4.1.ppc.rpm", "arch": "ppc", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-js-debugger", "packageFilename": "mozilla-js-debugger-1.7.12-1.4.1.ppc.rpm", "arch": "ppc", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-mail", "packageFilename": "mozilla-mail-1.7.12-1.4.1.ppc.rpm", "arch": "ppc", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-nspr", "packageFilename": "mozilla-nspr-1.7.12-1.4.1.ppc.rpm", "arch": "ppc", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-nspr-devel", "packageFilename": "mozilla-nspr-devel-1.7.12-1.4.1.ppc.rpm", "arch": "ppc", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-nss", "packageFilename": "mozilla-nss-1.7.12-1.4.1.ppc.rpm", "arch": "ppc", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-nss-devel", "packageFilename": "mozilla-nss-devel-1.7.12-1.4.1.ppc.rpm", "arch": "ppc", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla", "packageFilename": "mozilla-1.7.12-1.4.1.s390.rpm", "arch": "s390", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-chat", "packageFilename": "mozilla-chat-1.7.12-1.4.1.s390.rpm", "arch": "s390", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-devel", "packageFilename": "mozilla-devel-1.7.12-1.4.1.s390.rpm", "arch": "s390", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-dom-inspector", "packageFilename": "mozilla-dom-inspector-1.7.12-1.4.1.s390.rpm", "arch": "s390", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-js-debugger", "packageFilename": "mozilla-js-debugger-1.7.12-1.4.1.s390.rpm", "arch": "s390", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-mail", "packageFilename": "mozilla-mail-1.7.12-1.4.1.s390.rpm", "arch": "s390", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-nspr", "packageFilename": "mozilla-nspr-1.7.12-1.4.1.s390.rpm", "arch": "s390", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-nspr-devel", "packageFilename": "mozilla-nspr-devel-1.7.12-1.4.1.s390.rpm", "arch": "s390", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-nss", "packageFilename": "mozilla-nss-1.7.12-1.4.1.s390.rpm", "arch": "s390", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-nss-devel", "packageFilename": "mozilla-nss-devel-1.7.12-1.4.1.s390.rpm", "arch": "s390", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla", "packageFilename": "mozilla-1.7.12-1.4.1.s390x.rpm", "arch": "s390x", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-chat", "packageFilename": "mozilla-chat-1.7.12-1.4.1.s390x.rpm", "arch": "s390x", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-devel", "packageFilename": "mozilla-devel-1.7.12-1.4.1.s390x.rpm", "arch": "s390x", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-dom-inspector", "packageFilename": "mozilla-dom-inspector-1.7.12-1.4.1.s390x.rpm", "arch": "s390x", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-js-debugger", "packageFilename": "mozilla-js-debugger-1.7.12-1.4.1.s390x.rpm", "arch": "s390x", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-mail", "packageFilename": "mozilla-mail-1.7.12-1.4.1.s390x.rpm", "arch": "s390x", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-nspr", "packageFilename": "mozilla-nspr-1.7.12-1.4.1.s390x.rpm", "arch": "s390x", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-nspr-devel", "packageFilename": "mozilla-nspr-devel-1.7.12-1.4.1.s390x.rpm", "arch": "s390x", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-nss", "packageFilename": "mozilla-nss-1.7.12-1.4.1.s390x.rpm", "arch": "s390x", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-nss-devel", "packageFilename": "mozilla-nss-devel-1.7.12-1.4.1.s390x.rpm", "arch": "s390x", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}]}, "lastseen": "2017-09-09T07:19:35", "differentElements": ["affectedPackage", "modified"], "edition": 3}, {"bulletin": {"id": "RHSA-2005:789", "hash": "", "type": "redhat", "bulletinFamily": "unix", "title": "(RHSA-2005:789) mozilla security update", "description": "Mozilla is an open source Web browser, advanced email and newsgroup client,\r\nIRC chat client, and HTML editor.\r\n\r\nA bug was found in the way Mozilla processes XBM image files. If a user\r\nviews a specially crafted XBM file, it becomes possible to execute\r\narbitrary code as the user running Mozilla. The Common Vulnerabilities and\r\nExposures project (cve.mitre.org) has assigned the name CAN-2005-2701 to\r\nthis issue.\r\n\r\nA bug was found in the way Mozilla processes certain Unicode\r\nsequences. It may be possible to execute arbitrary code as the user running\r\nMozilla, if the user views a specially crafted Unicode sequence.\r\n(CAN-2005-2702)\r\n\r\nA bug was found in the way Mozilla makes XMLHttp requests. It is possible\r\nthat a malicious web page could leverage this flaw to exploit other proxy\r\nor server flaws from the victim's machine. It is also possible that this\r\nflaw could be leveraged to send XMLHttp requests to hosts other than the\r\noriginator; the default behavior of the browser is to disallow this.\r\n(CAN-2005-2703)\r\n\r\nA bug was found in the way Mozilla implemented its XBL interface. It may be\r\npossible for a malicious web page to create an XBL binding in a way\r\nthat would allow arbitrary JavaScript execution with chrome permissions.\r\nPlease note that in Mozilla 1.7.10 this issue is not directly exploitable\r\nand would need to leverage other unknown exploits. (CAN-2005-2704)\r\n\r\nAn integer overflow bug was found in Mozilla's JavaScript engine. Under\r\nfavorable conditions, it may be possible for a malicious web page to\r\nexecute arbitrary code as the user running Mozilla. (CAN-2005-2705)\r\n\r\nA bug was found in the way Mozilla displays about: pages. It is possible\r\nfor a malicious web page to open an about: page, such as about:mozilla, in\r\nsuch a way that it becomes possible to execute JavaScript with chrome\r\nprivileges. (CAN-2005-2706)\r\n\r\nA bug was found in the way Mozilla opens new windows. It is possible for a\r\nmalicious web site to construct a new window without any user interface\r\ncomponents, such as the address bar and the status bar. This window could\r\nthen be used to mislead the user for malicious purposes. (CAN-2005-2707)\r\n\r\nUsers of Mozilla are advised to upgrade to this updated package that\r\ncontains Mozilla version 1.7.12 and is not vulnerable to these issues.", "published": "2005-09-22T04:00:00", "modified": "2018-01-24T21:59:06", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://access.redhat.com/errata/RHSA-2005:789", "reporter": "RedHat", "references": [], "cvelist": ["CVE-2005-2701", "CVE-2005-2702", "CVE-2005-2703", "CVE-2005-2704", "CVE-2005-2705", "CVE-2005-2706", "CVE-2005-2707", "CVE-2005-3089"], "lastseen": "2018-01-25T02:03:36", "history": [], "viewCount": 0, "enchantments": {"score": {"value": 6.8, "modified": "2018-01-25T02:03:36"}}, "objectVersion": "1.4", "affectedPackage": [{"packageVersion": "1.7.12-1.1.3.2", "packageName": "mozilla-chat", "packageFilename": "mozilla-chat-1.7.12-1.1.3.2.s390.rpm", "arch": "s390", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.3.2", "packageName": "mozilla-js-debugger", "packageFilename": "mozilla-js-debugger-1.7.12-1.1.3.2.ia64.rpm", "arch": "ia64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.2.2", "packageName": "mozilla-dom-inspector", "packageFilename": "mozilla-dom-inspector-1.7.12-1.1.2.2.i386.rpm", "arch": "i386", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-dom-inspector", "packageFilename": "mozilla-dom-inspector-1.7.12-1.4.1.s390x.rpm", "arch": "s390x", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-mail", "packageFilename": "mozilla-mail-1.7.12-1.4.1.s390.rpm", "arch": "s390", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-nss", "packageFilename": "mozilla-nss-1.7.12-1.4.1.s390x.rpm", "arch": "s390x", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-chat", "packageFilename": "mozilla-chat-1.7.12-1.4.1.s390.rpm", "arch": "s390", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-chat", "packageFilename": "mozilla-chat-1.7.12-1.4.1.ppc.rpm", "arch": "ppc", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.3.2", "packageName": "mozilla-chat", "packageFilename": "mozilla-chat-1.7.12-1.1.3.2.ppc.rpm", "arch": "ppc", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.2.2", "packageName": "mozilla-chat", "packageFilename": "mozilla-chat-1.7.12-1.1.2.2.ia64.rpm", "arch": "ia64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.2.2", "packageName": "mozilla-devel", "packageFilename": "mozilla-devel-1.7.12-1.1.2.2.i386.rpm", "arch": "i386", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-nss", "packageFilename": "mozilla-nss-1.7.12-1.4.1.s390.rpm", "arch": "s390", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.3.2", "packageName": "mozilla-dom-inspector", "packageFilename": "mozilla-dom-inspector-1.7.12-1.1.3.2.i386.rpm", "arch": "i386", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.3.2", "packageName": "mozilla-nspr", "packageFilename": "mozilla-nspr-1.7.12-1.1.3.2.s390.rpm", "arch": "s390", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.3.2", "packageName": "mozilla-mail", "packageFilename": "mozilla-mail-1.7.12-1.1.3.2.ppc.rpm", "arch": "ppc", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "0.9.2-2.4.7", "packageName": "devhelp-devel", "packageFilename": "devhelp-devel-0.9.2-2.4.7.x86_64.rpm", "arch": "x86_64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.2.2", "packageName": "mozilla-dom-inspector", "packageFilename": "mozilla-dom-inspector-1.7.12-1.1.2.2.ia64.rpm", "arch": "ia64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.2.2", "packageName": "mozilla-nss", "packageFilename": "mozilla-nss-1.7.12-1.1.2.2.ia64.rpm", "arch": "ia64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.2.2", "packageName": "mozilla-nss-devel", "packageFilename": "mozilla-nss-devel-1.7.12-1.1.2.2.i386.rpm", "arch": "i386", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.3.2", "packageName": "mozilla-dom-inspector", "packageFilename": "mozilla-dom-inspector-1.7.12-1.1.3.2.s390x.rpm", "arch": "s390x", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.3.2", "packageName": "mozilla", "packageFilename": "mozilla-1.7.12-1.1.3.2.ppc.rpm", "arch": "ppc", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-nspr-devel", "packageFilename": "mozilla-nspr-devel-1.7.12-1.4.1.i386.rpm", "arch": "i386", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-mail", "packageFilename": "mozilla-mail-1.7.12-1.4.1.ppc.rpm", "arch": "ppc", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-nspr-devel", "packageFilename": "mozilla-nspr-devel-1.7.12-1.4.1.x86_64.rpm", "arch": "x86_64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.3.2", "packageName": "mozilla-js-debugger", "packageFilename": "mozilla-js-debugger-1.7.12-1.1.3.2.s390.rpm", "arch": "s390", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-devel", "packageFilename": "mozilla-devel-1.7.12-1.4.1.x86_64.rpm", "arch": "x86_64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.2.2", "packageName": "mozilla-mail", "packageFilename": "mozilla-mail-1.7.12-1.1.2.2.ia64.rpm", "arch": "ia64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.3.2", "packageName": "mozilla-nss", "packageFilename": "mozilla-nss-1.7.12-1.1.3.2.s390.rpm", "arch": "s390", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.3.2", "packageName": "mozilla-nss-devel", "packageFilename": "mozilla-nss-devel-1.7.12-1.1.3.2.s390x.rpm", "arch": "s390x", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-mail", "packageFilename": "mozilla-mail-1.7.12-1.4.1.x86_64.rpm", "arch": "x86_64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-js-debugger", "packageFilename": "mozilla-js-debugger-1.7.12-1.4.1.ppc.rpm", "arch": "ppc", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "0.9.2-2.4.7", "packageName": "devhelp", "packageFilename": "devhelp-0.9.2-2.4.7.i386.rpm", "arch": "i386", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla", "packageFilename": "mozilla-1.7.12-1.4.1.s390x.rpm", "arch": "s390x", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "0.9.2-2.4.7", "packageName": "devhelp", "packageFilename": "devhelp-0.9.2-2.4.7.ppc.rpm", "arch": "ppc", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.2.2", "packageName": "mozilla-devel", "packageFilename": "mozilla-devel-1.7.12-1.1.2.2.ia64.rpm", "arch": "ia64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.3.2", "packageName": "mozilla-js-debugger", "packageFilename": "mozilla-js-debugger-1.7.12-1.1.3.2.i386.rpm", "arch": "i386", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.3.2", "packageName": "mozilla-nss", "packageFilename": "mozilla-nss-1.7.12-1.1.3.2.ppc.rpm", "arch": "ppc", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.3.2", "packageName": "mozilla-nspr-devel", "packageFilename": "mozilla-nspr-devel-1.7.12-1.1.3.2.ppc.rpm", "arch": "ppc", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla", "packageFilename": "mozilla-1.7.12-1.4.1.i386.rpm", "arch": "i386", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.2.2", "packageName": "mozilla-nspr-devel", "packageFilename": "mozilla-nspr-devel-1.7.12-1.1.2.2.i386.rpm", "arch": "i386", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.2.2", "packageName": "mozilla-chat", "packageFilename": "mozilla-chat-1.7.12-1.1.2.2.i386.rpm", "arch": "i386", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-dom-inspector", "packageFilename": "mozilla-dom-inspector-1.7.12-1.4.1.x86_64.rpm", "arch": "x86_64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.3.2", "packageName": "mozilla-dom-inspector", "packageFilename": "mozilla-dom-inspector-1.7.12-1.1.3.2.x86_64.rpm", "arch": "x86_64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-nss-devel", "packageFilename": "mozilla-nss-devel-1.7.12-1.4.1.s390.rpm", "arch": "s390", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.2.2", "packageName": "mozilla", "packageFilename": "mozilla-1.7.12-1.1.2.2.ia64.rpm", "arch": "ia64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.3.2", "packageName": "mozilla-dom-inspector", "packageFilename": "mozilla-dom-inspector-1.7.12-1.1.3.2.s390.rpm", "arch": "s390", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.3.2", "packageName": "mozilla-chat", "packageFilename": "mozilla-chat-1.7.12-1.1.3.2.s390x.rpm", "arch": "s390x", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.3.2", "packageName": "mozilla", "packageFilename": "mozilla-1.7.12-1.1.3.2.ia64.rpm", "arch": "ia64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.3.2", "packageName": "mozilla-nspr-devel", "packageFilename": "mozilla-nspr-devel-1.7.12-1.1.3.2.x86_64.rpm", "arch": "x86_64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-chat", "packageFilename": "mozilla-chat-1.7.12-1.4.1.i386.rpm", "arch": "i386", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.3.2", "packageName": "mozilla-nss", "packageFilename": "mozilla-nss-1.7.12-1.1.3.2.s390x.rpm", "arch": "s390x", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.2.2", "packageName": "mozilla-nspr", "packageFilename": "mozilla-nspr-1.7.12-1.1.2.2.i386.rpm", "arch": "i386", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.3.2", "packageName": "mozilla-nspr", "packageFilename": "mozilla-nspr-1.7.12-1.1.3.2.ia64.rpm", "arch": "ia64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.3.2", "packageName": "mozilla-dom-inspector", "packageFilename": "mozilla-dom-inspector-1.7.12-1.1.3.2.ppc.rpm", "arch": "ppc", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-nspr", "packageFilename": "mozilla-nspr-1.7.12-1.4.1.i386.rpm", "arch": "i386", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.3.2", "packageName": "mozilla-nspr", "packageFilename": "mozilla-nspr-1.7.12-1.1.3.2.ppc.rpm", "arch": "ppc", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.3.2", "packageName": "mozilla-mail", "packageFilename": "mozilla-mail-1.7.12-1.1.3.2.x86_64.rpm", "arch": "x86_64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-devel", "packageFilename": "mozilla-devel-1.7.12-1.4.1.i386.rpm", "arch": "i386", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-nspr", "packageFilename": "mozilla-nspr-1.7.12-1.4.1.x86_64.rpm", "arch": "x86_64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.3.2", "packageName": "mozilla-nss", "packageFilename": "mozilla-nss-1.7.12-1.1.3.2.ia64.rpm", "arch": "ia64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-devel", "packageFilename": "mozilla-devel-1.7.12-1.4.1.s390x.rpm", "arch": "s390x", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-nspr-devel", "packageFilename": "mozilla-nspr-devel-1.7.12-1.4.1.s390x.rpm", "arch": "s390x", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-nss-devel", "packageFilename": "mozilla-nss-devel-1.7.12-1.4.1.s390x.rpm", "arch": "s390x", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-dom-inspector", "packageFilename": "mozilla-dom-inspector-1.7.12-1.4.1.ppc.rpm", "arch": "ppc", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-nss", "packageFilename": "mozilla-nss-1.7.12-1.4.1.ppc.rpm", "arch": "ppc", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.3.2", "packageName": "mozilla-nss", "packageFilename": "mozilla-nss-1.7.12-1.1.3.2.x86_64.rpm", "arch": "x86_64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.3.2", "packageName": "mozilla-nss-devel", "packageFilename": "mozilla-nss-devel-1.7.12-1.1.3.2.s390.rpm", "arch": "s390", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.3.2", "packageName": "mozilla-nss-devel", "packageFilename": "mozilla-nss-devel-1.7.12-1.1.3.2.i386.rpm", "arch": "i386", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.3.2", "packageName": "mozilla-nspr-devel", "packageFilename": "mozilla-nspr-devel-1.7.12-1.1.3.2.s390x.rpm", "arch": "s390x", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.2.2", "packageName": "mozilla-mail", "packageFilename": "mozilla-mail-1.7.12-1.1.2.2.i386.rpm", "arch": "i386", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.3.2", "packageName": "mozilla-nspr-devel", "packageFilename": "mozilla-nspr-devel-1.7.12-1.1.3.2.s390.rpm", "arch": "s390", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.3.2", "packageName": "mozilla-nspr", "packageFilename": "mozilla-nspr-1.7.12-1.1.3.2.x86_64.rpm", "arch": "x86_64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.2.2", "packageName": "mozilla-nspr", "packageFilename": "mozilla-nspr-1.7.12-1.1.2.2.ia64.rpm", "arch": "ia64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.3.2", "packageName": "mozilla-devel", "packageFilename": "mozilla-devel-1.7.12-1.1.3.2.s390x.rpm", "arch": "s390x", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-mail", "packageFilename": "mozilla-mail-1.7.12-1.4.1.ia64.rpm", "arch": "ia64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.3.2", "packageName": "mozilla", "packageFilename": "mozilla-1.7.12-1.1.3.2.i386.rpm", "arch": "i386", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.2.2", "packageName": "mozilla-nss-devel", "packageFilename": "mozilla-nss-devel-1.7.12-1.1.2.2.ia64.rpm", "arch": "ia64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.3.2", "packageName": "mozilla-mail", "packageFilename": "mozilla-mail-1.7.12-1.1.3.2.i386.rpm", "arch": "i386", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.3.2", "packageName": "mozilla-devel", "packageFilename": "mozilla-devel-1.7.12-1.1.3.2.ia64.rpm", "arch": "ia64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-nss", "packageFilename": "mozilla-nss-1.7.12-1.4.1.x86_64.rpm", "arch": "x86_64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.3.2", "packageName": "mozilla-nss-devel", "packageFilename": "mozilla-nss-devel-1.7.12-1.1.3.2.ia64.rpm", "arch": "ia64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.3.2", "packageName": "mozilla-mail", "packageFilename": "mozilla-mail-1.7.12-1.1.3.2.ia64.rpm", "arch": "ia64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.3.2", "packageName": "mozilla-dom-inspector", "packageFilename": "mozilla-dom-inspector-1.7.12-1.1.3.2.ia64.rpm", "arch": "ia64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-js-debugger", "packageFilename": "mozilla-js-debugger-1.7.12-1.4.1.x86_64.rpm", "arch": "x86_64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.3.2", "packageName": "mozilla-js-debugger", "packageFilename": "mozilla-js-debugger-1.7.12-1.1.3.2.x86_64.rpm", "arch": "x86_64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.2.14-1.2.7", "packageName": "galeon", "packageFilename": "galeon-1.2.14-1.2.7.ia64.rpm", "arch": "ia64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla", "packageFilename": "mozilla-1.7.12-1.4.1.ppc.rpm", "arch": "ppc", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.3.2", "packageName": "mozilla-js-debugger", "packageFilename": "mozilla-js-debugger-1.7.12-1.1.3.2.s390x.rpm", "arch": "s390x", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-nss-devel", "packageFilename": "mozilla-nss-devel-1.7.12-1.4.1.i386.rpm", "arch": "i386", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-nss", "packageFilename": "mozilla-nss-1.7.12-1.4.1.i386.rpm", "arch": "i386", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-nspr", "packageFilename": "mozilla-nspr-1.7.12-1.4.1.ppc.rpm", "arch": "ppc", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.3.2", "packageName": "mozilla-devel", "packageFilename": "mozilla-devel-1.7.12-1.1.3.2.x86_64.rpm", "arch": "x86_64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.3.2", "packageName": "mozilla", "packageFilename": "mozilla-1.7.12-1.1.3.2.s390x.rpm", "arch": "s390x", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.3.2", "packageName": "mozilla-mail", "packageFilename": "mozilla-mail-1.7.12-1.1.3.2.s390x.rpm", "arch": "s390x", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.3.2", "packageName": "mozilla-nss", "packageFilename": "mozilla-nss-1.7.12-1.1.3.2.i386.rpm", "arch": "i386", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-nss-devel", "packageFilename": "mozilla-nss-devel-1.7.12-1.4.1.x86_64.rpm", "arch": "x86_64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.3.2", "packageName": "mozilla", "packageFilename": "mozilla-1.7.12-1.1.3.2.x86_64.rpm", "arch": "x86_64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.3.2", "packageName": "mozilla-nspr", "packageFilename": "mozilla-nspr-1.7.12-1.1.3.2.i386.rpm", "arch": "i386", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.2.2", "packageName": "mozilla", "packageFilename": "mozilla-1.7.12-1.1.2.2.i386.rpm", "arch": "i386", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-devel", "packageFilename": "mozilla-devel-1.7.12-1.4.1.s390.rpm", "arch": "s390", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-js-debugger", "packageFilename": "mozilla-js-debugger-1.7.12-1.4.1.s390.rpm", "arch": "s390", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-js-debugger", "packageFilename": "mozilla-js-debugger-1.7.12-1.4.1.s390x.rpm", "arch": "s390x", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-dom-inspector", "packageFilename": "mozilla-dom-inspector-1.7.12-1.4.1.i386.rpm", "arch": "i386", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-chat", "packageFilename": "mozilla-chat-1.7.12-1.4.1.ia64.rpm", "arch": "ia64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.3.2", "packageName": "mozilla-nspr-devel", "packageFilename": "mozilla-nspr-devel-1.7.12-1.1.3.2.i386.rpm", "arch": "i386", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-nspr-devel", "packageFilename": "mozilla-nspr-devel-1.7.12-1.4.1.ia64.rpm", "arch": "ia64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-dom-inspector", "packageFilename": "mozilla-dom-inspector-1.7.12-1.4.1.s390.rpm", "arch": "s390", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla", "packageFilename": "mozilla-1.7.12-1.4.1.ia64.rpm", "arch": "ia64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.2.2", "packageName": "mozilla-nspr-devel", "packageFilename": "mozilla-nspr-devel-1.7.12-1.1.2.2.ia64.rpm", "arch": "ia64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.2.2", "packageName": "mozilla-js-debugger", "packageFilename": "mozilla-js-debugger-1.7.12-1.1.2.2.ia64.rpm", "arch": "ia64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.2.14-1.2.7", "packageName": "galeon", "packageFilename": "galeon-1.2.14-1.2.7.i386.rpm", "arch": "i386", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.3.2", "packageName": "mozilla-devel", "packageFilename": "mozilla-devel-1.7.12-1.1.3.2.i386.rpm", "arch": "i386", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-nspr-devel", "packageFilename": "mozilla-nspr-devel-1.7.12-1.4.1.s390.rpm", "arch": "s390", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla", "packageFilename": "mozilla-1.7.12-1.4.1.s390.rpm", "arch": "s390", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.3.2", "packageName": "mozilla-devel", "packageFilename": "mozilla-devel-1.7.12-1.1.3.2.ppc.rpm", "arch": "ppc", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.3.2", "packageName": "mozilla-nss-devel", "packageFilename": "mozilla-nss-devel-1.7.12-1.1.3.2.x86_64.rpm", "arch": "x86_64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-nss-devel", "packageFilename": "mozilla-nss-devel-1.7.12-1.4.1.ppc.rpm", "arch": "ppc", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-nss-devel", "packageFilename": "mozilla-nss-devel-1.7.12-1.4.1.ia64.rpm", "arch": "ia64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "0.9.2-2.4.7", "packageName": "devhelp-devel", "packageFilename": "devhelp-devel-0.9.2-2.4.7.i386.rpm", "arch": "i386", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-devel", "packageFilename": "mozilla-devel-1.7.12-1.4.1.ppc.rpm", "arch": "ppc", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-mail", "packageFilename": "mozilla-mail-1.7.12-1.4.1.s390x.rpm", "arch": "s390x", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-nspr", "packageFilename": "mozilla-nspr-1.7.12-1.4.1.s390x.rpm", "arch": "s390x", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-chat", "packageFilename": "mozilla-chat-1.7.12-1.4.1.s390x.rpm", "arch": "s390x", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.2.2", "packageName": "mozilla-nss", "packageFilename": "mozilla-nss-1.7.12-1.1.2.2.i386.rpm", "arch": "i386", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.3.2", "packageName": "mozilla-nspr-devel", "packageFilename": "mozilla-nspr-devel-1.7.12-1.1.3.2.ia64.rpm", "arch": "ia64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-nspr", "packageFilename": "mozilla-nspr-1.7.12-1.4.1.s390.rpm", "arch": "s390", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.2.2", "packageName": "mozilla-js-debugger", "packageFilename": "mozilla-js-debugger-1.7.12-1.1.2.2.i386.rpm", "arch": "i386", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-nspr", "packageFilename": "mozilla-nspr-1.7.12-1.4.1.ia64.rpm", "arch": "ia64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-js-debugger", "packageFilename": "mozilla-js-debugger-1.7.12-1.4.1.ia64.rpm", "arch": "ia64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-chat", "packageFilename": "mozilla-chat-1.7.12-1.4.1.x86_64.rpm", "arch": "x86_64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-devel", "packageFilename": "mozilla-devel-1.7.12-1.4.1.ia64.rpm", "arch": "ia64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-nspr-devel", "packageFilename": "mozilla-nspr-devel-1.7.12-1.4.1.ppc.rpm", "arch": "ppc", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "0.9.2-2.4.7", "packageName": "devhelp-devel", "packageFilename": "devhelp-devel-0.9.2-2.4.7.ppc.rpm", "arch": "ppc", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "0.9.2-2.4.7", "packageName": "devhelp", "packageFilename": "devhelp-0.9.2-2.4.7.x86_64.rpm", "arch": "x86_64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-mail", "packageFilename": "mozilla-mail-1.7.12-1.4.1.i386.rpm", "arch": "i386", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.3.2", "packageName": "mozilla", "packageFilename": "mozilla-1.7.12-1.1.3.2.s390.rpm", "arch": "s390", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.3.2", "packageName": "mozilla-chat", "packageFilename": "mozilla-chat-1.7.12-1.1.3.2.x86_64.rpm", "arch": "x86_64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.3.2", "packageName": "mozilla-nss-devel", "packageFilename": "mozilla-nss-devel-1.7.12-1.1.3.2.ppc.rpm", "arch": "ppc", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-js-debugger", "packageFilename": "mozilla-js-debugger-1.7.12-1.4.1.i386.rpm", "arch": "i386", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.3.2", "packageName": "mozilla-devel", "packageFilename": "mozilla-devel-1.7.12-1.1.3.2.s390.rpm", "arch": "s390", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.3.2", "packageName": "mozilla-mail", "packageFilename": "mozilla-mail-1.7.12-1.1.3.2.s390.rpm", "arch": "s390", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.3.2", "packageName": "mozilla-chat", "packageFilename": "mozilla-chat-1.7.12-1.1.3.2.i386.rpm", "arch": "i386", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.3.2", "packageName": "mozilla-js-debugger", "packageFilename": "mozilla-js-debugger-1.7.12-1.1.3.2.ppc.rpm", "arch": "ppc", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.3.2", "packageName": "mozilla-nspr", "packageFilename": "mozilla-nspr-1.7.12-1.1.3.2.s390x.rpm", "arch": "s390x", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-dom-inspector", "packageFilename": "mozilla-dom-inspector-1.7.12-1.4.1.ia64.rpm", "arch": "ia64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-nss", "packageFilename": "mozilla-nss-1.7.12-1.4.1.ia64.rpm", "arch": "ia64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.3.2", "packageName": "mozilla-chat", "packageFilename": "mozilla-chat-1.7.12-1.1.3.2.ia64.rpm", "arch": "ia64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla", "packageFilename": "mozilla-1.7.12-1.4.1.x86_64.rpm", "arch": "x86_64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}]}, "lastseen": "2018-01-25T02:03:36", "differentElements": ["modified"], "edition": 4}, {"bulletin": {"id": "RHSA-2005:789", "hash": "", "type": "redhat", "bulletinFamily": "unix", "title": "(RHSA-2005:789) mozilla security update", "description": "Mozilla is an open source Web browser, advanced email and newsgroup client,\r\nIRC chat client, and HTML editor.\r\n\r\nA bug was found in the way Mozilla processes XBM image files. If a user\r\nviews a specially crafted XBM file, it becomes possible to execute\r\narbitrary code as the user running Mozilla. The Common Vulnerabilities and\r\nExposures project (cve.mitre.org) has assigned the name CAN-2005-2701 to\r\nthis issue.\r\n\r\nA bug was found in the way Mozilla processes certain Unicode\r\nsequences. It may be possible to execute arbitrary code as the user running\r\nMozilla, if the user views a specially crafted Unicode sequence.\r\n(CAN-2005-2702)\r\n\r\nA bug was found in the way Mozilla makes XMLHttp requests. It is possible\r\nthat a malicious web page could leverage this flaw to exploit other proxy\r\nor server flaws from the victim's machine. It is also possible that this\r\nflaw could be leveraged to send XMLHttp requests to hosts other than the\r\noriginator; the default behavior of the browser is to disallow this.\r\n(CAN-2005-2703)\r\n\r\nA bug was found in the way Mozilla implemented its XBL interface. It may be\r\npossible for a malicious web page to create an XBL binding in a way\r\nthat would allow arbitrary JavaScript execution with chrome permissions.\r\nPlease note that in Mozilla 1.7.10 this issue is not directly exploitable\r\nand would need to leverage other unknown exploits. (CAN-2005-2704)\r\n\r\nAn integer overflow bug was found in Mozilla's JavaScript engine. Under\r\nfavorable conditions, it may be possible for a malicious web page to\r\nexecute arbitrary code as the user running Mozilla. (CAN-2005-2705)\r\n\r\nA bug was found in the way Mozilla displays about: pages. It is possible\r\nfor a malicious web page to open an about: page, such as about:mozilla, in\r\nsuch a way that it becomes possible to execute JavaScript with chrome\r\nprivileges. (CAN-2005-2706)\r\n\r\nA bug was found in the way Mozilla opens new windows. It is possible for a\r\nmalicious web site to construct a new window without any user interface\r\ncomponents, such as the address bar and the status bar. This window could\r\nthen be used to mislead the user for malicious purposes. (CAN-2005-2707)\r\n\r\nUsers of Mozilla are advised to upgrade to this updated package that\r\ncontains Mozilla version 1.7.12 and is not vulnerable to these issues.", "published": "2005-09-22T04:00:00", "modified": "2018-02-18T04:33:56", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://access.redhat.com/errata/RHSA-2005:789", "reporter": "RedHat", "references": [], "cvelist": ["CVE-2005-2701", "CVE-2005-2702", "CVE-2005-2703", "CVE-2005-2704", "CVE-2005-2705", "CVE-2005-2706", "CVE-2005-2707", "CVE-2005-3089"], "lastseen": "2018-02-18T08:25:13", "history": [], "viewCount": 0, "enchantments": {"score": {"value": 6.5, "modified": "2018-02-18T08:25:13", "vector": "AV:L/AC:L/Au:M/C:C/I:C/A:C/"}}, "objectVersion": "1.4", "affectedPackage": [{"packageVersion": "1.7.12-1.1.3.2", "packageName": "mozilla-chat", "packageFilename": "mozilla-chat-1.7.12-1.1.3.2.s390.rpm", "arch": "s390", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.3.2", "packageName": "mozilla-js-debugger", "packageFilename": "mozilla-js-debugger-1.7.12-1.1.3.2.ia64.rpm", "arch": "ia64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.2.2", "packageName": "mozilla-dom-inspector", "packageFilename": "mozilla-dom-inspector-1.7.12-1.1.2.2.i386.rpm", "arch": "i386", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-dom-inspector", "packageFilename": "mozilla-dom-inspector-1.7.12-1.4.1.s390x.rpm", "arch": "s390x", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-mail", "packageFilename": "mozilla-mail-1.7.12-1.4.1.s390.rpm", "arch": "s390", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-nss", "packageFilename": "mozilla-nss-1.7.12-1.4.1.s390x.rpm", "arch": "s390x", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-chat", "packageFilename": "mozilla-chat-1.7.12-1.4.1.s390.rpm", "arch": "s390", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-chat", "packageFilename": "mozilla-chat-1.7.12-1.4.1.ppc.rpm", "arch": "ppc", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.3.2", "packageName": "mozilla-chat", "packageFilename": "mozilla-chat-1.7.12-1.1.3.2.ppc.rpm", "arch": "ppc", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.2.2", "packageName": "mozilla-chat", "packageFilename": "mozilla-chat-1.7.12-1.1.2.2.ia64.rpm", "arch": "ia64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.2.2", "packageName": "mozilla-devel", "packageFilename": "mozilla-devel-1.7.12-1.1.2.2.i386.rpm", "arch": "i386", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-nss", "packageFilename": "mozilla-nss-1.7.12-1.4.1.s390.rpm", "arch": "s390", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.3.2", "packageName": "mozilla-dom-inspector", "packageFilename": "mozilla-dom-inspector-1.7.12-1.1.3.2.i386.rpm", "arch": "i386", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.3.2", "packageName": "mozilla-nspr", "packageFilename": "mozilla-nspr-1.7.12-1.1.3.2.s390.rpm", "arch": "s390", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.3.2", "packageName": "mozilla-mail", "packageFilename": "mozilla-mail-1.7.12-1.1.3.2.ppc.rpm", "arch": "ppc", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "0.9.2-2.4.7", "packageName": "devhelp-devel", "packageFilename": "devhelp-devel-0.9.2-2.4.7.x86_64.rpm", "arch": "x86_64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.2.2", "packageName": "mozilla-dom-inspector", "packageFilename": "mozilla-dom-inspector-1.7.12-1.1.2.2.ia64.rpm", "arch": "ia64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.2.2", "packageName": "mozilla-nss", "packageFilename": "mozilla-nss-1.7.12-1.1.2.2.ia64.rpm", "arch": "ia64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.2.2", "packageName": "mozilla-nss-devel", "packageFilename": "mozilla-nss-devel-1.7.12-1.1.2.2.i386.rpm", "arch": "i386", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.3.2", "packageName": "mozilla-dom-inspector", "packageFilename": "mozilla-dom-inspector-1.7.12-1.1.3.2.s390x.rpm", "arch": "s390x", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.3.2", "packageName": "mozilla", "packageFilename": "mozilla-1.7.12-1.1.3.2.ppc.rpm", "arch": "ppc", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-nspr-devel", "packageFilename": "mozilla-nspr-devel-1.7.12-1.4.1.i386.rpm", "arch": "i386", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-mail", "packageFilename": "mozilla-mail-1.7.12-1.4.1.ppc.rpm", "arch": "ppc", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-nspr-devel", "packageFilename": "mozilla-nspr-devel-1.7.12-1.4.1.x86_64.rpm", "arch": "x86_64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.3.2", "packageName": "mozilla-js-debugger", "packageFilename": "mozilla-js-debugger-1.7.12-1.1.3.2.s390.rpm", "arch": "s390", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-devel", "packageFilename": "mozilla-devel-1.7.12-1.4.1.x86_64.rpm", "arch": "x86_64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.2.2", "packageName": "mozilla-mail", "packageFilename": "mozilla-mail-1.7.12-1.1.2.2.ia64.rpm", "arch": "ia64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.3.2", "packageName": "mozilla-nss", "packageFilename": "mozilla-nss-1.7.12-1.1.3.2.s390.rpm", "arch": "s390", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.3.2", "packageName": "mozilla-nss-devel", "packageFilename": "mozilla-nss-devel-1.7.12-1.1.3.2.s390x.rpm", "arch": "s390x", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-mail", "packageFilename": "mozilla-mail-1.7.12-1.4.1.x86_64.rpm", "arch": "x86_64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-js-debugger", "packageFilename": "mozilla-js-debugger-1.7.12-1.4.1.ppc.rpm", "arch": "ppc", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "0.9.2-2.4.7", "packageName": "devhelp", "packageFilename": "devhelp-0.9.2-2.4.7.i386.rpm", "arch": "i386", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla", "packageFilename": "mozilla-1.7.12-1.4.1.s390x.rpm", "arch": "s390x", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "0.9.2-2.4.7", "packageName": "devhelp", "packageFilename": "devhelp-0.9.2-2.4.7.ppc.rpm", "arch": "ppc", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.2.2", "packageName": "mozilla-devel", "packageFilename": "mozilla-devel-1.7.12-1.1.2.2.ia64.rpm", "arch": "ia64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.3.2", "packageName": "mozilla-js-debugger", "packageFilename": "mozilla-js-debugger-1.7.12-1.1.3.2.i386.rpm", "arch": "i386", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.3.2", "packageName": "mozilla-nss", "packageFilename": "mozilla-nss-1.7.12-1.1.3.2.ppc.rpm", "arch": "ppc", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.3.2", "packageName": "mozilla-nspr-devel", "packageFilename": "mozilla-nspr-devel-1.7.12-1.1.3.2.ppc.rpm", "arch": "ppc", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla", "packageFilename": "mozilla-1.7.12-1.4.1.i386.rpm", "arch": "i386", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.2.2", "packageName": "mozilla-nspr-devel", "packageFilename": "mozilla-nspr-devel-1.7.12-1.1.2.2.i386.rpm", "arch": "i386", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.2.2", "packageName": "mozilla-chat", "packageFilename": "mozilla-chat-1.7.12-1.1.2.2.i386.rpm", "arch": "i386", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-dom-inspector", "packageFilename": "mozilla-dom-inspector-1.7.12-1.4.1.x86_64.rpm", "arch": "x86_64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.3.2", "packageName": "mozilla-dom-inspector", "packageFilename": "mozilla-dom-inspector-1.7.12-1.1.3.2.x86_64.rpm", "arch": "x86_64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-nss-devel", "packageFilename": "mozilla-nss-devel-1.7.12-1.4.1.s390.rpm", "arch": "s390", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.2.2", "packageName": "mozilla", "packageFilename": "mozilla-1.7.12-1.1.2.2.ia64.rpm", "arch": "ia64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.3.2", "packageName": "mozilla-dom-inspector", "packageFilename": "mozilla-dom-inspector-1.7.12-1.1.3.2.s390.rpm", "arch": "s390", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.3.2", "packageName": "mozilla-chat", "packageFilename": "mozilla-chat-1.7.12-1.1.3.2.s390x.rpm", "arch": "s390x", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.3.2", "packageName": "mozilla", "packageFilename": "mozilla-1.7.12-1.1.3.2.ia64.rpm", "arch": "ia64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.3.2", "packageName": "mozilla-nspr-devel", "packageFilename": "mozilla-nspr-devel-1.7.12-1.1.3.2.x86_64.rpm", "arch": "x86_64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-chat", "packageFilename": "mozilla-chat-1.7.12-1.4.1.i386.rpm", "arch": "i386", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.3.2", "packageName": "mozilla-nss", "packageFilename": "mozilla-nss-1.7.12-1.1.3.2.s390x.rpm", "arch": "s390x", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.2.2", "packageName": "mozilla-nspr", "packageFilename": "mozilla-nspr-1.7.12-1.1.2.2.i386.rpm", "arch": "i386", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.3.2", "packageName": "mozilla-nspr", "packageFilename": "mozilla-nspr-1.7.12-1.1.3.2.ia64.rpm", "arch": "ia64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.3.2", "packageName": "mozilla-dom-inspector", "packageFilename": "mozilla-dom-inspector-1.7.12-1.1.3.2.ppc.rpm", "arch": "ppc", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-nspr", "packageFilename": "mozilla-nspr-1.7.12-1.4.1.i386.rpm", "arch": "i386", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.3.2", "packageName": "mozilla-nspr", "packageFilename": "mozilla-nspr-1.7.12-1.1.3.2.ppc.rpm", "arch": "ppc", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.3.2", "packageName": "mozilla-mail", "packageFilename": "mozilla-mail-1.7.12-1.1.3.2.x86_64.rpm", "arch": "x86_64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-devel", "packageFilename": "mozilla-devel-1.7.12-1.4.1.i386.rpm", "arch": "i386", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-nspr", "packageFilename": "mozilla-nspr-1.7.12-1.4.1.x86_64.rpm", "arch": "x86_64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.3.2", "packageName": "mozilla-nss", "packageFilename": "mozilla-nss-1.7.12-1.1.3.2.ia64.rpm", "arch": "ia64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-devel", "packageFilename": "mozilla-devel-1.7.12-1.4.1.s390x.rpm", "arch": "s390x", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-nspr-devel", "packageFilename": "mozilla-nspr-devel-1.7.12-1.4.1.s390x.rpm", "arch": "s390x", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-nss-devel", "packageFilename": "mozilla-nss-devel-1.7.12-1.4.1.s390x.rpm", "arch": "s390x", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-dom-inspector", "packageFilename": "mozilla-dom-inspector-1.7.12-1.4.1.ppc.rpm", "arch": "ppc", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-nss", "packageFilename": "mozilla-nss-1.7.12-1.4.1.ppc.rpm", "arch": "ppc", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.3.2", "packageName": "mozilla-nss", "packageFilename": "mozilla-nss-1.7.12-1.1.3.2.x86_64.rpm", "arch": "x86_64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.3.2", "packageName": "mozilla-nss-devel", "packageFilename": "mozilla-nss-devel-1.7.12-1.1.3.2.s390.rpm", "arch": "s390", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.3.2", "packageName": "mozilla-nss-devel", "packageFilename": "mozilla-nss-devel-1.7.12-1.1.3.2.i386.rpm", "arch": "i386", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.3.2", "packageName": "mozilla-nspr-devel", "packageFilename": "mozilla-nspr-devel-1.7.12-1.1.3.2.s390x.rpm", "arch": "s390x", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.2.2", "packageName": "mozilla-mail", "packageFilename": "mozilla-mail-1.7.12-1.1.2.2.i386.rpm", "arch": "i386", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.3.2", "packageName": "mozilla-nspr-devel", "packageFilename": "mozilla-nspr-devel-1.7.12-1.1.3.2.s390.rpm", "arch": "s390", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.3.2", "packageName": "mozilla-nspr", "packageFilename": "mozilla-nspr-1.7.12-1.1.3.2.x86_64.rpm", "arch": "x86_64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.2.2", "packageName": "mozilla-nspr", "packageFilename": "mozilla-nspr-1.7.12-1.1.2.2.ia64.rpm", "arch": "ia64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.3.2", "packageName": "mozilla-devel", "packageFilename": "mozilla-devel-1.7.12-1.1.3.2.s390x.rpm", "arch": "s390x", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-mail", "packageFilename": "mozilla-mail-1.7.12-1.4.1.ia64.rpm", "arch": "ia64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.3.2", "packageName": "mozilla", "packageFilename": "mozilla-1.7.12-1.1.3.2.i386.rpm", "arch": "i386", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.2.2", "packageName": "mozilla-nss-devel", "packageFilename": "mozilla-nss-devel-1.7.12-1.1.2.2.ia64.rpm", "arch": "ia64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.3.2", "packageName": "mozilla-mail", "packageFilename": "mozilla-mail-1.7.12-1.1.3.2.i386.rpm", "arch": "i386", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.3.2", "packageName": "mozilla-devel", "packageFilename": "mozilla-devel-1.7.12-1.1.3.2.ia64.rpm", "arch": "ia64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-nss", "packageFilename": "mozilla-nss-1.7.12-1.4.1.x86_64.rpm", "arch": "x86_64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.3.2", "packageName": "mozilla-nss-devel", "packageFilename": "mozilla-nss-devel-1.7.12-1.1.3.2.ia64.rpm", "arch": "ia64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.3.2", "packageName": "mozilla-mail", "packageFilename": "mozilla-mail-1.7.12-1.1.3.2.ia64.rpm", "arch": "ia64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.3.2", "packageName": "mozilla-dom-inspector", "packageFilename": "mozilla-dom-inspector-1.7.12-1.1.3.2.ia64.rpm", "arch": "ia64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-js-debugger", "packageFilename": "mozilla-js-debugger-1.7.12-1.4.1.x86_64.rpm", "arch": "x86_64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.3.2", "packageName": "mozilla-js-debugger", "packageFilename": "mozilla-js-debugger-1.7.12-1.1.3.2.x86_64.rpm", "arch": "x86_64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.2.14-1.2.7", "packageName": "galeon", "packageFilename": "galeon-1.2.14-1.2.7.ia64.rpm", "arch": "ia64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla", "packageFilename": "mozilla-1.7.12-1.4.1.ppc.rpm", "arch": "ppc", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.3.2", "packageName": "mozilla-js-debugger", "packageFilename": "mozilla-js-debugger-1.7.12-1.1.3.2.s390x.rpm", "arch": "s390x", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-nss-devel", "packageFilename": "mozilla-nss-devel-1.7.12-1.4.1.i386.rpm", "arch": "i386", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-nss", "packageFilename": "mozilla-nss-1.7.12-1.4.1.i386.rpm", "arch": "i386", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-nspr", "packageFilename": "mozilla-nspr-1.7.12-1.4.1.ppc.rpm", "arch": "ppc", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.3.2", "packageName": "mozilla-devel", "packageFilename": "mozilla-devel-1.7.12-1.1.3.2.x86_64.rpm", "arch": "x86_64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.3.2", "packageName": "mozilla", "packageFilename": "mozilla-1.7.12-1.1.3.2.s390x.rpm", "arch": "s390x", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.3.2", "packageName": "mozilla-mail", "packageFilename": "mozilla-mail-1.7.12-1.1.3.2.s390x.rpm", "arch": "s390x", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.3.2", "packageName": "mozilla-nss", "packageFilename": "mozilla-nss-1.7.12-1.1.3.2.i386.rpm", "arch": "i386", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-nss-devel", "packageFilename": "mozilla-nss-devel-1.7.12-1.4.1.x86_64.rpm", "arch": "x86_64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.3.2", "packageName": "mozilla", "packageFilename": "mozilla-1.7.12-1.1.3.2.x86_64.rpm", "arch": "x86_64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.3.2", "packageName": "mozilla-nspr", "packageFilename": "mozilla-nspr-1.7.12-1.1.3.2.i386.rpm", "arch": "i386", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.2.2", "packageName": "mozilla", "packageFilename": "mozilla-1.7.12-1.1.2.2.i386.rpm", "arch": "i386", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-devel", "packageFilename": "mozilla-devel-1.7.12-1.4.1.s390.rpm", "arch": "s390", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-js-debugger", "packageFilename": "mozilla-js-debugger-1.7.12-1.4.1.s390.rpm", "arch": "s390", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-js-debugger", "packageFilename": "mozilla-js-debugger-1.7.12-1.4.1.s390x.rpm", "arch": "s390x", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-dom-inspector", "packageFilename": "mozilla-dom-inspector-1.7.12-1.4.1.i386.rpm", "arch": "i386", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-chat", "packageFilename": "mozilla-chat-1.7.12-1.4.1.ia64.rpm", "arch": "ia64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.3.2", "packageName": "mozilla-nspr-devel", "packageFilename": "mozilla-nspr-devel-1.7.12-1.1.3.2.i386.rpm", "arch": "i386", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-nspr-devel", "packageFilename": "mozilla-nspr-devel-1.7.12-1.4.1.ia64.rpm", "arch": "ia64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-dom-inspector", "packageFilename": "mozilla-dom-inspector-1.7.12-1.4.1.s390.rpm", "arch": "s390", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla", "packageFilename": "mozilla-1.7.12-1.4.1.ia64.rpm", "arch": "ia64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.2.2", "packageName": "mozilla-nspr-devel", "packageFilename": "mozilla-nspr-devel-1.7.12-1.1.2.2.ia64.rpm", "arch": "ia64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.2.2", "packageName": "mozilla-js-debugger", "packageFilename": "mozilla-js-debugger-1.7.12-1.1.2.2.ia64.rpm", "arch": "ia64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.2.14-1.2.7", "packageName": "galeon", "packageFilename": "galeon-1.2.14-1.2.7.i386.rpm", "arch": "i386", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.3.2", "packageName": "mozilla-devel", "packageFilename": "mozilla-devel-1.7.12-1.1.3.2.i386.rpm", "arch": "i386", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-nspr-devel", "packageFilename": "mozilla-nspr-devel-1.7.12-1.4.1.s390.rpm", "arch": "s390", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla", "packageFilename": "mozilla-1.7.12-1.4.1.s390.rpm", "arch": "s390", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.3.2", "packageName": "mozilla-devel", "packageFilename": "mozilla-devel-1.7.12-1.1.3.2.ppc.rpm", "arch": "ppc", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.3.2", "packageName": "mozilla-nss-devel", "packageFilename": "mozilla-nss-devel-1.7.12-1.1.3.2.x86_64.rpm", "arch": "x86_64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-nss-devel", "packageFilename": "mozilla-nss-devel-1.7.12-1.4.1.ppc.rpm", "arch": "ppc", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-nss-devel", "packageFilename": "mozilla-nss-devel-1.7.12-1.4.1.ia64.rpm", "arch": "ia64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "0.9.2-2.4.7", "packageName": "devhelp-devel", "packageFilename": "devhelp-devel-0.9.2-2.4.7.i386.rpm", "arch": "i386", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-devel", "packageFilename": "mozilla-devel-1.7.12-1.4.1.ppc.rpm", "arch": "ppc", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-mail", "packageFilename": "mozilla-mail-1.7.12-1.4.1.s390x.rpm", "arch": "s390x", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-nspr", "packageFilename": "mozilla-nspr-1.7.12-1.4.1.s390x.rpm", "arch": "s390x", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-chat", "packageFilename": "mozilla-chat-1.7.12-1.4.1.s390x.rpm", "arch": "s390x", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.2.2", "packageName": "mozilla-nss", "packageFilename": "mozilla-nss-1.7.12-1.1.2.2.i386.rpm", "arch": "i386", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.3.2", "packageName": "mozilla-nspr-devel", "packageFilename": "mozilla-nspr-devel-1.7.12-1.1.3.2.ia64.rpm", "arch": "ia64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-nspr", "packageFilename": "mozilla-nspr-1.7.12-1.4.1.s390.rpm", "arch": "s390", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.2.2", "packageName": "mozilla-js-debugger", "packageFilename": "mozilla-js-debugger-1.7.12-1.1.2.2.i386.rpm", "arch": "i386", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-nspr", "packageFilename": "mozilla-nspr-1.7.12-1.4.1.ia64.rpm", "arch": "ia64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-js-debugger", "packageFilename": "mozilla-js-debugger-1.7.12-1.4.1.ia64.rpm", "arch": "ia64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-chat", "packageFilename": "mozilla-chat-1.7.12-1.4.1.x86_64.rpm", "arch": "x86_64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-devel", "packageFilename": "mozilla-devel-1.7.12-1.4.1.ia64.rpm", "arch": "ia64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-nspr-devel", "packageFilename": "mozilla-nspr-devel-1.7.12-1.4.1.ppc.rpm", "arch": "ppc", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "0.9.2-2.4.7", "packageName": "devhelp-devel", "packageFilename": "devhelp-devel-0.9.2-2.4.7.ppc.rpm", "arch": "ppc", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "0.9.2-2.4.7", "packageName": "devhelp", "packageFilename": "devhelp-0.9.2-2.4.7.x86_64.rpm", "arch": "x86_64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-mail", "packageFilename": "mozilla-mail-1.7.12-1.4.1.i386.rpm", "arch": "i386", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.3.2", "packageName": "mozilla", "packageFilename": "mozilla-1.7.12-1.1.3.2.s390.rpm", "arch": "s390", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.3.2", "packageName": "mozilla-chat", "packageFilename": "mozilla-chat-1.7.12-1.1.3.2.x86_64.rpm", "arch": "x86_64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.3.2", "packageName": "mozilla-nss-devel", "packageFilename": "mozilla-nss-devel-1.7.12-1.1.3.2.ppc.rpm", "arch": "ppc", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-js-debugger", "packageFilename": "mozilla-js-debugger-1.7.12-1.4.1.i386.rpm", "arch": "i386", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.3.2", "packageName": "mozilla-devel", "packageFilename": "mozilla-devel-1.7.12-1.1.3.2.s390.rpm", "arch": "s390", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.3.2", "packageName": "mozilla-mail", "packageFilename": "mozilla-mail-1.7.12-1.1.3.2.s390.rpm", "arch": "s390", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.3.2", "packageName": "mozilla-chat", "packageFilename": "mozilla-chat-1.7.12-1.1.3.2.i386.rpm", "arch": "i386", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.3.2", "packageName": "mozilla-js-debugger", "packageFilename": "mozilla-js-debugger-1.7.12-1.1.3.2.ppc.rpm", "arch": "ppc", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.3.2", "packageName": "mozilla-nspr", "packageFilename": "mozilla-nspr-1.7.12-1.1.3.2.s390x.rpm", "arch": "s390x", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-dom-inspector", "packageFilename": "mozilla-dom-inspector-1.7.12-1.4.1.ia64.rpm", "arch": "ia64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-nss", "packageFilename": "mozilla-nss-1.7.12-1.4.1.ia64.rpm", "arch": "ia64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.3.2", "packageName": "mozilla-chat", "packageFilename": "mozilla-chat-1.7.12-1.1.3.2.ia64.rpm", "arch": "ia64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla", "packageFilename": "mozilla-1.7.12-1.4.1.x86_64.rpm", "arch": "x86_64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}]}, "lastseen": "2018-02-18T08:25:13", "differentElements": ["modified"], "edition": 5}, {"bulletin": {"id": "RHSA-2005:789", "hash": "4459bc1065e9c60f0de3c9a54e23a946", "type": "redhat", "bulletinFamily": "unix", "title": "(RHSA-2005:789) mozilla security update", "description": "Mozilla is an open source Web browser, advanced email and newsgroup client,\r\nIRC chat client, and HTML editor.\r\n\r\nA bug was found in the way Mozilla processes XBM image files. If a user\r\nviews a specially crafted XBM file, it becomes possible to execute\r\narbitrary code as the user running Mozilla. The Common Vulnerabilities and\r\nExposures project (cve.mitre.org) has assigned the name CAN-2005-2701 to\r\nthis issue.\r\n\r\nA bug was found in the way Mozilla processes certain Unicode\r\nsequences. It may be possible to execute arbitrary code as the user running\r\nMozilla, if the user views a specially crafted Unicode sequence.\r\n(CAN-2005-2702)\r\n\r\nA bug was found in the way Mozilla makes XMLHttp requests. It is possible\r\nthat a malicious web page could leverage this flaw to exploit other proxy\r\nor server flaws from the victim's machine. It is also possible that this\r\nflaw could be leveraged to send XMLHttp requests to hosts other than the\r\noriginator; the default behavior of the browser is to disallow this.\r\n(CAN-2005-2703)\r\n\r\nA bug was found in the way Mozilla implemented its XBL interface. It may be\r\npossible for a malicious web page to create an XBL binding in a way\r\nthat would allow arbitrary JavaScript execution with chrome permissions.\r\nPlease note that in Mozilla 1.7.10 this issue is not directly exploitable\r\nand would need to leverage other unknown exploits. (CAN-2005-2704)\r\n\r\nAn integer overflow bug was found in Mozilla's JavaScript engine. Under\r\nfavorable conditions, it may be possible for a malicious web page to\r\nexecute arbitrary code as the user running Mozilla. (CAN-2005-2705)\r\n\r\nA bug was found in the way Mozilla displays about: pages. It is possible\r\nfor a malicious web page to open an about: page, such as about:mozilla, in\r\nsuch a way that it becomes possible to execute JavaScript with chrome\r\nprivileges. (CAN-2005-2706)\r\n\r\nA bug was found in the way Mozilla opens new windows. It is possible for a\r\nmalicious web site to construct a new window without any user interface\r\ncomponents, such as the address bar and the status bar. This window could\r\nthen be used to mislead the user for malicious purposes. (CAN-2005-2707)\r\n\r\nUsers of Mozilla are advised to upgrade to this updated package that\r\ncontains Mozilla version 1.7.12 and is not vulnerable to these issues.", "published": "2005-09-22T04:00:00", "modified": "2018-03-14T19:27:09", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://access.redhat.com/errata/RHSA-2005:789", "reporter": "RedHat", "references": [], "cvelist": ["CVE-2005-2701", "CVE-2005-2702", "CVE-2005-2703", "CVE-2005-2704", "CVE-2005-2705", "CVE-2005-2706", "CVE-2005-2707", "CVE-2005-3089"], "lastseen": "2018-03-28T01:01:04", "history": [], "viewCount": 0, "enchantments": {"score": {"value": 6.8, "vector": "NONE"}}, "objectVersion": "1.4", "affectedPackage": [{"packageVersion": "1.7.12-1.1.3.2", "packageName": "mozilla-chat", "packageFilename": "mozilla-chat-1.7.12-1.1.3.2.s390.rpm", "arch": "s390", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.3.2", "packageName": "mozilla-js-debugger", "packageFilename": "mozilla-js-debugger-1.7.12-1.1.3.2.ia64.rpm", "arch": "ia64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.2.2", "packageName": "mozilla-dom-inspector", "packageFilename": "mozilla-dom-inspector-1.7.12-1.1.2.2.i386.rpm", "arch": "i386", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-dom-inspector", "packageFilename": "mozilla-dom-inspector-1.7.12-1.4.1.s390x.rpm", "arch": "s390x", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-mail", "packageFilename": "mozilla-mail-1.7.12-1.4.1.s390.rpm", "arch": "s390", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-nss", "packageFilename": "mozilla-nss-1.7.12-1.4.1.s390x.rpm", "arch": "s390x", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-chat", "packageFilename": "mozilla-chat-1.7.12-1.4.1.s390.rpm", "arch": "s390", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-chat", "packageFilename": "mozilla-chat-1.7.12-1.4.1.ppc.rpm", "arch": "ppc", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.3.2", "packageName": "mozilla-chat", "packageFilename": "mozilla-chat-1.7.12-1.1.3.2.ppc.rpm", "arch": "ppc", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.2.2", "packageName": "mozilla-chat", "packageFilename": "mozilla-chat-1.7.12-1.1.2.2.ia64.rpm", "arch": "ia64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.2.2", "packageName": "mozilla-devel", "packageFilename": "mozilla-devel-1.7.12-1.1.2.2.i386.rpm", "arch": "i386", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-nss", "packageFilename": "mozilla-nss-1.7.12-1.4.1.s390.rpm", "arch": "s390", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.3.2", "packageName": "mozilla-dom-inspector", "packageFilename": "mozilla-dom-inspector-1.7.12-1.1.3.2.i386.rpm", "arch": "i386", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.3.2", "packageName": "mozilla-nspr", "packageFilename": "mozilla-nspr-1.7.12-1.1.3.2.s390.rpm", "arch": "s390", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.3.2", "packageName": "mozilla-mail", "packageFilename": "mozilla-mail-1.7.12-1.1.3.2.ppc.rpm", "arch": "ppc", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "0.9.2-2.4.7", "packageName": "devhelp-devel", "packageFilename": "devhelp-devel-0.9.2-2.4.7.x86_64.rpm", "arch": "x86_64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.2.2", "packageName": "mozilla-dom-inspector", "packageFilename": "mozilla-dom-inspector-1.7.12-1.1.2.2.ia64.rpm", "arch": "ia64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.2.2", "packageName": "mozilla-nss", "packageFilename": "mozilla-nss-1.7.12-1.1.2.2.ia64.rpm", "arch": "ia64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.2.2", "packageName": "mozilla-nss-devel", "packageFilename": "mozilla-nss-devel-1.7.12-1.1.2.2.i386.rpm", "arch": "i386", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.3.2", "packageName": "mozilla-dom-inspector", "packageFilename": "mozilla-dom-inspector-1.7.12-1.1.3.2.s390x.rpm", "arch": "s390x", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.3.2", "packageName": "mozilla", "packageFilename": "mozilla-1.7.12-1.1.3.2.ppc.rpm", "arch": "ppc", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-nspr-devel", "packageFilename": "mozilla-nspr-devel-1.7.12-1.4.1.i386.rpm", "arch": "i386", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-mail", "packageFilename": "mozilla-mail-1.7.12-1.4.1.ppc.rpm", "arch": "ppc", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-nspr-devel", "packageFilename": "mozilla-nspr-devel-1.7.12-1.4.1.x86_64.rpm", "arch": "x86_64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.3.2", "packageName": "mozilla-js-debugger", "packageFilename": "mozilla-js-debugger-1.7.12-1.1.3.2.s390.rpm", "arch": "s390", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-devel", "packageFilename": "mozilla-devel-1.7.12-1.4.1.x86_64.rpm", "arch": "x86_64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.2.2", "packageName": "mozilla-mail", "packageFilename": "mozilla-mail-1.7.12-1.1.2.2.ia64.rpm", "arch": "ia64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.3.2", "packageName": "mozilla-nss", "packageFilename": "mozilla-nss-1.7.12-1.1.3.2.s390.rpm", "arch": "s390", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.3.2", "packageName": "mozilla-nss-devel", "packageFilename": "mozilla-nss-devel-1.7.12-1.1.3.2.s390x.rpm", "arch": "s390x", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-mail", "packageFilename": "mozilla-mail-1.7.12-1.4.1.x86_64.rpm", "arch": "x86_64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-js-debugger", "packageFilename": "mozilla-js-debugger-1.7.12-1.4.1.ppc.rpm", "arch": "ppc", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "0.9.2-2.4.7", "packageName": "devhelp", "packageFilename": "devhelp-0.9.2-2.4.7.i386.rpm", "arch": "i386", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla", "packageFilename": "mozilla-1.7.12-1.4.1.s390x.rpm", "arch": "s390x", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "0.9.2-2.4.7", "packageName": "devhelp", "packageFilename": "devhelp-0.9.2-2.4.7.ppc.rpm", "arch": "ppc", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.2.2", "packageName": "mozilla-devel", "packageFilename": "mozilla-devel-1.7.12-1.1.2.2.ia64.rpm", "arch": "ia64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.3.2", "packageName": "mozilla-js-debugger", "packageFilename": "mozilla-js-debugger-1.7.12-1.1.3.2.i386.rpm", "arch": "i386", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.3.2", "packageName": "mozilla-nss", "packageFilename": "mozilla-nss-1.7.12-1.1.3.2.ppc.rpm", "arch": "ppc", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.3.2", "packageName": "mozilla-nspr-devel", "packageFilename": "mozilla-nspr-devel-1.7.12-1.1.3.2.ppc.rpm", "arch": "ppc", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla", "packageFilename": "mozilla-1.7.12-1.4.1.i386.rpm", "arch": "i386", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.2.2", "packageName": "mozilla-nspr-devel", "packageFilename": "mozilla-nspr-devel-1.7.12-1.1.2.2.i386.rpm", "arch": "i386", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.2.2", "packageName": "mozilla-chat", "packageFilename": "mozilla-chat-1.7.12-1.1.2.2.i386.rpm", "arch": "i386", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-dom-inspector", "packageFilename": "mozilla-dom-inspector-1.7.12-1.4.1.x86_64.rpm", "arch": "x86_64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.3.2", "packageName": "mozilla-dom-inspector", "packageFilename": "mozilla-dom-inspector-1.7.12-1.1.3.2.x86_64.rpm", "arch": "x86_64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-nss-devel", "packageFilename": "mozilla-nss-devel-1.7.12-1.4.1.s390.rpm", "arch": "s390", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.2.2", "packageName": "mozilla", "packageFilename": "mozilla-1.7.12-1.1.2.2.ia64.rpm", "arch": "ia64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.3.2", "packageName": "mozilla-dom-inspector", "packageFilename": "mozilla-dom-inspector-1.7.12-1.1.3.2.s390.rpm", "arch": "s390", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.3.2", "packageName": "mozilla-chat", "packageFilename": "mozilla-chat-1.7.12-1.1.3.2.s390x.rpm", "arch": "s390x", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.3.2", "packageName": "mozilla", "packageFilename": "mozilla-1.7.12-1.1.3.2.ia64.rpm", "arch": "ia64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.3.2", "packageName": "mozilla-nspr-devel", "packageFilename": "mozilla-nspr-devel-1.7.12-1.1.3.2.x86_64.rpm", "arch": "x86_64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-chat", "packageFilename": "mozilla-chat-1.7.12-1.4.1.i386.rpm", "arch": "i386", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.3.2", "packageName": "mozilla-nss", "packageFilename": "mozilla-nss-1.7.12-1.1.3.2.s390x.rpm", "arch": "s390x", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.2.2", "packageName": "mozilla-nspr", "packageFilename": "mozilla-nspr-1.7.12-1.1.2.2.i386.rpm", "arch": "i386", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.3.2", "packageName": "mozilla-nspr", "packageFilename": "mozilla-nspr-1.7.12-1.1.3.2.ia64.rpm", "arch": "ia64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.3.2", "packageName": "mozilla-dom-inspector", "packageFilename": "mozilla-dom-inspector-1.7.12-1.1.3.2.ppc.rpm", "arch": "ppc", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-nspr", "packageFilename": "mozilla-nspr-1.7.12-1.4.1.i386.rpm", "arch": "i386", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.3.2", "packageName": "mozilla-nspr", "packageFilename": "mozilla-nspr-1.7.12-1.1.3.2.ppc.rpm", "arch": "ppc", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.3.2", "packageName": "mozilla-mail", "packageFilename": "mozilla-mail-1.7.12-1.1.3.2.x86_64.rpm", "arch": "x86_64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-devel", "packageFilename": "mozilla-devel-1.7.12-1.4.1.i386.rpm", "arch": "i386", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-nspr", "packageFilename": "mozilla-nspr-1.7.12-1.4.1.x86_64.rpm", "arch": "x86_64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.3.2", "packageName": "mozilla-nss", "packageFilename": "mozilla-nss-1.7.12-1.1.3.2.ia64.rpm", "arch": "ia64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-devel", "packageFilename": "mozilla-devel-1.7.12-1.4.1.s390x.rpm", "arch": "s390x", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-nspr-devel", "packageFilename": "mozilla-nspr-devel-1.7.12-1.4.1.s390x.rpm", "arch": "s390x", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-nss-devel", "packageFilename": "mozilla-nss-devel-1.7.12-1.4.1.s390x.rpm", "arch": "s390x", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-dom-inspector", "packageFilename": "mozilla-dom-inspector-1.7.12-1.4.1.ppc.rpm", "arch": "ppc", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-nss", "packageFilename": "mozilla-nss-1.7.12-1.4.1.ppc.rpm", "arch": "ppc", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.3.2", "packageName": "mozilla-nss", "packageFilename": "mozilla-nss-1.7.12-1.1.3.2.x86_64.rpm", "arch": "x86_64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.3.2", "packageName": "mozilla-nss-devel", "packageFilename": "mozilla-nss-devel-1.7.12-1.1.3.2.s390.rpm", "arch": "s390", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.3.2", "packageName": "mozilla-nss-devel", "packageFilename": "mozilla-nss-devel-1.7.12-1.1.3.2.i386.rpm", "arch": "i386", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.3.2", "packageName": "mozilla-nspr-devel", "packageFilename": "mozilla-nspr-devel-1.7.12-1.1.3.2.s390x.rpm", "arch": "s390x", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.2.2", "packageName": "mozilla-mail", "packageFilename": "mozilla-mail-1.7.12-1.1.2.2.i386.rpm", "arch": "i386", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.3.2", "packageName": "mozilla-nspr-devel", "packageFilename": "mozilla-nspr-devel-1.7.12-1.1.3.2.s390.rpm", "arch": "s390", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.3.2", "packageName": "mozilla-nspr", "packageFilename": "mozilla-nspr-1.7.12-1.1.3.2.x86_64.rpm", "arch": "x86_64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.2.2", "packageName": "mozilla-nspr", "packageFilename": "mozilla-nspr-1.7.12-1.1.2.2.ia64.rpm", "arch": "ia64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.3.2", "packageName": "mozilla-devel", "packageFilename": "mozilla-devel-1.7.12-1.1.3.2.s390x.rpm", "arch": "s390x", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-mail", "packageFilename": "mozilla-mail-1.7.12-1.4.1.ia64.rpm", "arch": "ia64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.3.2", "packageName": "mozilla", "packageFilename": "mozilla-1.7.12-1.1.3.2.i386.rpm", "arch": "i386", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.2.2", "packageName": "mozilla-nss-devel", "packageFilename": "mozilla-nss-devel-1.7.12-1.1.2.2.ia64.rpm", "arch": "ia64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.3.2", "packageName": "mozilla-mail", "packageFilename": "mozilla-mail-1.7.12-1.1.3.2.i386.rpm", "arch": "i386", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.3.2", "packageName": "mozilla-devel", "packageFilename": "mozilla-devel-1.7.12-1.1.3.2.ia64.rpm", "arch": "ia64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-nss", "packageFilename": "mozilla-nss-1.7.12-1.4.1.x86_64.rpm", "arch": "x86_64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.3.2", "packageName": "mozilla-nss-devel", "packageFilename": "mozilla-nss-devel-1.7.12-1.1.3.2.ia64.rpm", "arch": "ia64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.3.2", "packageName": "mozilla-mail", "packageFilename": "mozilla-mail-1.7.12-1.1.3.2.ia64.rpm", "arch": "ia64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.3.2", "packageName": "mozilla-dom-inspector", "packageFilename": "mozilla-dom-inspector-1.7.12-1.1.3.2.ia64.rpm", "arch": "ia64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-js-debugger", "packageFilename": "mozilla-js-debugger-1.7.12-1.4.1.x86_64.rpm", "arch": "x86_64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.3.2", "packageName": "mozilla-js-debugger", "packageFilename": "mozilla-js-debugger-1.7.12-1.1.3.2.x86_64.rpm", "arch": "x86_64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.2.14-1.2.7", "packageName": "galeon", "packageFilename": "galeon-1.2.14-1.2.7.ia64.rpm", "arch": "ia64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla", "packageFilename": "mozilla-1.7.12-1.4.1.ppc.rpm", "arch": "ppc", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.3.2", "packageName": "mozilla-js-debugger", "packageFilename": "mozilla-js-debugger-1.7.12-1.1.3.2.s390x.rpm", "arch": "s390x", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-nss-devel", "packageFilename": "mozilla-nss-devel-1.7.12-1.4.1.i386.rpm", "arch": "i386", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-nss", "packageFilename": "mozilla-nss-1.7.12-1.4.1.i386.rpm", "arch": "i386", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-nspr", "packageFilename": "mozilla-nspr-1.7.12-1.4.1.ppc.rpm", "arch": "ppc", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.3.2", "packageName": "mozilla-devel", "packageFilename": "mozilla-devel-1.7.12-1.1.3.2.x86_64.rpm", "arch": "x86_64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.3.2", "packageName": "mozilla", "packageFilename": "mozilla-1.7.12-1.1.3.2.s390x.rpm", "arch": "s390x", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.3.2", "packageName": "mozilla-mail", "packageFilename": "mozilla-mail-1.7.12-1.1.3.2.s390x.rpm", "arch": "s390x", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.3.2", "packageName": "mozilla-nss", "packageFilename": "mozilla-nss-1.7.12-1.1.3.2.i386.rpm", "arch": "i386", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-nss-devel", "packageFilename": "mozilla-nss-devel-1.7.12-1.4.1.x86_64.rpm", "arch": "x86_64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.3.2", "packageName": "mozilla", "packageFilename": "mozilla-1.7.12-1.1.3.2.x86_64.rpm", "arch": "x86_64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.3.2", "packageName": "mozilla-nspr", "packageFilename": "mozilla-nspr-1.7.12-1.1.3.2.i386.rpm", "arch": "i386", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.2.2", "packageName": "mozilla", "packageFilename": "mozilla-1.7.12-1.1.2.2.i386.rpm", "arch": "i386", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-devel", "packageFilename": "mozilla-devel-1.7.12-1.4.1.s390.rpm", "arch": "s390", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-js-debugger", "packageFilename": "mozilla-js-debugger-1.7.12-1.4.1.s390.rpm", "arch": "s390", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-js-debugger", "packageFilename": "mozilla-js-debugger-1.7.12-1.4.1.s390x.rpm", "arch": "s390x", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-dom-inspector", "packageFilename": "mozilla-dom-inspector-1.7.12-1.4.1.i386.rpm", "arch": "i386", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-chat", "packageFilename": "mozilla-chat-1.7.12-1.4.1.ia64.rpm", "arch": "ia64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.3.2", "packageName": "mozilla-nspr-devel", "packageFilename": "mozilla-nspr-devel-1.7.12-1.1.3.2.i386.rpm", "arch": "i386", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-nspr-devel", "packageFilename": "mozilla-nspr-devel-1.7.12-1.4.1.ia64.rpm", "arch": "ia64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-dom-inspector", "packageFilename": "mozilla-dom-inspector-1.7.12-1.4.1.s390.rpm", "arch": "s390", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla", "packageFilename": "mozilla-1.7.12-1.4.1.ia64.rpm", "arch": "ia64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.2.2", "packageName": "mozilla-nspr-devel", "packageFilename": "mozilla-nspr-devel-1.7.12-1.1.2.2.ia64.rpm", "arch": "ia64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.2.2", "packageName": "mozilla-js-debugger", "packageFilename": "mozilla-js-debugger-1.7.12-1.1.2.2.ia64.rpm", "arch": "ia64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.2.14-1.2.7", "packageName": "galeon", "packageFilename": "galeon-1.2.14-1.2.7.i386.rpm", "arch": "i386", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.3.2", "packageName": "mozilla-devel", "packageFilename": "mozilla-devel-1.7.12-1.1.3.2.i386.rpm", "arch": "i386", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-nspr-devel", "packageFilename": "mozilla-nspr-devel-1.7.12-1.4.1.s390.rpm", "arch": "s390", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla", "packageFilename": "mozilla-1.7.12-1.4.1.s390.rpm", "arch": "s390", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.3.2", "packageName": "mozilla-devel", "packageFilename": "mozilla-devel-1.7.12-1.1.3.2.ppc.rpm", "arch": "ppc", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.3.2", "packageName": "mozilla-nss-devel", "packageFilename": "mozilla-nss-devel-1.7.12-1.1.3.2.x86_64.rpm", "arch": "x86_64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-nss-devel", "packageFilename": "mozilla-nss-devel-1.7.12-1.4.1.ppc.rpm", "arch": "ppc", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-nss-devel", "packageFilename": "mozilla-nss-devel-1.7.12-1.4.1.ia64.rpm", "arch": "ia64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "0.9.2-2.4.7", "packageName": "devhelp-devel", "packageFilename": "devhelp-devel-0.9.2-2.4.7.i386.rpm", "arch": "i386", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-devel", "packageFilename": "mozilla-devel-1.7.12-1.4.1.ppc.rpm", "arch": "ppc", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-mail", "packageFilename": "mozilla-mail-1.7.12-1.4.1.s390x.rpm", "arch": "s390x", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-nspr", "packageFilename": "mozilla-nspr-1.7.12-1.4.1.s390x.rpm", "arch": "s390x", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-chat", "packageFilename": "mozilla-chat-1.7.12-1.4.1.s390x.rpm", "arch": "s390x", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.2.2", "packageName": "mozilla-nss", "packageFilename": "mozilla-nss-1.7.12-1.1.2.2.i386.rpm", "arch": "i386", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.3.2", "packageName": "mozilla-nspr-devel", "packageFilename": "mozilla-nspr-devel-1.7.12-1.1.3.2.ia64.rpm", "arch": "ia64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-nspr", "packageFilename": "mozilla-nspr-1.7.12-1.4.1.s390.rpm", "arch": "s390", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.2.2", "packageName": "mozilla-js-debugger", "packageFilename": "mozilla-js-debugger-1.7.12-1.1.2.2.i386.rpm", "arch": "i386", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-nspr", "packageFilename": "mozilla-nspr-1.7.12-1.4.1.ia64.rpm", "arch": "ia64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-js-debugger", "packageFilename": "mozilla-js-debugger-1.7.12-1.4.1.ia64.rpm", "arch": "ia64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-chat", "packageFilename": "mozilla-chat-1.7.12-1.4.1.x86_64.rpm", "arch": "x86_64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-devel", "packageFilename": "mozilla-devel-1.7.12-1.4.1.ia64.rpm", "arch": "ia64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-nspr-devel", "packageFilename": "mozilla-nspr-devel-1.7.12-1.4.1.ppc.rpm", "arch": "ppc", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "0.9.2-2.4.7", "packageName": "devhelp-devel", "packageFilename": "devhelp-devel-0.9.2-2.4.7.ppc.rpm", "arch": "ppc", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "0.9.2-2.4.7", "packageName": "devhelp", "packageFilename": "devhelp-0.9.2-2.4.7.x86_64.rpm", "arch": "x86_64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-mail", "packageFilename": "mozilla-mail-1.7.12-1.4.1.i386.rpm", "arch": "i386", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.3.2", "packageName": "mozilla", "packageFilename": "mozilla-1.7.12-1.1.3.2.s390.rpm", "arch": "s390", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.3.2", "packageName": "mozilla-chat", "packageFilename": "mozilla-chat-1.7.12-1.1.3.2.x86_64.rpm", "arch": "x86_64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.3.2", "packageName": "mozilla-nss-devel", "packageFilename": "mozilla-nss-devel-1.7.12-1.1.3.2.ppc.rpm", "arch": "ppc", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-js-debugger", "packageFilename": "mozilla-js-debugger-1.7.12-1.4.1.i386.rpm", "arch": "i386", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.3.2", "packageName": "mozilla-devel", "packageFilename": "mozilla-devel-1.7.12-1.1.3.2.s390.rpm", "arch": "s390", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.3.2", "packageName": "mozilla-mail", "packageFilename": "mozilla-mail-1.7.12-1.1.3.2.s390.rpm", "arch": "s390", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.3.2", "packageName": "mozilla-chat", "packageFilename": "mozilla-chat-1.7.12-1.1.3.2.i386.rpm", "arch": "i386", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.3.2", "packageName": "mozilla-js-debugger", "packageFilename": "mozilla-js-debugger-1.7.12-1.1.3.2.ppc.rpm", "arch": "ppc", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.3.2", "packageName": "mozilla-nspr", "packageFilename": "mozilla-nspr-1.7.12-1.1.3.2.s390x.rpm", "arch": "s390x", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-dom-inspector", "packageFilename": "mozilla-dom-inspector-1.7.12-1.4.1.ia64.rpm", "arch": "ia64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla-nss", "packageFilename": "mozilla-nss-1.7.12-1.4.1.ia64.rpm", "arch": "ia64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.1.3.2", "packageName": "mozilla-chat", "packageFilename": "mozilla-chat-1.7.12-1.1.3.2.ia64.rpm", "arch": "ia64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.7.12-1.4.1", "packageName": "mozilla", "packageFilename": "mozilla-1.7.12-1.4.1.x86_64.rpm", "arch": "x86_64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}]}, "lastseen": "2018-03-28T01:01:04", "differentElements": ["affectedPackage", "cvelist"], "edition": 6}, {"bulletin": {"id": "RHSA-2005:789", "hash": "f7f7a921a18174e273e7efefbe6b1178", "type": "redhat", "bulletinFamily": "unix", "title": "(RHSA-2005:789) mozilla security update", "description": "Mozilla is an open source Web browser, advanced email and newsgroup client,\r\nIRC chat client, and HTML editor.\r\n\r\nA bug was found in the way Mozilla processes XBM image files. If a user\r\nviews a specially crafted XBM file, it becomes possible to execute\r\narbitrary code as the user running Mozilla. The Common Vulnerabilities and\r\nExposures project (cve.mitre.org) has assigned the name CAN-2005-2701 to\r\nthis issue.\r\n\r\nA bug was found in the way Mozilla processes certain Unicode\r\nsequences. It may be possible to execute arbitrary code as the user running\r\nMozilla, if the user views a specially crafted Unicode sequence.\r\n(CAN-2005-2702)\r\n\r\nA bug was found in the way Mozilla makes XMLHttp requests. It is possible\r\nthat a malicious web page could leverage this flaw to exploit other proxy\r\nor server flaws from the victim's machine. It is also possible that this\r\nflaw could be leveraged to send XMLHttp requests to hosts other than the\r\noriginator; the default behavior of the browser is to disallow this.\r\n(CAN-2005-2703)\r\n\r\nA bug was found in the way Mozilla implemented its XBL interface. It may be\r\npossible for a malicious web page to create an XBL binding in a way\r\nthat would allow arbitrary JavaScript execution with chrome permissions.\r\nPlease note that in Mozilla 1.7.10 this issue is not directly exploitable\r\nand would need to leverage other unknown exploits. (CAN-2005-2704)\r\n\r\nAn integer overflow bug was found in Mozilla's JavaScript engine. Under\r\nfavorable conditions, it may be possible for a malicious web page to\r\nexecute arbitrary code as the user running Mozilla. (CAN-2005-2705)\r\n\r\nA bug was found in the way Mozilla displays about: pages. It is possible\r\nfor a malicious web page to open an about: page, such as about:mozilla, in\r\nsuch a way that it becomes possible to execute JavaScript with chrome\r\nprivileges. (CAN-2005-2706)\r\n\r\nA bug was found in the way Mozilla opens new windows. It is possible for a\r\nmalicious web site to construct a new window without any user interface\r\ncomponents, such as the address bar and the status bar. This window could\r\nthen be used to mislead the user for malicious purposes. (CAN-2005-2707)\r\n\r\nUsers of Mozilla are advised to upgrade to this updated package that\r\ncontains Mozilla version 1.7.12 and is not vulnerable to these issues.", "published": "2005-09-22T04:00:00", "modified": "2018-03-14T19:27:09", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://access.redhat.com/errata/RHSA-2005:789", "reporter": "RedHat", "references": [], "cvelist": ["CVE-2005-2701", "CVE-2005-2702", "CVE-2005-2703", "CVE-2005-2704", "CVE-2005-2705", "CVE-2005-2706", "CVE-2005-2707"], "lastseen": "2018-12-11T17:45:59", "history": [], "viewCount": 0, "enchantments": {"score": {"value": 6.8, "vector": "NONE"}, "dependencies": {"references": [{"type": "openvas", "idList": ["OPENVAS:65289", "OPENVAS:55419", "OPENVAS:136141256231065289", "OPENVAS:55716", "OPENVAS:55711", "OPENVAS:55515"]}, {"type": "centos", "idList": ["CESA-2005:789", "CESA-2005:785", "CESA-2005:789-01", "CESA-2005:791"]}, {"type": "nessus", "idList": ["FREEBSD_PKG_8F5DD74B2C6111DAA2630001020EED82.NASL", "MANDRAKE_MDKSA-2005-170.NASL", "MOZILLA_1711.NASL", "REDHAT-RHSA-2005-785.NASL", "UBUNTU_USN-186-1.NASL", "DEBIAN_DSA-838.NASL", "CENTOS_RHSA-2005-789.NASL", "MANDRAKE_MDKSA-2005-169.NASL", "CENTOS_RHSA-2005-785.NASL", "DEBIAN_DSA-868.NASL"]}, {"type": "ubuntu", "idList": ["USN-200-1"]}, {"type": "freebsd", "idList": ["8F5DD74B-2C61-11DA-A263-0001020EED82"]}, {"type": "redhat", "idList": ["RHSA-2005:785", "RHSA-2005:791"]}, {"type": "suse", "idList": ["SUSE-SA:2005:058", "SUSE-SA:2006:022", "SUSE-SA:2006:004"]}, {"type": "gentoo", "idList": ["GLSA-200509-11"]}, {"type": "debian", "idList": ["DEBIAN:DSA-866-1:69D52", "DEBIAN:DSA-838-1:0150B", "DEBIAN:DSA-868-1:0F895"]}, {"type": "cve", "idList": ["CVE-2005-2701", "CVE-2005-2702", "CVE-2005-2705", "CVE-2005-2704", "CVE-2005-2706", "CVE-2005-2707", "CVE-2005-2703"]}, {"type": "osvdb", "idList": ["OSVDB:19646", "OSVDB:19649", "OSVDB:19643", "OSVDB:19644", "OSVDB:19647", "OSVDB:19645", "OSVDB:19648"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:9790"]}], "modified": "2018-12-11T17:45:59"}}, "objectVersion": "1.4", "affectedPackage": [{"OS": "RedHat", "OSVersion": "any", "arch": "s390", "packageName": "mozilla-chat", "packageVersion": "1.7.12-1.1.3.2", "packageFilename": "mozilla-chat-1.7.12-1.1.3.2.s390.rpm", "operator": "lt"}]}, "lastseen": "2018-12-11T17:45:59", "differentElements": ["cvss"], "edition": 7}], "viewCount": 0, "enchantments": {"score": {"value": 8.3, "vector": "NONE", "modified": "2019-05-29T14:35:23"}, "dependencies": {"references": [{"type": "nessus", "idList": ["MANDRAKE_MDKSA-2005-169.NASL", "GENTOO_GLSA-200509-11.NASL", "DEBIAN_DSA-838.NASL", "REDHAT-RHSA-2005-785.NASL", "MOZILLA_1711.NASL", "DEBIAN_DSA-866.NASL", "UBUNTU_USN-200-1.NASL", "CENTOS_RHSA-2005-785.NASL", "CENTOS_RHSA-2005-789.NASL", "FREEBSD_PKG_8F5DD74B2C6111DAA2630001020EED82.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:55711", "OPENVAS:55716", "OPENVAS:55515", "OPENVAS:65289", "OPENVAS:55419", "OPENVAS:136141256231065289"]}, {"type": "centos", "idList": ["CESA-2005:789", "CESA-2005:789-01", "CESA-2005:785", "CESA-2005:791"]}, {"type": "debian", "idList": ["DEBIAN:DSA-868-1:0F895", "DEBIAN:DSA-838-1:0150B", "DEBIAN:DSA-866-1:69D52"]}, {"type": "ubuntu", "idList": ["USN-200-1"]}, {"type": "suse", "idList": ["SUSE-SA:2005:058", "SUSE-SA:2006:022", "SUSE-SA:2006:004"]}, {"type": "gentoo", "idList": ["GLSA-200509-11"]}, {"type": "redhat", "idList": ["RHSA-2005:785", "RHSA-2005:791"]}, {"type": "freebsd", "idList": ["8F5DD74B-2C61-11DA-A263-0001020EED82"]}, {"type": "cve", "idList": ["CVE-2005-2702", "CVE-2005-2701", "CVE-2005-2707", "CVE-2005-2703", "CVE-2005-2705", "CVE-2005-2704", "CVE-2005-2706"]}, {"type": "osvdb", "idList": ["OSVDB:19643", "OSVDB:19644", "OSVDB:19646", "OSVDB:19649", "OSVDB:19648", "OSVDB:19647", "OSVDB:19645"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:9790"]}], "modified": "2019-05-29T14:35:23"}, "vulnersScore": 8.3}, "objectVersion": "1.4", "affectedPackage": [{"OS": "RedHat", "OSVersion": "any", "arch": "s390", "packageName": "mozilla-chat", "packageVersion": "1.7.12-1.1.3.2", "packageFilename": "mozilla-chat-1.7.12-1.1.3.2.s390.rpm", "operator": "lt"}], "_object_type": "robots.models.redhat.RedHatBulletin", "_object_types": ["robots.models.redhat.RedHatBulletin", "robots.models.base.Bulletin"]}
{"nessus": [{"lastseen": "2019-02-21T01:08:48", "bulletinFamily": "scanner", "description": "A number of vulnerabilities have been discovered in Mozilla that have been corrected in version 1.7.12 :\n\nA bug in the way Mozilla processes XBM images could be used to execute arbitrary code via a specially crafted XBM image file (CVE-2005-2701).\n\nA bug in the way Mozilla handles certain Unicode sequences could be used to execute arbitrary code via viewing a specially crafted Unicode sequence (CVE-2005-2702).\n\nA bug in the way Mozilla makes XMLHttp requests could be abused by a malicious web page to exploit other proxy or server flaws from the victim's machine; however, the default behaviour of the browser is to disallow this (CVE-2005-2703).\n\nA bug in the way Mozilla implemented its XBL interface could be abused by a malicious web page to create an XBL binding in such a way as to allow arbitrary JavaScript execution with chrome permissions (CVE-2005-2704).\n\nAn integer overflow in Mozilla's JavaScript engine could be manipulated in certain conditions to allow a malicious web page to execute arbitrary code (CVE-2005-2705).\n\nA bug in the way Mozilla displays about: pages could be used to execute JavaScript with chrome privileges (CVE-2005-2706).\n\nA bug in the way Mozilla opens new windows could be used by a malicious web page to construct a new window without any user interface elements (such as address bar and status bar) that could be used to potentially mislead the user (CVE-2005-2707).\n\nTom Ferris reported that Firefox would crash when processing a domain name consisting solely of soft-hyphen characters due to a heap overflow when IDN processing results in an empty string after removing non- wrapping chracters, such as soft-hyphens. This could be exploited to run or or install malware on the user's computer (CVE-2005-2871).\n\nThe updated packages have been patched to address these issues and all users are urged to upgrade immediately.", "modified": "2018-07-19T00:00:00", "id": "MANDRAKE_MDKSA-2005-170.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=19923", "published": "2005-10-05T00:00:00", "title": "Mandrake Linux Security Advisory : mozilla (MDKSA-2005:170)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandrake Linux Security Advisory MDKSA-2005:170. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(19923);\n script_version (\"1.16\");\n script_cvs_date(\"Date: 2018/07/19 20:59:13\");\n\n script_cve_id(\"CVE-2005-2701\", \"CVE-2005-2702\", \"CVE-2005-2703\", \"CVE-2005-2704\", \"CVE-2005-2705\", \"CVE-2005-2706\", \"CVE-2005-2707\", \"CVE-2005-2871\");\n script_xref(name:\"MDKSA\", value:\"2005:170\");\n\n script_name(english:\"Mandrake Linux Security Advisory : mozilla (MDKSA-2005:170)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandrake Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A number of vulnerabilities have been discovered in Mozilla that have\nbeen corrected in version 1.7.12 :\n\nA bug in the way Mozilla processes XBM images could be used to execute\narbitrary code via a specially crafted XBM image file (CVE-2005-2701).\n\nA bug in the way Mozilla handles certain Unicode sequences could be\nused to execute arbitrary code via viewing a specially crafted Unicode\nsequence (CVE-2005-2702).\n\nA bug in the way Mozilla makes XMLHttp requests could be abused by a\nmalicious web page to exploit other proxy or server flaws from the\nvictim's machine; however, the default behaviour of the browser is to\ndisallow this (CVE-2005-2703).\n\nA bug in the way Mozilla implemented its XBL interface could be abused\nby a malicious web page to create an XBL binding in such a way as to\nallow arbitrary JavaScript execution with chrome permissions\n(CVE-2005-2704).\n\nAn integer overflow in Mozilla's JavaScript engine could be\nmanipulated in certain conditions to allow a malicious web page to\nexecute arbitrary code (CVE-2005-2705).\n\nA bug in the way Mozilla displays about: pages could be used to\nexecute JavaScript with chrome privileges (CVE-2005-2706).\n\nA bug in the way Mozilla opens new windows could be used by a\nmalicious web page to construct a new window without any user\ninterface elements (such as address bar and status bar) that could be\nused to potentially mislead the user (CVE-2005-2707).\n\nTom Ferris reported that Firefox would crash when processing a domain\nname consisting solely of soft-hyphen characters due to a heap\noverflow when IDN processing results in an empty string after removing\nnon- wrapping chracters, such as soft-hyphens. This could be exploited\nto run or or install malware on the user's computer (CVE-2005-2871).\n\nThe updated packages have been patched to address these issues and all\nusers are urged to upgrade immediately.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/mfsa2005-57.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/mfsa2005-58.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cwe_id(94);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64nspr4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64nspr4-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64nss3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64nss3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libnspr4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libnspr4-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libnss3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libnss3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-dom-inspector\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-enigmail\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-enigmime\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-irc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-js-debugger\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-mail\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-spellchecker\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandrakesoft:mandrake_linux:10.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/09/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/10/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK10.1\", cpu:\"x86_64\", reference:\"lib64nspr4-1.7.8-0.3.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", cpu:\"x86_64\", reference:\"lib64nspr4-devel-1.7.8-0.3.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", cpu:\"x86_64\", reference:\"lib64nss3-1.7.8-0.3.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", cpu:\"x86_64\", reference:\"lib64nss3-devel-1.7.8-0.3.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", cpu:\"i386\", reference:\"libnspr4-1.7.8-0.3.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", cpu:\"i386\", reference:\"libnspr4-devel-1.7.8-0.3.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", cpu:\"i386\", reference:\"libnss3-1.7.8-0.3.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", cpu:\"i386\", reference:\"libnss3-devel-1.7.8-0.3.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", reference:\"mozilla-1.7.8-0.3.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", reference:\"mozilla-devel-1.7.8-0.3.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", reference:\"mozilla-dom-inspector-1.7.8-0.3.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", reference:\"mozilla-enigmail-1.7.8-0.3.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", reference:\"mozilla-enigmime-1.7.8-0.3.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", reference:\"mozilla-irc-1.7.8-0.3.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", reference:\"mozilla-js-debugger-1.7.8-0.3.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", reference:\"mozilla-mail-1.7.8-0.3.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", reference:\"mozilla-spellchecker-1.7.8-0.3.101mdk\", yank:\"mdk\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:08:56", "bulletinFamily": "scanner", "description": "Peter Zelezny discovered that URLs which are passed to Firefox or Mozilla on the command line are not correctly protected against interpretation by the shell. If Firefox or Mozilla is configured as the default handler for URLs (which is the default in Ubuntu), this could be exploited to execute arbitrary code with user privileges by tricking the user into clicking on a specially crafted URL (for example, in an email or chat client). (CAN-2005-2968, MFSA-2005-59)\n\nA buffer overflow was discovered in the XBM image handler. By tricking an user into opening a specially crafted XBM image, an attacker could exploit this to execute arbitrary code with the user's privileges.\n(MFSA-2005-58)\n\nMats Palmgren discovered a buffer overflow in the Unicode string parser. Unicode strings that contained 'zero-width non-joiner' characters caused a browser crash, which could possibly even exploited to execute arbitrary code with the user's privileges. (MFSA-2005-58)\n\nGeorgi Guninski reported an integer overflow in the JavaScript engine.\nThis could be exploited to run arbitrary code under some conditions.\n(MFSA-2005-58)\n\nThis update also fixes some less critical issues which are described at http://www.mozilla.org/security/announce/mfsa2005-58.html.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2018-08-15T00:00:00", "id": "UBUNTU_USN-186-1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=20597", "published": "2006-01-15T00:00:00", "title": "Ubuntu 4.10 / 5.04 : mozilla, mozilla-firefox vulnerabilities (USN-186-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-186-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(20597);\n script_version(\"1.14\");\n script_cvs_date(\"Date: 2018/08/15 16:35:43\");\n\n script_cve_id(\"CVE-2005-2701\", \"CVE-2005-2702\", \"CVE-2005-2703\", \"CVE-2005-2704\", \"CVE-2005-2705\", \"CVE-2005-2706\", \"CVE-2005-2707\", \"CVE-2005-2968\");\n script_xref(name:\"USN\", value:\"186-1\");\n\n script_name(english:\"Ubuntu 4.10 / 5.04 : mozilla, mozilla-firefox vulnerabilities (USN-186-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Peter Zelezny discovered that URLs which are passed to Firefox or\nMozilla on the command line are not correctly protected against\ninterpretation by the shell. If Firefox or Mozilla is configured as\nthe default handler for URLs (which is the default in Ubuntu), this\ncould be exploited to execute arbitrary code with user privileges by\ntricking the user into clicking on a specially crafted URL (for\nexample, in an email or chat client). (CAN-2005-2968, MFSA-2005-59)\n\nA buffer overflow was discovered in the XBM image handler. By tricking\nan user into opening a specially crafted XBM image, an attacker could\nexploit this to execute arbitrary code with the user's privileges.\n(MFSA-2005-58)\n\nMats Palmgren discovered a buffer overflow in the Unicode string\nparser. Unicode strings that contained 'zero-width non-joiner'\ncharacters caused a browser crash, which could possibly even exploited\nto execute arbitrary code with the user's privileges. (MFSA-2005-58)\n\nGeorgi Guninski reported an integer overflow in the JavaScript engine.\nThis could be exploited to run arbitrary code under some conditions.\n(MFSA-2005-58)\n\nThis update also fixes some less critical issues which are described\nat http://www.mozilla.org/security/announce/mfsa2005-58.html.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cwe_id(94);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libnspr-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libnspr4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libnss-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libnss3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mozilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mozilla-browser\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mozilla-calendar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mozilla-chatzilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mozilla-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mozilla-dom-inspector\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mozilla-firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mozilla-firefox-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mozilla-firefox-dom-inspector\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mozilla-firefox-gnome-support\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mozilla-js-debugger\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mozilla-mailnews\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mozilla-psm\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:4.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:5.04\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/09/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/01/15\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/09/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2005-2018 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(4\\.10|5\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 4.10 / 5.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"4.10\", pkgname:\"libnspr-dev\", pkgver:\"1.7.12-0ubuntu04.10\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"libnspr4\", pkgver:\"1.7.12-0ubuntu04.10\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"libnss-dev\", pkgver:\"1.7.12-0ubuntu04.10\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"libnss3\", pkgver:\"1.7.12-0ubuntu04.10\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"mozilla\", pkgver:\"1.7.12-0ubuntu04.10\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"mozilla-browser\", pkgver:\"1.7.12-0ubuntu04.10\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"mozilla-calendar\", pkgver:\"1.7.12-0ubuntu04.10\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"mozilla-chatzilla\", pkgver:\"1.7.12-0ubuntu04.10\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"mozilla-dev\", pkgver:\"1.7.12-0ubuntu04.10\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"mozilla-dom-inspector\", pkgver:\"1.7.12-0ubuntu04.10\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"mozilla-js-debugger\", pkgver:\"1.7.12-0ubuntu04.10\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"mozilla-mailnews\", pkgver:\"1.7.12-0ubuntu04.10\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"mozilla-psm\", pkgver:\"1.7.12-0ubuntu04.10\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"libnspr-dev\", pkgver:\"1.7.12-0ubuntu05.04\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"libnspr4\", pkgver:\"1.7.12-0ubuntu05.04\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"libnss-dev\", pkgver:\"1.7.12-0ubuntu05.04\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"libnss3\", pkgver:\"1.7.12-0ubuntu05.04\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"mozilla\", pkgver:\"1.7.12-0ubuntu05.04\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"mozilla-browser\", pkgver:\"1.7.12-0ubuntu05.04\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"mozilla-calendar\", pkgver:\"1.7.12-0ubuntu05.04\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"mozilla-chatzilla\", pkgver:\"1.7.12-0ubuntu05.04\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"mozilla-dev\", pkgver:\"1.7.12-0ubuntu05.04\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"mozilla-dom-inspector\", pkgver:\"1.7.12-0ubuntu05.04\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"mozilla-firefox\", pkgver:\"1.0.7-0ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"mozilla-firefox-dev\", pkgver:\"1.0.7-0ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"mozilla-firefox-dom-inspector\", pkgver:\"1.0.7-0ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"mozilla-firefox-gnome-support\", pkgver:\"1.0.7-0ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"mozilla-js-debugger\", pkgver:\"1.7.12-0ubuntu05.04\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"mozilla-mailnews\", pkgver:\"1.7.12-0ubuntu05.04\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"mozilla-psm\", pkgver:\"1.7.12-0ubuntu05.04\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libnspr-dev / libnspr4 / libnss-dev / libnss3 / mozilla / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:08:57", "bulletinFamily": "scanner", "description": "A buffer overflow was discovered in the XBM image handler. By tricking an user into opening a specially crafted XBM image, an attacker could exploit this to execute arbitrary code with the user's privileges.\n(CAN-2005-2701)\n\nMats Palmgren discovered a buffer overflow in the Unicode string parser. Unicode strings that contained 'zero-width non-joiner' characters caused a browser crash, which could possibly even exploited to execute arbitrary code with the user's privileges. (CAN-2005-2702)\n\nGeorgi Guninski reported an integer overflow in the JavaScript engine.\nThis could be exploited to run arbitrary code under some conditions.\n(CAN-2005-2705)\n\nPeter Zelezny discovered that URLs which are passed to Thunderbird on the command line are not correctly protected against interpretation by the shell. If Thunderbird is configured as the default handler for 'mailto:' URLs, this could be exploited to execute arbitrary code with user privileges by tricking the user into clicking on a specially crafted URL (for example, in an email or chat client). (CAN-2005-2968)\n\nThis update also fixes some less critical issues which are described at http://www.mozilla.org/security/announce/mfsa2005-58.html.\n(CAN-2005-2703, CAN-2005-2704, CAN-2005-2706, CAN-2005-2707)\n\nThe 'enigmail' plugin has been updated to work with the new Thunderbird and Mozilla versions.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2018-08-15T00:00:00", "id": "UBUNTU_USN-200-1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=20616", "published": "2006-01-15T00:00:00", "title": "Ubuntu 4.10 / 5.04 : mozilla-thunderbird vulnerabilities (USN-200-1)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-200-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(20616);\n script_version(\"1.15\");\n script_cvs_date(\"Date: 2018/08/15 16:35:43\");\n\n script_cve_id(\"CVE-2005-2701\", \"CVE-2005-2702\", \"CVE-2005-2703\", \"CVE-2005-2704\", \"CVE-2005-2705\", \"CVE-2005-2706\", \"CVE-2005-2707\", \"CVE-2005-2968\");\n script_xref(name:\"USN\", value:\"200-1\");\n\n script_name(english:\"Ubuntu 4.10 / 5.04 : mozilla-thunderbird vulnerabilities (USN-200-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A buffer overflow was discovered in the XBM image handler. By tricking\nan user into opening a specially crafted XBM image, an attacker could\nexploit this to execute arbitrary code with the user's privileges.\n(CAN-2005-2701)\n\nMats Palmgren discovered a buffer overflow in the Unicode string\nparser. Unicode strings that contained 'zero-width non-joiner'\ncharacters caused a browser crash, which could possibly even exploited\nto execute arbitrary code with the user's privileges. (CAN-2005-2702)\n\nGeorgi Guninski reported an integer overflow in the JavaScript engine.\nThis could be exploited to run arbitrary code under some conditions.\n(CAN-2005-2705)\n\nPeter Zelezny discovered that URLs which are passed to Thunderbird on\nthe command line are not correctly protected against interpretation by\nthe shell. If Thunderbird is configured as the default handler for\n'mailto:' URLs, this could be exploited to execute arbitrary code with\nuser privileges by tricking the user into clicking on a specially\ncrafted URL (for example, in an email or chat client). (CAN-2005-2968)\n\nThis update also fixes some less critical issues which are described\nat http://www.mozilla.org/security/announce/mfsa2005-58.html.\n(CAN-2005-2703, CAN-2005-2704, CAN-2005-2706, CAN-2005-2707)\n\nThe 'enigmail' plugin has been updated to work with the new\nThunderbird and Mozilla versions.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cwe_id(94);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mozilla-enigmail\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mozilla-thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mozilla-thunderbird-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mozilla-thunderbird-enigmail\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mozilla-thunderbird-inspector\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mozilla-thunderbird-offline\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mozilla-thunderbird-typeaheadfind\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:4.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:5.04\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/10/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/01/15\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/09/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2005-2018 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(4\\.10|5\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 4.10 / 5.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"4.10\", pkgname:\"mozilla-enigmail\", pkgver:\"0.92-1ubuntu04.10.2\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"mozilla-thunderbird\", pkgver:\"1.0.7-0ubuntu04.10\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"mozilla-thunderbird-dev\", pkgver:\"1.0.7-0ubuntu04.10\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"mozilla-thunderbird-enigmail\", pkgver:\"0.92-1ubuntu04.10.2\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"mozilla-thunderbird-inspector\", pkgver:\"1.0.7-0ubuntu04.10\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"mozilla-thunderbird-offline\", pkgver:\"1.0.7-0ubuntu04.10\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"mozilla-thunderbird-typeaheadfind\", pkgver:\"1.0.7-0ubuntu04.10\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"mozilla-enigmail\", pkgver:\"0.92-1ubuntu05.04.2\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"mozilla-thunderbird\", pkgver:\"1.0.7-0ubuntu05.04\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"mozilla-thunderbird-dev\", pkgver:\"1.0.7-0ubuntu05.04\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"mozilla-thunderbird-enigmail\", pkgver:\"0.92-1ubuntu05.04.2\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"mozilla-thunderbird-inspector\", pkgver:\"1.0.7-0ubuntu05.04\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"mozilla-thunderbird-offline\", pkgver:\"1.0.7-0ubuntu05.04\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"mozilla-thunderbird-typeaheadfind\", pkgver:\"1.0.7-0ubuntu05.04\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mozilla-enigmail / mozilla-thunderbird / mozilla-thunderbird-dev / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:08:47", "bulletinFamily": "scanner", "description": "An updated firefox package that fixes several security bugs is now available for Red Hat Enterprise Linux 4.\n\nThis update has been rated as having critical security impact by the Red Hat Security Response Team.\n\nMozilla Firefox is an open source Web browser.\n\nA bug was found in the way Firefox processes XBM image files. If a user views a specially crafted XBM file, it becomes possible to execute arbitrary code as the user running Firefox. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-2701 to this issue.\n\nA bug was found in the way Firefox processes certain Unicode sequences. It may be possible to execute arbitrary code as the user running Firefox if the user views a specially crafted Unicode sequence. (CVE-2005-2702)\n\nA bug was found in the way Firefox makes XMLHttp requests. It is possible that a malicious web page could leverage this flaw to exploit other proxy or server flaws from the victim's machine. It is also possible that this flaw could be leveraged to send XMLHttp requests to hosts other than the originator; the default behavior of the browser is to disallow this. (CVE-2005-2703)\n\nA bug was found in the way Firefox implemented its XBL interface. It may be possible for a malicious web page to create an XBL binding in such a way that would allow arbitrary JavaScript execution with chrome permissions. Please note that in Firefox 1.0.6 this issue is not directly exploitable and will need to leverage other unknown exploits.\n(CVE-2005-2704)\n\nAn integer overflow bug was found in Firefox's JavaScript engine.\nUnder favorable conditions, it may be possible for a malicious web page to execute arbitrary code as the user running Firefox.\n(CVE-2005-2705)\n\nA bug was found in the way Firefox displays about: pages. It is possible for a malicious web page to open an about: page, such as about:mozilla, in such a way that it becomes possible to execute JavaScript with chrome privileges. (CVE-2005-2706)\n\nA bug was found in the way Firefox opens new windows. It is possible for a malicious website to construct a new window without any user interface components, such as the address bar and the status bar. This window could then be used to mislead the user for malicious purposes.\n(CVE-2005-2707)\n\nA bug was found in the way Firefox processes URLs passed to it on the command line. If a user passes a malformed URL to Firefox, such as clicking on a link in an instant messaging program, it is possible to execute arbitrary commands as the user running Firefox.\n(CVE-2005-2968)\n\nUsers of Firefox are advised to upgrade to this updated package that contains Firefox version 1.0.7 and is not vulnerable to these issues.", "modified": "2018-11-15T00:00:00", "id": "REDHAT-RHSA-2005-785.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=19835", "published": "2005-10-05T00:00:00", "title": "RHEL 4 : firefox (RHSA-2005:785)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2005:785. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(19835);\n script_version (\"1.22\");\n script_cvs_date(\"Date: 2018/11/15 11:40:30\");\n\n script_cve_id(\"CVE-2005-2701\", \"CVE-2005-2702\", \"CVE-2005-2703\", \"CVE-2005-2704\", \"CVE-2005-2705\", \"CVE-2005-2706\", \"CVE-2005-2707\", \"CVE-2005-2968\", \"CVE-2005-3089\");\n script_xref(name:\"RHSA\", value:\"2005:785\");\n\n script_name(english:\"RHEL 4 : firefox (RHSA-2005:785)\");\n script_summary(english:\"Checks the rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated firefox package that fixes several security bugs is now\navailable for Red Hat Enterprise Linux 4.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nMozilla Firefox is an open source Web browser.\n\nA bug was found in the way Firefox processes XBM image files. If a\nuser views a specially crafted XBM file, it becomes possible to\nexecute arbitrary code as the user running Firefox. The Common\nVulnerabilities and Exposures project (cve.mitre.org) has assigned the\nname CVE-2005-2701 to this issue.\n\nA bug was found in the way Firefox processes certain Unicode\nsequences. It may be possible to execute arbitrary code as the user\nrunning Firefox if the user views a specially crafted Unicode\nsequence. (CVE-2005-2702)\n\nA bug was found in the way Firefox makes XMLHttp requests. It is\npossible that a malicious web page could leverage this flaw to exploit\nother proxy or server flaws from the victim's machine. It is also\npossible that this flaw could be leveraged to send XMLHttp requests to\nhosts other than the originator; the default behavior of the browser\nis to disallow this. (CVE-2005-2703)\n\nA bug was found in the way Firefox implemented its XBL interface. It\nmay be possible for a malicious web page to create an XBL binding in\nsuch a way that would allow arbitrary JavaScript execution with chrome\npermissions. Please note that in Firefox 1.0.6 this issue is not\ndirectly exploitable and will need to leverage other unknown exploits.\n(CVE-2005-2704)\n\nAn integer overflow bug was found in Firefox's JavaScript engine.\nUnder favorable conditions, it may be possible for a malicious web\npage to execute arbitrary code as the user running Firefox.\n(CVE-2005-2705)\n\nA bug was found in the way Firefox displays about: pages. It is\npossible for a malicious web page to open an about: page, such as\nabout:mozilla, in such a way that it becomes possible to execute\nJavaScript with chrome privileges. (CVE-2005-2706)\n\nA bug was found in the way Firefox opens new windows. It is possible\nfor a malicious website to construct a new window without any user\ninterface components, such as the address bar and the status bar. This\nwindow could then be used to mislead the user for malicious purposes.\n(CVE-2005-2707)\n\nA bug was found in the way Firefox processes URLs passed to it on the\ncommand line. If a user passes a malformed URL to Firefox, such as\nclicking on a link in an instant messaging program, it is possible to\nexecute arbitrary commands as the user running Firefox.\n(CVE-2005-2968)\n\nUsers of Firefox are advised to upgrade to this updated package that\ncontains Firefox version 1.0.7 and is not vulnerable to these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2005-2701\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2005-2702\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2005-2703\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2005-2704\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2005-2705\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2005-2706\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2005-2707\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2005-2968\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2005-3089\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2005:785\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected firefox package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cwe_id(94);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/09/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/10/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2005:785\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL4\", reference:\"firefox-1.0.7-1.4.1\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox\");\n }\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:08:46", "bulletinFamily": "scanner", "description": "The installed version of Mozilla contains various security issues, several of which are critical as they can be easily exploited to execute arbitrary shell code on the remote host.", "modified": "2018-07-16T00:00:00", "id": "MOZILLA_1711.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=19718", "published": "2005-09-17T00:00:00", "title": "Mozilla Browser < 1.7.12 Multiple Vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(19718);\n script_version(\"1.24\");\n script_cvs_date(\"Date: 2018/07/16 14:09:14\");\n\n script_cve_id(\n \"CVE-2005-2602\", \n \"CVE-2005-2701\", \n \"CVE-2005-2702\", \n \"CVE-2005-2703\",\n \"CVE-2005-2704\", \n \"CVE-2005-2705\", \n \"CVE-2005-2706\", \n \"CVE-2005-2707\"\n );\n script_bugtraq_id(\n 14526, \n 14916, \n 14917, \n 14918, \n 14919, \n 14920, \n 14921, \n 14923\n );\n\n script_name(english:\"Mozilla Browser < 1.7.12 Multiple Vulnerabilities\");\n script_summary(english:\"Checks for Mozilla browser < 1.7.12\");\n \n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser on the remote host is affected by multiple\nvulnerabilities, including arbitrary code execution.\" );\n script_set_attribute(attribute:\"description\", value:\n\"The installed version of Mozilla contains various security issues,\nseveral of which are critical as they can be easily exploited to\nexecute arbitrary shell code on the remote host.\" );\n script_set_attribute(attribute:\"see_also\", value:\"http://security-protocols.com/advisory/sp-x17-advisory.txt\");\n # http://web.archive.org/web/20100329062735/http://www.mozilla.org/security/idn.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?11c09cbe\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2005-58/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Mozilla 1.7.12 or later.\" );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(94);\n\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2005/09/17\");\n script_set_attribute(attribute:\"vuln_publication_date\", value: \"2005/08/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value: \"2005/09/22\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\",value:\"cpe:/a:mozilla:mozilla_suite\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n script_copyright(english:\"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.\");\n script_dependencies(\"mozilla_org_installed.nasl\");\n script_require_keys(\"Mozilla/Version\");\n exit(0);\n}\n\n#\n\ninclude(\"misc_func.inc\");\n\n\nver = read_version_in_kb(\"Mozilla/Version\");\nif (isnull(ver)) exit(0);\n\nif (\n ver[0] < 1 ||\n (\n ver[0] == 1 &&\n (\n ver[1] < 7 ||\n (ver[1] == 7 && ver[2] < 12)\n )\n )\n) security_hole(get_kb_item(\"SMB/transport\"));\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:08:47", "bulletinFamily": "scanner", "description": "The remote host is affected by the vulnerability described in GLSA-200509-11 (Mozilla Suite, Mozilla Firefox: Multiple vulnerabilities)\n\n The Mozilla Suite and Firefox are both vulnerable to the following issues:\n Tom Ferris reported a heap overflow in IDN-enabled browsers with malicious Host: headers (CAN-2005-2871).\n 'jackerror' discovered a heap overrun in XBM image processing (CAN-2005-2701).\n Mats Palmgren reported a potentially exploitable stack corruption using specific Unicode sequences (CAN-2005-2702).\n Georgi Guninski discovered an integer overflow in the JavaScript engine (CAN-2005-2705) Other issues ranging from DOM object spoofing to request header spoofing were also found and fixed in the latest versions (CAN-2005-2703, CAN-2005-2704, CAN-2005-2706, CAN-2005-2707).\n The Gecko engine in itself is also affected by some of these issues and has been updated as well.\n Impact :\n\n A remote attacker could setup a malicious site and entice a victim to visit it, potentially resulting in arbitrary code execution with the victim's privileges or facilitated spoofing of known websites.\n Workaround :\n\n There is no known workaround for all the issues.", "modified": "2018-12-18T00:00:00", "id": "GENTOO_GLSA-200509-11.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=19810", "published": "2005-10-05T00:00:00", "title": "GLSA-200509-11 : Mozilla Suite, Mozilla Firefox: Multiple vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200509-11.\n#\n# The advisory text is Copyright (C) 2001-2018 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(19810);\n script_version(\"1.16\");\n script_cvs_date(\"Date: 2018/12/18 10:18:58\");\n\n script_cve_id(\"CVE-2005-2701\", \"CVE-2005-2702\", \"CVE-2005-2703\", \"CVE-2005-2704\", \"CVE-2005-2705\", \"CVE-2005-2706\", \"CVE-2005-2707\", \"CVE-2005-2871\");\n script_xref(name:\"GLSA\", value:\"200509-11\");\n\n script_name(english:\"GLSA-200509-11 : Mozilla Suite, Mozilla Firefox: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200509-11\n(Mozilla Suite, Mozilla Firefox: Multiple vulnerabilities)\n\n The Mozilla Suite and Firefox are both vulnerable to the following\n issues:\n Tom Ferris reported a heap overflow in IDN-enabled browsers with\n malicious Host: headers (CAN-2005-2871).\n 'jackerror' discovered a heap overrun in XBM image processing\n (CAN-2005-2701).\n Mats Palmgren reported a potentially exploitable stack corruption\n using specific Unicode sequences (CAN-2005-2702).\n Georgi Guninski discovered an integer overflow in the JavaScript\n engine (CAN-2005-2705)\n Other issues ranging from DOM object spoofing to request header\n spoofing were also found and fixed in the latest versions\n (CAN-2005-2703, CAN-2005-2704, CAN-2005-2706, CAN-2005-2707).\n The Gecko engine in itself is also affected by some of these issues and\n has been updated as well.\n \nImpact :\n\n A remote attacker could setup a malicious site and entice a victim to\n visit it, potentially resulting in arbitrary code execution with the\n victim's privileges or facilitated spoofing of known websites.\n \nWorkaround :\n\n There is no known workaround for all the issues.\"\n );\n # http://www.mozilla.org/projects/security/known-vulnerabilities.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/known-vulnerabilities/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200509-11\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Mozilla Firefox users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-client/mozilla-firefox-1.0.7-r2'\n All Mozilla Suite users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-client/mozilla-1.7.12-r2'\n All Mozilla Firefox binary users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-client/mozilla-firefox-bin-1.0.7'\n All Mozilla Suite binary users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-client/mozilla-bin-1.7.12'\n All Gecko library users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-libs/gecko-sdk-1.7.12'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cwe_id(94);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:gecko-sdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:mozilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:mozilla-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:mozilla-firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:mozilla-firefox-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/09/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/10/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"net-libs/gecko-sdk\", unaffected:make_list(\"ge 1.7.12\"), vulnerable:make_list(\"lt 1.7.12\"))) flag++;\nif (qpkg_check(package:\"www-client/mozilla-firefox-bin\", unaffected:make_list(\"ge 1.0.7\"), vulnerable:make_list(\"lt 1.0.7\"))) flag++;\nif (qpkg_check(package:\"www-client/mozilla\", unaffected:make_list(\"ge 1.7.12-r2\"), vulnerable:make_list(\"lt 1.7.12-r2\"))) flag++;\nif (qpkg_check(package:\"www-client/mozilla-bin\", unaffected:make_list(\"ge 1.7.12\"), vulnerable:make_list(\"lt 1.7.12\"))) flag++;\nif (qpkg_check(package:\"www-client/mozilla-firefox\", unaffected:make_list(\"ge 1.0.7-r2\"), vulnerable:make_list(\"lt 1.0.7-r2\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Mozilla Suite / Mozilla Firefox\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:08:49", "bulletinFamily": "scanner", "description": "Several security-related problems have been discovered in Mozilla and derived programs. The Common Vulnerabilities and Exposures project identifies the following problems :\n\n - CAN-2005-2871 Tom Ferris discovered a bug in the IDN hostname handling of Mozilla that allows remote attackers to cause a denial of service and possibly execute arbitrary code via a hostname with dashes.\n\n - CAN-2005-2701\n\n A buffer overflow allows remote attackers to execute arbitrary code via an XBM image file that ends in a large number of spaces instead of the expected end tag.\n\n - CAN-2005-2702\n\n Mats Palmgren discovered a buffer overflow in the Unicode string parser that allows a specially crafted Unicode sequence to overflow a buffer and cause arbitrary code to be executed.\n\n - CAN-2005-2703\n\n Remote attackers could spoof HTTP headers of XML HTTP requests via XMLHttpRequest and possibly use the client to exploit vulnerabilities in servers or proxies.\n\n - CAN-2005-2704\n\n Remote attackers could spoof DOM objects via an XBL control that implements an internal XPCOM interface.\n\n - CAN-2005-2705\n\n Georgi Guninski discovered an integer overflow in the JavaScript engine that might allow remote attackers to execute arbitrary code.\n\n - CAN-2005-2706\n\n Remote attackers could execute JavaScript code with chrome privileges via an about: page such as about:mozilla.\n\n - CAN-2005-2707\n\n Remote attackers could spawn windows without user interface components such as the address and status bar that could be used to conduct spoofing or phishing attacks.\n\n - CAN-2005-2968\n\n Peter Zelezny discovered that shell metacharacters are not properly escaped when they are passed to a shell script and allow the execution of arbitrary commands, e.g. when a malicious URL is automatically copied from another program into Mozilla as default browser.", "modified": "2018-08-09T00:00:00", "id": "DEBIAN_DSA-866.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=20063", "published": "2005-10-20T00:00:00", "title": "Debian DSA-866-1 : mozilla - several vulnerabilities", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-866. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(20063);\n script_version(\"1.19\");\n script_cvs_date(\"Date: 2018/08/09 17:06:36\");\n\n script_cve_id(\"CVE-2005-2701\", \"CVE-2005-2702\", \"CVE-2005-2703\", \"CVE-2005-2704\", \"CVE-2005-2705\", \"CVE-2005-2706\", \"CVE-2005-2707\", \"CVE-2005-2871\", \"CVE-2005-2968\");\n script_xref(name:\"DSA\", value:\"866\");\n\n script_name(english:\"Debian DSA-866-1 : mozilla - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several security-related problems have been discovered in Mozilla and\nderived programs. The Common Vulnerabilities and Exposures project\nidentifies the following problems :\n\n - CAN-2005-2871\n Tom Ferris discovered a bug in the IDN hostname handling\n of Mozilla that allows remote attackers to cause a\n denial of service and possibly execute arbitrary code\n via a hostname with dashes.\n\n - CAN-2005-2701\n\n A buffer overflow allows remote attackers to execute\n arbitrary code via an XBM image file that ends in a\n large number of spaces instead of the expected end tag.\n\n - CAN-2005-2702\n\n Mats Palmgren discovered a buffer overflow in the\n Unicode string parser that allows a specially crafted\n Unicode sequence to overflow a buffer and cause\n arbitrary code to be executed.\n\n - CAN-2005-2703\n\n Remote attackers could spoof HTTP headers of XML HTTP\n requests via XMLHttpRequest and possibly use the client\n to exploit vulnerabilities in servers or proxies.\n\n - CAN-2005-2704\n\n Remote attackers could spoof DOM objects via an XBL\n control that implements an internal XPCOM interface.\n\n - CAN-2005-2705\n\n Georgi Guninski discovered an integer overflow in the\n JavaScript engine that might allow remote attackers to\n execute arbitrary code.\n\n - CAN-2005-2706\n\n Remote attackers could execute JavaScript code with\n chrome privileges via an about: page such as\n about:mozilla.\n\n - CAN-2005-2707\n\n Remote attackers could spawn windows without user\n interface components such as the address and status bar\n that could be used to conduct spoofing or phishing\n attacks.\n\n - CAN-2005-2968\n\n Peter Zelezny discovered that shell metacharacters are\n not properly escaped when they are passed to a shell\n script and allow the execution of arbitrary commands,\n e.g. when a malicious URL is automatically copied from\n another program into Mozilla as default browser.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=327366\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=329778\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2005/dsa-866\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the mozilla package.\n\nFor the stable distribution (sarge) these problems have been fixed in\nversion 1.7.8-1sarge3.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cwe_id(94);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mozilla\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:3.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/10/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/10/20\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/09/08\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"3.1\", prefix:\"libnspr-dev\", reference:\"1.7.8-1sarge3\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"libnspr4\", reference:\"1.7.8-1sarge3\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"libnss-dev\", reference:\"1.7.8-1sarge3\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"libnss3\", reference:\"1.7.8-1sarge3\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"mozilla\", reference:\"1.7.8-1sarge3\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"mozilla-browser\", reference:\"1.7.8-1sarge3\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"mozilla-calendar\", reference:\"1.7.8-1sarge3\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"mozilla-chatzilla\", reference:\"1.7.8-1sarge3\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"mozilla-dev\", reference:\"1.7.8-1sarge3\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"mozilla-dom-inspector\", reference:\"1.7.8-1sarge3\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"mozilla-js-debugger\", reference:\"1.7.8-1sarge3\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"mozilla-mailnews\", reference:\"1.7.8-1sarge3\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"mozilla-psm\", reference:\"1.7.8-1sarge3\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:08:47", "bulletinFamily": "scanner", "description": "Multiple security vulnerabilities have been identified in the mozilla-firefox web browser. These vulnerabilities could allow an attacker to execute code on the victim's machine via specially crafted network resources.\n\n - CAN-2005-2701 Heap overrun in XBM image processing\n\n - CAN-2005-2702\n\n Denial of service (crash) and possible execution of arbitrary code via Unicode sequences with 'zero-width non-joiner' characters.\n\n - CAN-2005-2703\n\n XMLHttpRequest header spoofing\n\n - CAN-2005-2704\n\n Object spoofing using XBL <implements>\n\n - CAN-2005-2705\n\n JavaScript integer overflow\n\n - CAN-2005-2706\n\n Privilege escalation using about: scheme\n\n - CAN-2005-2707\n\n Chrome window spoofing allowing windows to be created without UI components such as a URL bar or status bar that could be used to carry out phishing attacks", "modified": "2018-07-20T00:00:00", "id": "DEBIAN_DSA-838.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=19807", "published": "2005-10-05T00:00:00", "title": "Debian DSA-838-1 : mozilla-firefox - multiple vulnerabilities", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-838. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(19807);\n script_version(\"1.15\");\n script_cvs_date(\"Date: 2018/07/20 2:17:11\");\n\n script_cve_id(\"CVE-2005-2701\", \"CVE-2005-2702\", \"CVE-2005-2703\", \"CVE-2005-2704\", \"CVE-2005-2705\", \"CVE-2005-2706\", \"CVE-2005-2707\");\n script_xref(name:\"DSA\", value:\"838\");\n\n script_name(english:\"Debian DSA-838-1 : mozilla-firefox - multiple vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple security vulnerabilities have been identified in the\nmozilla-firefox web browser. These vulnerabilities could allow an\nattacker to execute code on the victim's machine via specially crafted\nnetwork resources.\n\n - CAN-2005-2701\n Heap overrun in XBM image processing\n\n - CAN-2005-2702\n\n Denial of service (crash) and possible execution of\n arbitrary code via Unicode sequences with 'zero-width\n non-joiner' characters.\n\n - CAN-2005-2703\n\n XMLHttpRequest header spoofing\n\n - CAN-2005-2704\n\n Object spoofing using XBL <implements>\n\n - CAN-2005-2705\n\n JavaScript integer overflow\n\n - CAN-2005-2706\n\n Privilege escalation using about: scheme\n\n - CAN-2005-2707\n\n Chrome window spoofing allowing windows to be created\n without UI components such as a URL bar or status bar\n that could be used to carry out phishing attacks\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2005/dsa-838\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the mozilla-firefox package.\n\nFor the stable distribution (sarge), these problems have been fixed in\nversion 1.0.4-2sarge5.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cwe_id(94);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mozilla-firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:3.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/10/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/10/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"3.1\", prefix:\"mozilla-firefox\", reference:\"1.0.4-2sarge5\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"mozilla-firefox-dom-inspector\", reference:\"1.0.4-2sarge5\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"mozilla-firefox-gnome-support\", reference:\"1.0.4-2sarge5\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-10-29T13:39:13", "bulletinFamily": "scanner", "description": "A number of vulnerabilities have been discovered in Mozilla Firefox that have been corrected in version 1.0.7:\n\nA bug in the way Firefox processes XBM images could be used to execute arbitrary code via a specially crafted XBM image file (CVE-2005-2701).\n\nA bug in the way Firefox handles certain Unicode sequences could be used to execute arbitrary code via viewing a specially crafted Unicode sequence (CVE-2005-2702).\n\nA bug in the way Firefox makes XMLHttp requests could be abused by a malicious web page to exploit other proxy or server flaws from the victim's machine; however, the default behaviour of the browser is to disallow this (CVE-2005-2703).\n\nA bug in the way Firefox implemented its XBL interface could be abused by a malicious web page to create an XBL binding in such a way as to allow arbitrary JavaScript execution with chrome permissions (CVE-2005-2704).\n\nAn integer overflow in Firefox's JavaScript engine could be manipulated in certain conditions to allow a malicious web page to execute arbitrary code (CVE-2005-2705).\n\nA bug in the way Firefox displays about: pages could be used to execute JavaScript with chrome privileges (CVE-2005-2706).\n\nA bug in the way Firefox opens new windows could be used by a malicious web page to construct a new window without any user interface elements (such as address bar and status bar) that could be used to potentially mislead the user (CVE-2005-2707).\n\nA bug in the way Firefox proceesed URLs on the command line could be used to execute arbitary commands as the user running Firefox; this could be abused by clicking on a supplied link, such as from an instant messaging client (CVE-2005-2968).\n\nTom Ferris reported that Firefox would crash when processing a domain name consisting solely of soft-hyphen characters due to a heap overflow when IDN processing results in an empty string after removing non- wrapping chracters, such as soft-hyphens. This could be exploited to run or or install malware on the user's computer (CVE-2005-2871).\n\nThe updated packages have been patched to address these issues and all users are urged to upgrade immediately.", "modified": "2012-09-07T00:00:00", "published": "2006-01-15T00:00:00", "id": "MANDRAKE_MDKSA-2005-169.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=20425", "type": "nessus", "title": "MDKSA-2005:169 : mozilla-firefox", "sourceData": "# @DEPRECATED@\n#\n# This script has been deprecated as the associated update is not\n# for a supported release of Mandrake / Mandriva Linux.\n#\n# Disabled on 2012/09/06.\n#\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# This script was automatically generated from\n# Mandrake Linux Security Advisory MDKSA-2005:169.\n#\n\nif (!defined_func(\"bn_random\")) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(20425);\n script_version (\"$Revision: 1.10 $\"); \n script_cvs_date(\"$Date: 2012/09/07 00:48:07 $\");\n\n script_cve_id(\"CVE-2005-2701\", \"CVE-2005-2702\", \"CVE-2005-2703\", \"CVE-2005-2704\", \"CVE-2005-2705\", \"CVE-2005-2706\", \"CVE-2005-2707\", \"CVE-2005-2871\", \"CVE-2005-2968\");\n\n script_name(english:\"MDKSA-2005:169 : mozilla-firefox\");\n script_summary(english:\"Checks for patch(es) in 'rpm -qa' output\");\n\n script_set_attribute(attribute:\"synopsis\", value: \n\"The remote Mandrake host is missing one or more security-related\npatches.\");\n script_set_attribute(attribute:\"description\", value:\n\"A number of vulnerabilities have been discovered in Mozilla Firefox\nthat have been corrected in version 1.0.7:\n\nA bug in the way Firefox processes XBM images could be used to\nexecute arbitrary code via a specially crafted XBM image file\n(CVE-2005-2701).\n\nA bug in the way Firefox handles certain Unicode sequences could be\nused to execute arbitrary code via viewing a specially crafted\nUnicode sequence (CVE-2005-2702).\n\nA bug in the way Firefox makes XMLHttp requests could be abused by a\nmalicious web page to exploit other proxy or server flaws from the\nvictim's machine; however, the default behaviour of the browser is to\ndisallow this (CVE-2005-2703).\n\nA bug in the way Firefox implemented its XBL interface could be\nabused by a malicious web page to create an XBL binding in such a way\nas to allow arbitrary JavaScript execution with chrome permissions\n(CVE-2005-2704).\n\nAn integer overflow in Firefox's JavaScript engine could be\nmanipulated in certain conditions to allow a malicious web page to\nexecute arbitrary code (CVE-2005-2705).\n\nA bug in the way Firefox displays about: pages could be used to\nexecute JavaScript with chrome privileges (CVE-2005-2706).\n\nA bug in the way Firefox opens new windows could be used by a\nmalicious web page to construct a new window without any user\ninterface elements (such as address bar and status bar) that could be\nused to potentially mislead the user (CVE-2005-2707).\n\nA bug in the way Firefox proceesed URLs on the command line could be\nused to execute arbitary commands as the user running Firefox; this\ncould be abused by clicking on a supplied link, such as from an\ninstant messaging client (CVE-2005-2968).\n\nTom Ferris reported that Firefox would crash when processing a domain\nname consisting solely of soft-hyphen characters due to a heap\noverflow when IDN processing results in an empty string after\nremoving non- wrapping chracters, such as soft-hyphens. This could be\nexploited to run or or install malware on the user's computer\n(CVE-2005-2871).\n\nThe updated packages have been patched to address these issues and\nall users are urged to upgrade immediately.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.mandriva.com/security/advisories?name=MDKSA-2005:169\");\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package(s).\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cwe_id(94);\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/09/26\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2006/01/15\");\n script_end_attributes();\n \n script_category(ACT_GATHER_INFO);\n script_family(english:\"Mandriva Local Security Checks\");\n \n script_copyright(english:\"This script is Copyright (C) 2006-2011 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n# Deprecated.\nexit(0, \"The associated update is not currently for a supported release of Mandrake / Mandriva Linux.\");\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/Mandrake/release\")) exit(0, \"The host is not running Mandrake Linux.\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) exit(1, \"Could not get the list of packages.\");\n\nflag = 0;\n\nif (rpm_check(reference:\"libnspr4-1.0.2-9.1.102mdk\", release:\"MDK10.2\", cpu:\"i386\", yank:\"mdk\")) flag++;\nif (rpm_check(reference:\"libnspr4-devel-1.0.2-9.1.102mdk\", release:\"MDK10.2\", cpu:\"i386\", yank:\"mdk\")) flag++;\nif (rpm_check(reference:\"libnss3-1.0.2-9.1.102mdk\", release:\"MDK10.2\", cpu:\"i386\", yank:\"mdk\")) flag++;\nif (rpm_check(reference:\"libnss3-devel-1.0.2-9.1.102mdk\", release:\"MDK10.2\", cpu:\"i386\", yank:\"mdk\")) flag++;\nif (rpm_check(reference:\"mozilla-firefox-1.0.2-9.1.102mdk\", release:\"MDK10.2\", cpu:\"i386\", yank:\"mdk\")) flag++;\nif (rpm_check(reference:\"mozilla-firefox-devel-1.0.2-9.1.102mdk\", release:\"MDK10.2\", cpu:\"i386\", yank:\"mdk\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse \n{\n if (rpm_exists(rpm:\"mozilla-firefox-\", release:\"MDK10.2\"))\n {\n set_kb_item(name:\"CVE-2005-2701\", value:TRUE);\n set_kb_item(name:\"CVE-2005-2702\", value:TRUE);\n set_kb_item(name:\"CVE-2005-2703\", value:TRUE);\n set_kb_item(name:\"CVE-2005-2704\", value:TRUE);\n set_kb_item(name:\"CVE-2005-2705\", value:TRUE);\n set_kb_item(name:\"CVE-2005-2706\", value:TRUE);\n set_kb_item(name:\"CVE-2005-2707\", value:TRUE);\n set_kb_item(name:\"CVE-2005-2871\", value:TRUE);\n set_kb_item(name:\"CVE-2005-2968\", value:TRUE);\n }\n\n exit(0, \"The host is not affected.\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:09:09", "bulletinFamily": "scanner", "description": "A Mozilla Foundation Security Advisory reports of multiple issues :\nHeap overrun in XBM image processing jackerror reports that an improperly terminated XBM image ending with space characters instead of the expected end tag can lead to a heap buffer overrun. This appears to be exploitable to install or run malicious code on the user's machine.\n\nThunderbird does not support the XBM format and is not affected by this flaw. Crash on 'zero-width non-joiner' sequence Mats Palmgren discovered that a reported crash on Unicode sequences with 'zero-width non-joiner' characters was due to stack corruption that may be exploitable. XMLHttpRequest header spoofing It was possible to add illegal and malformed headers to an XMLHttpRequest. This could have been used to exploit server or proxy flaws from the user's machine, or to fool a server or proxy into thinking a single request was a stream of separate requests. The severity of this vulnerability depends on the value of servers which might be vulnerable to HTTP request smuggling and similar attacks, or which share an IP address (virtual hosting) with the attacker's page.\n\nFor users connecting to the web through a proxy this flaw could be used to bypass the same-origin restriction on XMLHttpRequests by fooling the proxy into handling a single request as multiple pipe-lined requests directed at arbitrary hosts. This could be used, for example, to read files on intranet servers behind a firewall.\nObject spoofing using XBL <implements> moz_bug_r_a4 demonstrated a DOM object spoofing bug similar to MFSA 2005-55 using an XBL control that <implements> an internal interface. The severity depends on the version of Firefox: investigation so far indicates Firefox 1.0.x releases don't expose any vulnerable functionality to interfaces spoofed in this way, but that early Deer Park Alpha 1 versions did.\n\nXBL was changed to no longer allow unprivileged controls from web content to implement XPCOM interfaces. JavaScript integer overflow Georgi Guninski reported an integer overflow in the JavaScript engine.\nWe presume this could be exploited to run arbitrary code under favorable conditions. Privilege escalation using about: scheme heatsync and shutdown report two different ways to bypass the restriction on loading high privileged 'chrome' pages from an unprivileged 'about:' page. By itself this is harmless--once the 'about' page's privilege is raised the original page no longer has access--but should this be combined with a same-origin violation this could lead to arbitrary code execution. Chrome window spoofing moz_bug_r_a4 demonstrates a way to get a blank 'chrome' canvas by opening a window from a reference to a closed window. The resulting window is not privileged, but the normal browser UI is missing and can be used to construct a spoof page without any of the safety features of the browser chrome designed to alert users to phishing sites, such as the address bar and the status bar.", "modified": "2018-11-21T00:00:00", "id": "FREEBSD_PKG_8F5DD74B2C6111DAA2630001020EED82.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=21473", "published": "2006-05-13T00:00:00", "title": "FreeBSD : firefox & mozilla -- multiple vulnerabilities (8f5dd74b-2c61-11da-a263-0001020eed82)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(21473);\n script_version(\"1.15\");\n script_cvs_date(\"Date: 2018/11/21 10:46:30\");\n\n script_cve_id(\"CVE-2005-2701\", \"CVE-2005-2702\", \"CVE-2005-2703\", \"CVE-2005-2704\", \"CVE-2005-2705\", \"CVE-2005-2706\", \"CVE-2005-2707\");\n\n script_name(english:\"FreeBSD : firefox & mozilla -- multiple vulnerabilities (8f5dd74b-2c61-11da-a263-0001020eed82)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A Mozilla Foundation Security Advisory reports of multiple issues :\nHeap overrun in XBM image processing jackerror reports that an\nimproperly terminated XBM image ending with space characters instead\nof the expected end tag can lead to a heap buffer overrun. This\nappears to be exploitable to install or run malicious code on the\nuser's machine.\n\nThunderbird does not support the XBM format and is not affected by\nthis flaw. Crash on 'zero-width non-joiner' sequence Mats Palmgren\ndiscovered that a reported crash on Unicode sequences with 'zero-width\nnon-joiner' characters was due to stack corruption that may be\nexploitable. XMLHttpRequest header spoofing It was possible to add\nillegal and malformed headers to an XMLHttpRequest. This could have\nbeen used to exploit server or proxy flaws from the user's machine, or\nto fool a server or proxy into thinking a single request was a stream\nof separate requests. The severity of this vulnerability depends on\nthe value of servers which might be vulnerable to HTTP request\nsmuggling and similar attacks, or which share an IP address (virtual\nhosting) with the attacker's page.\n\nFor users connecting to the web through a proxy this flaw could be\nused to bypass the same-origin restriction on XMLHttpRequests by\nfooling the proxy into handling a single request as multiple\npipe-lined requests directed at arbitrary hosts. This could be used,\nfor example, to read files on intranet servers behind a firewall.\nObject spoofing using XBL <implements> moz_bug_r_a4 demonstrated a DOM\nobject spoofing bug similar to MFSA 2005-55 using an XBL control that\n<implements> an internal interface. The severity depends on the\nversion of Firefox: investigation so far indicates Firefox 1.0.x\nreleases don't expose any vulnerable functionality to interfaces\nspoofed in this way, but that early Deer Park Alpha 1 versions did.\n\nXBL was changed to no longer allow unprivileged controls from web\ncontent to implement XPCOM interfaces. JavaScript integer overflow\nGeorgi Guninski reported an integer overflow in the JavaScript engine.\nWe presume this could be exploited to run arbitrary code under\nfavorable conditions. Privilege escalation using about: scheme\nheatsync and shutdown report two different ways to bypass the\nrestriction on loading high privileged 'chrome' pages from an\nunprivileged 'about:' page. By itself this is harmless--once the\n'about' page's privilege is raised the original page no longer has\naccess--but should this be combined with a same-origin violation this\ncould lead to arbitrary code execution. Chrome window spoofing\nmoz_bug_r_a4 demonstrates a way to get a blank 'chrome' canvas by\nopening a window from a reference to a closed window. The resulting\nwindow is not privileged, but the normal browser UI is missing and can\nbe used to construct a spoof page without any of the safety features\nof the browser chrome designed to alert users to phishing sites, such\nas the address bar and the status bar.\"\n );\n # http://www.mozilla.org/security/announce/mfsa2005-58.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2005-58/\"\n );\n # https://vuxml.freebsd.org/freebsd/8f5dd74b-2c61-11da-a263-0001020eed82.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0a2b5253\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cwe_id(94);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:de-linux-mozillafirebird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:de-linux-netscape\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:de-netscape7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:el-linux-mozillafirebird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:fr-linux-netscape\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:fr-netscape7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:ja-linux-mozillafirebird-gtk1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:ja-linux-netscape\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:ja-mozillafirebird-gtk2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:ja-netscape7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-mozilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-mozilla-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-mozillafirebird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-netscape\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-phoenix\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mozilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mozilla+ipv6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mozilla-embedded\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mozilla-firebird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mozilla-gtk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mozilla-gtk1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mozilla-gtk2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mozilla-thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:netscape7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:phoenix\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:pt_BR-netscape7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:ru-linux-mozillafirebird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:zhCN-linux-mozillafirebird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:zhTW-linux-mozillafirebird\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/09/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/09/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/05/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"firefox<1.0.7,1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"linux-firefox<1.0.7\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"mozilla<1.7.12,2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"mozilla>=1.8.*,2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"linux-mozilla<1.7.12\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"linux-mozilla-devel>0\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"netscape7>=0\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"de-linux-mozillafirebird>=0\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"el-linux-mozillafirebird>=0\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"ja-linux-mozillafirebird-gtk1>=0\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"ja-mozillafirebird-gtk2>=0\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"linux-mozillafirebird>=0\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"ru-linux-mozillafirebird>=0\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"zhCN-linux-mozillafirebird>=0\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"zhTW-linux-mozillafirebird>=0\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"de-linux-netscape>=0\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"de-netscape7>=0\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"fr-linux-netscape>=0\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"fr-netscape7>=0\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"ja-linux-netscape>=0\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"ja-netscape7>=0\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"linux-netscape>=0\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"linux-phoenix>=0\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"mozilla+ipv6>=0\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"mozilla-embedded>=0\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"mozilla-firebird>=0\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"mozilla-gtk1>=0\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"mozilla-gtk2>=0\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"mozilla-gtk>=0\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"mozilla-thunderbird>=0\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"phoenix>=0\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"pt_BR-netscape7>=0\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "redhat": [{"lastseen": "2019-05-29T14:33:39", "bulletinFamily": "unix", "description": "Mozilla Firefox is an open source Web browser.\r\n\r\nA bug was found in the way Firefox processes XBM image files. If a user\r\nviews a specially crafted XBM file, it becomes possible to execute\r\narbitrary code as the user running Firefox. The Common Vulnerabilities and\r\nExposures project (cve.mitre.org) has assigned the name CAN-2005-2701 to\r\nthis issue.\r\n\r\nA bug was found in the way Firefox processes certain Unicode\r\nsequences. It may be possible to execute arbitrary code as the user running\r\nFirefox if the user views a specially crafted Unicode sequence. (CAN-2005-2702)\r\n\r\nA bug was found in the way Firefox makes XMLHttp requests. It is possible\r\nthat a malicious web page could leverage this flaw to exploit other proxy\r\nor server flaws from the victim's machine. It is also possible that this\r\nflaw could be leveraged to send XMLHttp requests to hosts other than the\r\noriginator; the default behavior of the browser is to disallow this.\r\n(CAN-2005-2703)\r\n\r\nA bug was found in the way Firefox implemented its XBL interface. It may be\r\npossible for a malicious web page to create an XBL binding in such a way\r\nthat would allow arbitrary JavaScript execution with chrome permissions.\r\nPlease note that in Firefox 1.0.6 this issue is not directly exploitable\r\nand will need to leverage other unknown exploits. (CAN-2005-2704)\r\n\r\nAn integer overflow bug was found in Firefox's JavaScript engine. Under\r\nfavorable conditions, it may be possible for a malicious web page to\r\nexecute arbitrary code as the user running Firefox. (CAN-2005-2705)\r\n\r\nA bug was found in the way Firefox displays about: pages. It is possible\r\nfor a malicious web page to open an about: page, such as about:mozilla, in\r\nsuch a way that it becomes possible to execute JavaScript with chrome\r\nprivileges. (CAN-2005-2706)\r\n\r\nA bug was found in the way Firefox opens new windows. It is possible for a\r\nmalicious web site to construct a new window without any user interface\r\ncomponents, such as the address bar and the status bar. This window could\r\nthen be used to mislead the user for malicious purposes. (CAN-2005-2707)\r\n\r\nA bug was found in the way Firefox processes URLs passed to it on the\r\ncommand line. If a user passes a malformed URL to Firefox, such as clicking\r\non a link in an instant messaging program, it is possible to execute\r\narbitrary commands as the user running Firefox. (CAN-2005-2968)\r\n\r\nUsers of Firefox are advised to upgrade to this updated package that\r\ncontains Firefox version 1.0.7 and is not vulnerable to these issues.", "modified": "2017-09-08T12:14:25", "published": "2005-09-22T04:00:00", "id": "RHSA-2005:785", "href": "https://access.redhat.com/errata/RHSA-2005:785", "type": "redhat", "title": "(RHSA-2005:785) firefox security update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T14:35:44", "bulletinFamily": "unix", "description": "Mozilla Thunderbird is a standalone mail and newsgroup client.\r\n\r\nA bug was found in the way Thunderbird processes certain international\r\ndomain names. An attacker could create a specially crafted HTML mail, which\r\nwhen viewed by the victim would cause Thunderbird to crash or possibly\r\nexecute arbitrary code. Thunderbird as shipped with Red Hat Enterprise\r\nLinux 4 must have international domain names enabled by the user in order\r\nto be vulnerable to this issue. The Common Vulnerabilities and Exposures\r\nproject (cve.mitre.org) has assigned the name CAN-2005-2871 to this issue.\r\n\r\nA bug was found in the way Thunderbird processes certain Unicode sequences.\r\nIt may be possible to execute arbitrary code as the user running\r\nThunderbird if the user views a specially crafted HTML mail containing\r\nUnicode sequences. (CAN-2005-2702)\r\n\r\nA bug was found in the way Thunderbird makes XMLHttp requests. It is\r\npossible that a malicious HTML mail could leverage this flaw to exploit\r\nother proxy or server flaws from the victim's machine. It is also possible\r\nthat this flaw could be leveraged to send XMLHttp requests to hosts other\r\nthan the originator; the default behavior of Thunderbird is to disallow\r\nsuch actions. (CAN-2005-2703)\r\n\r\nA bug was found in the way Thunderbird implemented its XBL interface. It\r\nmay be possible for a malicious HTML mail to create an XBL binding in such\r\na way that would allow arbitrary JavaScript execution with chrome\r\npermissions. Please note that in Thunderbird 1.0.6 this issue is not\r\ndirectly exploitable and will need to leverage other unknown exploits.\r\n(CAN-2005-2704)\r\n\r\nAn integer overflow bug was found in Thunderbird's JavaScript engine. Under\r\nfavorable conditions, it may be possible for a malicious mail message to\r\nexecute arbitrary code as the user running Thunderbird. Please note that\r\nJavaScript support is disabled by default in Thunderbird. (CAN-2005-2705)\r\n\r\nA bug was found in the way Thunderbird displays about: pages. It is\r\npossible for a malicious HTML mail to open an about: page, such as\r\nabout:mozilla, in such a way that it becomes possible to execute JavaScript\r\nwith chrome privileges. (CAN-2005-2706)\r\n\r\nA bug was found in the way Thunderbird opens new windows. It is possible\r\nfor a malicious HTML mail to construct a new window without any user\r\ninterface components, such as the address bar and the status bar. This\r\nwindow could then be used to mislead the user for malicious purposes.\r\n(CAN-2005-2707)\r\n\r\nA bug was found in the way Thunderbird processes URLs passed to it on the\r\ncommand line. If a user passes a malformed URL to Thunderbird, such as\r\nclicking on a link in an instant messaging program, it is possible to\r\nexecute arbitrary commands as the user running Thunderbird. (CAN-2005-2968) \r\n\r\nUsers of Thunderbird are advised to upgrade to this updated package, which\r\ncontains Thunderbird version 1.0.7 and is not vulnerable to these issues.", "modified": "2017-09-08T12:16:11", "published": "2005-10-06T04:00:00", "id": "RHSA-2005:791", "href": "https://access.redhat.com/errata/RHSA-2005:791", "type": "redhat", "title": "(RHSA-2005:791) thunderbird security update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "freebsd": [{"lastseen": "2019-05-29T18:34:51", "bulletinFamily": "unix", "description": "\nA Mozilla Foundation Security Advisory reports of multiple\n\t issues:\n\nHeap overrun in XBM image processing\njackerror reports that an improperly terminated XBM image\n\t ending with space characters instead of the expected end\n\t tag can lead to a heap buffer overrun. This appears to be\n\t exploitable to install or run malicious code on the user's\n\t machine.\nThunderbird does not support the XBM format and is not\n\t affected by this flaw.\nCrash on \"zero-width non-joiner\" sequence\nMats Palmgren discovered that a reported crash on Unicode\n\t sequences with \"zero-width non-joiner\" characters was due\n\t to stack corruption that may be exploitable.\nXMLHttpRequest header spoofing\nIt was possible to add illegal and malformed headers to\n\t an XMLHttpRequest. This could have been used to exploit\n\t server or proxy flaws from the user's machine, or to fool\n\t a server or proxy into thinking a single request was a\n\t stream of separate requests. The severity of this\n\t vulnerability depends on the value of servers which might\n\t be vulnerable to HTTP request smuggling and similar\n\t attacks, or which share an IP address (virtual hosting)\n\t with the attacker's page.\nFor users connecting to the web through a proxy this flaw\n\t could be used to bypass the same-origin restriction on\n\t XMLHttpRequests by fooling the proxy into handling a\n\t single request as multiple pipe-lined requests directed at\n\t arbitrary hosts. This could be used, for example, to read\n\t files on intranet servers behind a firewall.\nObject spoofing using XBL <implements>\nmoz_bug_r_a4 demonstrated a DOM object spoofing bug\n\t similar to MFSA\n\t 2005-55 using an XBL control that <implements>\n\t an internal interface. The severity depends on the version\n\t of Firefox: investigation so far indicates Firefox 1.0.x\n\t releases don't expose any vulnerable functionality to\n\t interfaces spoofed in this way, but that early Deer Park\n\t Alpha 1 versions did.\nXBL was changed to no longer allow unprivileged controls\n\t from web content to implement XPCOM interfaces.\nJavaScript integer overflow\nGeorgi Guninski reported an integer overflow in the\n\t JavaScript engine. We presume this could be exploited to\n\t run arbitrary code under favorable conditions.\nPrivilege escalation using about: scheme\nheatsync and shutdown report two different ways to bypass\n\t the restriction on loading high privileged \"chrome\" pages\n\t from an unprivileged \"about:\" page. By itself this is\n\t harmless--once the \"about\" page's privilege is raised the\n\t original page no longer has access--but should this be\n\t combined with a same-origin violation this could lead to\n\t arbitrary code execution.\nChrome window spoofing\nmoz_bug_r_a4 demonstrates a way to get a blank \"chrome\"\n\t canvas by opening a window from a reference to a closed\n\t window. The resulting window is not privileged, but the\n\t normal browser UI is missing and can be used to construct\n\t a spoof page without any of the safety features of the\n\t browser chrome designed to alert users to phishing sites,\n\t such as the address bar and the status bar.\n\n", "modified": "2005-10-26T00:00:00", "published": "2005-09-22T00:00:00", "id": "8F5DD74B-2C61-11DA-A263-0001020EED82", "href": "https://vuxml.freebsd.org/freebsd/8f5dd74b-2c61-11da-a263-0001020eed82.html", "title": "firefox & mozilla -- multiple vulnerabilities", "type": "freebsd", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "gentoo": [{"lastseen": "2016-09-06T19:47:04", "bulletinFamily": "unix", "description": "### Background\n\nThe Mozilla Suite is a popular all-in-one web browser that includes a mail and news reader. Mozilla Firefox is the next-generation browser from the Mozilla project. Gecko is the layout engine used in both products. \n\n### Description\n\nThe Mozilla Suite and Firefox are both vulnerable to the following issues: \n\n * Tom Ferris reported a heap overflow in IDN-enabled browsers with malicious Host: headers (CAN-2005-2871).\n * \"jackerror\" discovered a heap overrun in XBM image processing (CAN-2005-2701).\n * Mats Palmgren reported a potentially exploitable stack corruption using specific Unicode sequences (CAN-2005-2702).\n * Georgi Guninski discovered an integer overflow in the JavaScript engine (CAN-2005-2705)\n * Other issues ranging from DOM object spoofing to request header spoofing were also found and fixed in the latest versions (CAN-2005-2703, CAN-2005-2704, CAN-2005-2706, CAN-2005-2707).\n\nThe Gecko engine in itself is also affected by some of these issues and has been updated as well. \n\n### Impact\n\nA remote attacker could setup a malicious site and entice a victim to visit it, potentially resulting in arbitrary code execution with the victim's privileges or facilitated spoofing of known websites. \n\n### Workaround\n\nThere is no known workaround for all the issues. \n\n### Resolution\n\nAll Mozilla Firefox users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/mozilla-firefox-1.0.7-r2\"\n\nAll Mozilla Suite users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/mozilla-1.7.12-r2\"\n\nAll Mozilla Firefox binary users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/mozilla-firefox-bin-1.0.7\"\n\nAll Mozilla Suite binary users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/mozilla-bin-1.7.12\"\n\nAll Gecko library users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-libs/gecko-sdk-1.7.12\"", "modified": "2005-09-29T00:00:00", "published": "2005-09-18T00:00:00", "id": "GLSA-200509-11", "href": "https://security.gentoo.org/glsa/200509-11", "type": "gentoo", "title": "Mozilla Suite, Mozilla Firefox: Multiple vulnerabilities", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "openvas": [{"lastseen": "2017-07-02T21:10:23", "bulletinFamily": "scanner", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "modified": "2016-09-19T00:00:00", "published": "2008-09-04T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=55419", "id": "OPENVAS:55419", "title": "FreeBSD Ports: firefox", "type": "openvas", "sourceData": "#\n#VID 8f5dd74b-2c61-11da-a263-0001020eed82\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from vuxml or freebsd advisories\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following packages are affected:\n firefox\n linux-firefox\n mozilla\n linux-mozilla\n linux-mozilla-devel\n netscape7\n de-linux-mozillafirebird\n el-linux-mozillafirebird\n ja-linux-mozillafirebird-gtk1\n ja-mozillafirebird-gtk2\n linux-mozillafirebird\n ru-linux-mozillafirebird\n zhCN-linux-mozillafirebird\n zhTW-linux-mozillafirebird\n de-linux-netscape\n de-netscape7\n fr-linux-netscape\n fr-netscape7\n ja-linux-netscape\n ja-netscape7\n linux-netscape\n linux-phoenix\n mozilla+ipv6\n mozilla-embedded\n mozilla-firebird\n mozilla-gtk1\n mozilla-gtk2\n mozilla-gtk\n mozilla-thunderbird\n phoenix\n pt_BR-netscape7\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://www.mozilla.org/security/announce/mfsa2005-58.html\nhttp://www.vuxml.org/freebsd/8f5dd74b-2c61-11da-a263-0001020eed82.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\nif(description)\n{\n script_id(55419);\n script_version(\"$Revision: 4112 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-09-19 15:17:59 +0200 (Mon, 19 Sep 2016) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-04 20:41:11 +0200 (Thu, 04 Sep 2008)\");\n script_cve_id(\"CVE-2005-2701\", \"CVE-2005-2702\", \"CVE-2005-2703\", \"CVE-2005-2704\", \"CVE-2005-2705\", \"CVE-2005-2706\", \"CVE-2005-2707\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"FreeBSD Ports: firefox\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"firefox\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.0.7,1\")<0) {\n txt += 'Package firefox version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"linux-firefox\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.0.7\")>0) {\n txt += 'Package linux-firefox version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"mozilla\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.7.12,2\")<0) {\n txt += 'Package mozilla version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"1.8.*,2\")>=0) {\n txt += 'Package mozilla version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"linux-mozilla\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.7.12\")<0) {\n txt += 'Package linux-mozilla version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"linux-mozilla-devel\");\nif(!isnull(bver) && revcomp(a:bver, b:\"0\")>0) {\n txt += 'Package linux-mozilla-devel version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"netscape7\");\nif(!isnull(bver) && revcomp(a:bver, b:\"0\")>=0) {\n txt += 'Package netscape7 version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"de-linux-mozillafirebird\");\nif(!isnull(bver) && revcomp(a:bver, b:\"0\")>=0) {\n txt += 'Package de-linux-mozillafirebird version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"el-linux-mozillafirebird\");\nif(!isnull(bver) && revcomp(a:bver, b:\"0\")>=0) {\n txt += 'Package el-linux-mozillafirebird version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"ja-linux-mozillafirebird-gtk1\");\nif(!isnull(bver) && revcomp(a:bver, b:\"0\")>=0) {\n txt += 'Package ja-linux-mozillafirebird-gtk1 version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"ja-mozillafirebird-gtk2\");\nif(!isnull(bver) && revcomp(a:bver, b:\"0\")>=0) {\n txt += 'Package ja-mozillafirebird-gtk2 version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"linux-mozillafirebird\");\nif(!isnull(bver) && revcomp(a:bver, b:\"0\")>=0) {\n txt += 'Package linux-mozillafirebird version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"ru-linux-mozillafirebird\");\nif(!isnull(bver) && revcomp(a:bver, b:\"0\")>=0) {\n txt += 'Package ru-linux-mozillafirebird version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"zhCN-linux-mozillafirebird\");\nif(!isnull(bver) && revcomp(a:bver, b:\"0\")>=0) {\n txt += 'Package zhCN-linux-mozillafirebird version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"zhTW-linux-mozillafirebird\");\nif(!isnull(bver) && revcomp(a:bver, b:\"0\")>=0) {\n txt += 'Package zhTW-linux-mozillafirebird version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"de-linux-netscape\");\nif(!isnull(bver) && revcomp(a:bver, b:\"0\")>=0) {\n txt += 'Package de-linux-netscape version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"de-netscape7\");\nif(!isnull(bver) && revcomp(a:bver, b:\"0\")>=0) {\n txt += 'Package de-netscape7 version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"fr-linux-netscape\");\nif(!isnull(bver) && revcomp(a:bver, b:\"0\")>=0) {\n txt += 'Package fr-linux-netscape version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"fr-netscape7\");\nif(!isnull(bver) && revcomp(a:bver, b:\"0\")>=0) {\n txt += 'Package fr-netscape7 version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"ja-linux-netscape\");\nif(!isnull(bver) && revcomp(a:bver, b:\"0\")>=0) {\n txt += 'Package ja-linux-netscape version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"ja-netscape7\");\nif(!isnull(bver) && revcomp(a:bver, b:\"0\")>=0) {\n txt += 'Package ja-netscape7 version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"linux-netscape\");\nif(!isnull(bver) && revcomp(a:bver, b:\"0\")>=0) {\n txt += 'Package linux-netscape version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"linux-phoenix\");\nif(!isnull(bver) && revcomp(a:bver, b:\"0\")>=0) {\n txt += 'Package linux-phoenix version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"mozilla+ipv6\");\nif(!isnull(bver) && revcomp(a:bver, b:\"0\")>=0) {\n txt += 'Package mozilla+ipv6 version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"mozilla-embedded\");\nif(!isnull(bver) && revcomp(a:bver, b:\"0\")>=0) {\n txt += 'Package mozilla-embedded version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"mozilla-firebird\");\nif(!isnull(bver) && revcomp(a:bver, b:\"0\")>=0) {\n txt += 'Package mozilla-firebird version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"mozilla-gtk1\");\nif(!isnull(bver) && revcomp(a:bver, b:\"0\")>=0) {\n txt += 'Package mozilla-gtk1 version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"mozilla-gtk2\");\nif(!isnull(bver) && revcomp(a:bver, b:\"0\")>=0) {\n txt += 'Package mozilla-gtk2 version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"mozilla-gtk\");\nif(!isnull(bver) && revcomp(a:bver, b:\"0\")>=0) {\n txt += 'Package mozilla-gtk version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"mozilla-thunderbird\");\nif(!isnull(bver) && revcomp(a:bver, b:\"0\")>=0) {\n txt += 'Package mozilla-thunderbird version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"phoenix\");\nif(!isnull(bver) && revcomp(a:bver, b:\"0\")>=0) {\n txt += 'Package phoenix version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"pt_BR-netscape7\");\nif(!isnull(bver) && revcomp(a:bver, b:\"0\")>=0) {\n txt += 'Package pt_BR-netscape7 version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-06T11:37:30", "bulletinFamily": "scanner", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n mozilla-venkman\n mozilla-cs\n mozilla\n mozilla-devel\n mozilla-hu\n mozilla-ja\n mozilla-mail\n mozilla-ko\n mozilla-dom-inspector\n mozilla-deat\n mozilla-irc\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5010264 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "modified": "2018-04-06T00:00:00", "published": "2009-10-10T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231065289", "id": "OPENVAS:136141256231065289", "title": "SLES9: Security update for Mozilla", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5010264.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Security update for Mozilla\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n mozilla-venkman\n mozilla-cs\n mozilla\n mozilla-devel\n mozilla-hu\n mozilla-ja\n mozilla-mail\n mozilla-ko\n mozilla-dom-inspector\n mozilla-deat\n mozilla-irc\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5010264 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.65289\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2005-2701\", \"CVE-2005-2702\", \"CVE-2005-2703\", \"CVE-2005-2704\", \"CVE-2005-2705\", \"CVE-2005-2706\", \"CVE-2005-2707\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"SLES9: Security update for Mozilla\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"mozilla-venkman\", rpm:\"mozilla-venkman~1.7.8~5.13\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:50:02", "bulletinFamily": "scanner", "description": "The remote host is missing an update to mozilla-thunderbird\nannounced via advisory DSA 868-1.\n\nSeveral security-related problems have been discovered in Mozilla and\nderived programs. Some of the problems don't exactly apply\nto Mozilla Thunderbird, even though the code is present. In order to\nkeep the codebase in sync with upstream it has been altered\nnevertheless. \n\nFor details on the problems, please visit the referenced security\nadvisories.", "modified": "2017-07-07T00:00:00", "published": "2008-01-17T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=55711", "id": "OPENVAS:55711", "title": "Debian Security Advisory DSA 868-1 (mozilla-thunderbird)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_868_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 868-1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_solution = \"For the stable distribution (sarge) these problems have been fixed in\nversion 1.0.2-2.sarge1.0.7.\n\nFor the unstable distribution (sid) these problems have been fixed in\nversion 1.0.7-1.\n\nWe recommend that you upgrade your mozilla-thunderbird package.\n\n https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20868-1\";\ntag_summary = \"The remote host is missing an update to mozilla-thunderbird\nannounced via advisory DSA 868-1.\n\nSeveral security-related problems have been discovered in Mozilla and\nderived programs. Some of the problems don't exactly apply\nto Mozilla Thunderbird, even though the code is present. In order to\nkeep the codebase in sync with upstream it has been altered\nnevertheless. \n\nFor details on the problems, please visit the referenced security\nadvisories.\";\n\n\nif(description)\n{\n script_id(55711);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 23:03:37 +0100 (Thu, 17 Jan 2008)\");\n script_cve_id(\"CVE-2005-2871\", \"CVE-2005-2701\", \"CVE-2005-2702\", \"CVE-2005-2703\", \"CVE-2005-2704\", \"CVE-2005-2705\", \"CVE-2005-2706\", \"CVE-2005-2707\", \"CVE-2005-2968\");\n script_bugtraq_id(14784);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Debian Security Advisory DSA 868-1 (mozilla-thunderbird)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"mozilla-thunderbird\", ver:\"1.0.2-2.sarge1.0.7\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mozilla-thunderbird-dev\", ver:\"1.0.2-2.sarge1.0.7\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mozilla-thunderbird-inspector\", ver:\"1.0.2-2.sarge1.0.7\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mozilla-thunderbird-offline\", ver:\"1.0.2-2.sarge1.0.7\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mozilla-thunderbird-typeaheadfind\", ver:\"1.0.2-2.sarge1.0.7\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-26T08:55:17", "bulletinFamily": "scanner", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n mozilla-venkman\n mozilla-cs\n mozilla\n mozilla-devel\n mozilla-hu\n mozilla-ja\n mozilla-mail\n mozilla-ko\n mozilla-dom-inspector\n mozilla-deat\n mozilla-irc\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5010264 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "modified": "2017-07-11T00:00:00", "published": "2009-10-10T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=65289", "id": "OPENVAS:65289", "title": "SLES9: Security update for Mozilla", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5010264.nasl 6666 2017-07-11 13:13:36Z cfischer $\n# Description: Security update for Mozilla\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n mozilla-venkman\n mozilla-cs\n mozilla\n mozilla-devel\n mozilla-hu\n mozilla-ja\n mozilla-mail\n mozilla-ko\n mozilla-dom-inspector\n mozilla-deat\n mozilla-irc\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5010264 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_id(65289);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2005-2701\", \"CVE-2005-2702\", \"CVE-2005-2703\", \"CVE-2005-2704\", \"CVE-2005-2705\", \"CVE-2005-2706\", \"CVE-2005-2707\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"SLES9: Security update for Mozilla\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"mozilla-venkman\", rpm:\"mozilla-venkman~1.7.8~5.13\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:50:12", "bulletinFamily": "scanner", "description": "The remote host is missing an update to mozilla-firefox\nannounced via advisory DSA 838-1.\n\nMultiple security vulnerabilities have been identified in the\nmozilla-firefox web browser. These vulnerabilities could allow an\nattacker to execute code on the victim's machine via specially crafted\nnetwork resources.\n\nCVE-2005-2701\nHeap overrun in XBM image processing\n\nCVE-2005-2702\nDenial of service (crash) and possible execution of arbitrary\ncode via Unicode sequences with zero-width non-joiner\ncharacters.\n\nCVE-2005-2703\nXMLHttpRequest header spoofing\n\nCVE-2005-2704\nObject spoofing using XBL <implements>\n\nCVE-2005-2705\nJavaScript integer overflow\n\nCVE-2005-2706\nPrivilege escalation using about: scheme\n\nCVE-2005-2707\nChrome window spoofing allowing windows to be created without\nUI components such as a URL bar or status bar that could be\nused to carry out phishing attacks", "modified": "2017-07-07T00:00:00", "published": "2008-01-17T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=55515", "id": "OPENVAS:55515", "title": "Debian Security Advisory DSA 838-1 (mozilla-firefox)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_838_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 838-1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_solution = \"For the stable distribution (sarge), these problems have been fixed in\nversion 1.0.4-2sarge5\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.0.7-1\n\nWe recommend that you upgrade your mozilla-firefox package.\n\n https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20838-1\";\ntag_summary = \"The remote host is missing an update to mozilla-firefox\nannounced via advisory DSA 838-1.\n\nMultiple security vulnerabilities have been identified in the\nmozilla-firefox web browser. These vulnerabilities could allow an\nattacker to execute code on the victim's machine via specially crafted\nnetwork resources.\n\nCVE-2005-2701\nHeap overrun in XBM image processing\n\nCVE-2005-2702\nDenial of service (crash) and possible execution of arbitrary\ncode via Unicode sequences with zero-width non-joiner\ncharacters.\n\nCVE-2005-2703\nXMLHttpRequest header spoofing\n\nCVE-2005-2704\nObject spoofing using XBL <implements>\n\nCVE-2005-2705\nJavaScript integer overflow\n\nCVE-2005-2706\nPrivilege escalation using about: scheme\n\nCVE-2005-2707\nChrome window spoofing allowing windows to be created without\nUI components such as a URL bar or status bar that could be\nused to carry out phishing attacks\";\n\n\nif(description)\n{\n script_id(55515);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 23:03:37 +0100 (Thu, 17 Jan 2008)\");\n script_cve_id(\"CVE-2005-2701\", \"CVE-2005-2702\", \"CVE-2005-2703\", \"CVE-2005-2704\", \"CVE-2005-2705\", \"CVE-2005-2706\", \"CVE-2005-2707\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Debian Security Advisory DSA 838-1 (mozilla-firefox)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"mozilla-firefox\", ver:\"1.0.4-2sarge5\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mozilla-firefox-dom-inspector\", ver:\"1.0.4-2sarge5\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mozilla-firefox-gnome-support\", ver:\"1.0.4-2sarge5\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:50:21", "bulletinFamily": "scanner", "description": "The remote host is missing an update to mozilla\nannounced via advisory DSA 866-1.\n\nSeveral security-related problems have been discovered in Mozilla and\nderived programs. For details, please visit the referenced\nsecurity advisories.", "modified": "2017-07-07T00:00:00", "published": "2008-01-17T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=55716", "id": "OPENVAS:55716", "title": "Debian Security Advisory DSA 866-1 (mozilla)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_866_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 866-1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_solution = \"For the stable distribution (sarge) these problems have been fixed in\nversion 1.7.8-1sarge3.\n\nFor the unstable distribution (sid) these problems have been fixed in\nversion 1.7.12-1.\n\nWe recommend that you upgrade your mozilla package.\n\n https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20866-1\";\ntag_summary = \"The remote host is missing an update to mozilla\nannounced via advisory DSA 866-1.\n\nSeveral security-related problems have been discovered in Mozilla and\nderived programs. For details, please visit the referenced\nsecurity advisories.\";\n\n\nif(description)\n{\n script_id(55716);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 23:03:37 +0100 (Thu, 17 Jan 2008)\");\n script_cve_id(\"CVE-2005-2871\", \"CVE-2005-2701\", \"CVE-2005-2702\", \"CVE-2005-2703\", \"CVE-2005-2704\", \"CVE-2005-2705\", \"CVE-2005-2706\", \"CVE-2005-2707\", \"CVE-2005-2968\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Debian Security Advisory DSA 866-1 (mozilla)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libnspr-dev\", ver:\"1.7.8-1sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libnspr4\", ver:\"1.7.8-1sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libnss-dev\", ver:\"1.7.8-1sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libnss3\", ver:\"1.7.8-1sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mozilla\", ver:\"1.7.8-1sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mozilla-browser\", ver:\"1.7.8-1sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mozilla-calendar\", ver:\"1.7.8-1sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mozilla-chatzilla\", ver:\"1.7.8-1sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mozilla-dev\", ver:\"1.7.8-1sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mozilla-dom-inspector\", ver:\"1.7.8-1sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mozilla-js-debugger\", ver:\"1.7.8-1sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mozilla-mailnews\", ver:\"1.7.8-1sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mozilla-psm\", ver:\"1.7.8-1sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "centos": [{"lastseen": "2019-05-29T18:33:21", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2005:785\n\n\nMozilla Firefox is an open source Web browser.\r\n\r\nA bug was found in the way Firefox processes XBM image files. If a user\r\nviews a specially crafted XBM file, it becomes possible to execute\r\narbitrary code as the user running Firefox. The Common Vulnerabilities and\r\nExposures project (cve.mitre.org) has assigned the name CAN-2005-2701 to\r\nthis issue.\r\n\r\nA bug was found in the way Firefox processes certain Unicode\r\nsequences. It may be possible to execute arbitrary code as the user running\r\nFirefox if the user views a specially crafted Unicode sequence. (CAN-2005-2702)\r\n\r\nA bug was found in the way Firefox makes XMLHttp requests. It is possible\r\nthat a malicious web page could leverage this flaw to exploit other proxy\r\nor server flaws from the victim's machine. It is also possible that this\r\nflaw could be leveraged to send XMLHttp requests to hosts other than the\r\noriginator; the default behavior of the browser is to disallow this.\r\n(CAN-2005-2703)\r\n\r\nA bug was found in the way Firefox implemented its XBL interface. It may be\r\npossible for a malicious web page to create an XBL binding in such a way\r\nthat would allow arbitrary JavaScript execution with chrome permissions.\r\nPlease note that in Firefox 1.0.6 this issue is not directly exploitable\r\nand will need to leverage other unknown exploits. (CAN-2005-2704)\r\n\r\nAn integer overflow bug was found in Firefox's JavaScript engine. Under\r\nfavorable conditions, it may be possible for a malicious web page to\r\nexecute arbitrary code as the user running Firefox. (CAN-2005-2705)\r\n\r\nA bug was found in the way Firefox displays about: pages. It is possible\r\nfor a malicious web page to open an about: page, such as about:mozilla, in\r\nsuch a way that it becomes possible to execute JavaScript with chrome\r\nprivileges. (CAN-2005-2706)\r\n\r\nA bug was found in the way Firefox opens new windows. It is possible for a\r\nmalicious web site to construct a new window without any user interface\r\ncomponents, such as the address bar and the status bar. This window could\r\nthen be used to mislead the user for malicious purposes. (CAN-2005-2707)\r\n\r\nA bug was found in the way Firefox processes URLs passed to it on the\r\ncommand line. If a user passes a malformed URL to Firefox, such as clicking\r\non a link in an instant messaging program, it is possible to execute\r\narbitrary commands as the user running Firefox. (CAN-2005-2968)\r\n\r\nUsers of Firefox are advised to upgrade to this updated package that\r\ncontains Firefox version 1.0.7 and is not vulnerable to these issues.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2005-September/012181.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-September/012182.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-September/012184.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-September/012185.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-September/012189.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-September/012190.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-September/012193.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-September/012194.html\n\n**Affected packages:**\nfirefox\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2005-785.html", "modified": "2005-09-23T22:36:09", "published": "2005-09-22T22:46:14", "href": "http://lists.centos.org/pipermail/centos-announce/2005-September/012181.html", "id": "CESA-2005:785", "title": "firefox security update", "type": "centos", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:33:51", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2005:789\n\n\nMozilla is an open source Web browser, advanced email and newsgroup client,\r\nIRC chat client, and HTML editor.\r\n\r\nA bug was found in the way Mozilla processes XBM image files. If a user\r\nviews a specially crafted XBM file, it becomes possible to execute\r\narbitrary code as the user running Mozilla. The Common Vulnerabilities and\r\nExposures project (cve.mitre.org) has assigned the name CAN-2005-2701 to\r\nthis issue.\r\n\r\nA bug was found in the way Mozilla processes certain Unicode\r\nsequences. It may be possible to execute arbitrary code as the user running\r\nMozilla, if the user views a specially crafted Unicode sequence.\r\n(CAN-2005-2702)\r\n\r\nA bug was found in the way Mozilla makes XMLHttp requests. It is possible\r\nthat a malicious web page could leverage this flaw to exploit other proxy\r\nor server flaws from the victim's machine. It is also possible that this\r\nflaw could be leveraged to send XMLHttp requests to hosts other than the\r\noriginator; the default behavior of the browser is to disallow this.\r\n(CAN-2005-2703)\r\n\r\nA bug was found in the way Mozilla implemented its XBL interface. It may be\r\npossible for a malicious web page to create an XBL binding in a way\r\nthat would allow arbitrary JavaScript execution with chrome permissions.\r\nPlease note that in Mozilla 1.7.10 this issue is not directly exploitable\r\nand would need to leverage other unknown exploits. (CAN-2005-2704)\r\n\r\nAn integer overflow bug was found in Mozilla's JavaScript engine. Under\r\nfavorable conditions, it may be possible for a malicious web page to\r\nexecute arbitrary code as the user running Mozilla. (CAN-2005-2705)\r\n\r\nA bug was found in the way Mozilla displays about: pages. It is possible\r\nfor a malicious web page to open an about: page, such as about:mozilla, in\r\nsuch a way that it becomes possible to execute JavaScript with chrome\r\nprivileges. (CAN-2005-2706)\r\n\r\nA bug was found in the way Mozilla opens new windows. It is possible for a\r\nmalicious web site to construct a new window without any user interface\r\ncomponents, such as the address bar and the status bar. This window could\r\nthen be used to mislead the user for malicious purposes. (CAN-2005-2707)\r\n\r\nUsers of Mozilla are advised to upgrade to this updated package that\r\ncontains Mozilla version 1.7.12 and is not vulnerable to these issues.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2005-September/012178.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-September/012179.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-September/012180.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-September/012183.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-September/012187.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-September/012188.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-September/012191.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-September/012192.html\n\n**Affected packages:**\ndevhelp\ndevhelp-devel\nmozilla\nmozilla-chat\nmozilla-devel\nmozilla-dom-inspector\nmozilla-js-debugger\nmozilla-mail\nmozilla-nspr\nmozilla-nspr-devel\nmozilla-nss\nmozilla-nss-devel\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2005-789.html", "modified": "2005-09-23T09:56:49", "published": "2005-09-22T22:45:24", "href": "http://lists.centos.org/pipermail/centos-announce/2005-September/012178.html", "id": "CESA-2005:789", "title": "devhelp, mozilla security update", "type": "centos", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:48", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2005:789-01\n\n\nMozilla is an open source Web browser, advanced email and newsgroup client,\r\nIRC chat client, and HTML editor.\r\n\r\nA bug was found in the way Mozilla processes XBM image files. If a user\r\nviews a specially crafted XBM file, it becomes possible to execute\r\narbitrary code as the user running Mozilla. The Common Vulnerabilities and\r\nExposures project (cve.mitre.org) has assigned the name CAN-2005-2701 to\r\nthis issue.\r\n\r\nA bug was found in the way Mozilla processes certain Unicode\r\nsequences. It may be possible to execute arbitrary code as the user running\r\nMozilla, if the user views a specially crafted Unicode sequence.\r\n(CAN-2005-2702)\r\n\r\nA bug was found in the way Mozilla makes XMLHttp requests. It is possible\r\nthat a malicious web page could leverage this flaw to exploit other proxy\r\nor server flaws from the victim's machine. It is also possible that this\r\nflaw could be leveraged to send XMLHttp requests to hosts other than the\r\noriginator; the default behavior of the browser is to disallow this.\r\n(CAN-2005-2703)\r\n\r\nA bug was found in the way Mozilla implemented its XBL interface. It may be\r\npossible for a malicious web page to create an XBL binding in a way\r\nthat would allow arbitrary JavaScript execution with chrome permissions.\r\nPlease note that in Mozilla 1.7.10 this issue is not directly exploitable\r\nand would need to leverage other unknown exploits. (CAN-2005-2704)\r\n\r\nAn integer overflow bug was found in Mozilla's JavaScript engine. Under\r\nfavorable conditions, it may be possible for a malicious web page to\r\nexecute arbitrary code as the user running Mozilla. (CAN-2005-2705)\r\n\r\nA bug was found in the way Mozilla displays about: pages. It is possible\r\nfor a malicious web page to open an about: page, such as about:mozilla, in\r\nsuch a way that it becomes possible to execute JavaScript with chrome\r\nprivileges. (CAN-2005-2706)\r\n\r\nA bug was found in the way Mozilla opens new windows. It is possible for a\r\nmalicious web site to construct a new window without any user interface\r\ncomponents, such as the address bar and the status bar. This window could\r\nthen be used to mislead the user for malicious purposes. (CAN-2005-2707)\r\n\r\nUsers of Mozilla are advised to upgrade to this updated package that\r\ncontains Mozilla version 1.7.12 and is not vulnerable to these issues.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2005-September/012186.html\n\n**Affected packages:**\ngaleon\nmozilla\nmozilla-chat\nmozilla-devel\nmozilla-dom-inspector\nmozilla-js-debugger\nmozilla-mail\nmozilla-nspr\nmozilla-nspr-devel\nmozilla-nss\nmozilla-nss-devel\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/rh21as-errata.html", "modified": "2005-09-23T00:52:45", "published": "2005-09-23T00:52:45", "href": "http://lists.centos.org/pipermail/centos-announce/2005-September/012186.html", "id": "CESA-2005:789-01", "title": "galeon, mozilla security update", "type": "centos", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:11", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2005:791\n\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\r\n\r\nA bug was found in the way Thunderbird processes certain international\r\ndomain names. An attacker could create a specially crafted HTML mail, which\r\nwhen viewed by the victim would cause Thunderbird to crash or possibly\r\nexecute arbitrary code. Thunderbird as shipped with Red Hat Enterprise\r\nLinux 4 must have international domain names enabled by the user in order\r\nto be vulnerable to this issue. The Common Vulnerabilities and Exposures\r\nproject (cve.mitre.org) has assigned the name CAN-2005-2871 to this issue.\r\n\r\nA bug was found in the way Thunderbird processes certain Unicode sequences.\r\nIt may be possible to execute arbitrary code as the user running\r\nThunderbird if the user views a specially crafted HTML mail containing\r\nUnicode sequences. (CAN-2005-2702)\r\n\r\nA bug was found in the way Thunderbird makes XMLHttp requests. It is\r\npossible that a malicious HTML mail could leverage this flaw to exploit\r\nother proxy or server flaws from the victim's machine. It is also possible\r\nthat this flaw could be leveraged to send XMLHttp requests to hosts other\r\nthan the originator; the default behavior of Thunderbird is to disallow\r\nsuch actions. (CAN-2005-2703)\r\n\r\nA bug was found in the way Thunderbird implemented its XBL interface. It\r\nmay be possible for a malicious HTML mail to create an XBL binding in such\r\na way that would allow arbitrary JavaScript execution with chrome\r\npermissions. Please note that in Thunderbird 1.0.6 this issue is not\r\ndirectly exploitable and will need to leverage other unknown exploits.\r\n(CAN-2005-2704)\r\n\r\nAn integer overflow bug was found in Thunderbird's JavaScript engine. Under\r\nfavorable conditions, it may be possible for a malicious mail message to\r\nexecute arbitrary code as the user running Thunderbird. Please note that\r\nJavaScript support is disabled by default in Thunderbird. (CAN-2005-2705)\r\n\r\nA bug was found in the way Thunderbird displays about: pages. It is\r\npossible for a malicious HTML mail to open an about: page, such as\r\nabout:mozilla, in such a way that it becomes possible to execute JavaScript\r\nwith chrome privileges. (CAN-2005-2706)\r\n\r\nA bug was found in the way Thunderbird opens new windows. It is possible\r\nfor a malicious HTML mail to construct a new window without any user\r\ninterface components, such as the address bar and the status bar. This\r\nwindow could then be used to mislead the user for malicious purposes.\r\n(CAN-2005-2707)\r\n\r\nA bug was found in the way Thunderbird processes URLs passed to it on the\r\ncommand line. If a user passes a malformed URL to Thunderbird, such as\r\nclicking on a link in an instant messaging program, it is possible to\r\nexecute arbitrary commands as the user running Thunderbird. (CAN-2005-2968) \r\n\r\nUsers of Thunderbird are advised to upgrade to this updated package, which\r\ncontains Thunderbird version 1.0.7 and is not vulnerable to these issues.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2005-October/012255.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-October/012256.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-October/012257.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-October/012258.html\n\n**Affected packages:**\nthunderbird\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2005-791.html", "modified": "2005-10-08T12:29:22", "published": "2005-10-06T23:10:29", "href": "http://lists.centos.org/pipermail/centos-announce/2005-October/012255.html", "id": "CESA-2005:791", "title": "thunderbird security update", "type": "centos", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "debian": [{"lastseen": "2019-05-30T02:22:33", "bulletinFamily": "unix", "description": "- --------------------------------------------------------------------------\nDebian Security Advisory DSA 866-1 security@debian.org\nhttp://www.debian.org/security/ Martin Schulze\nOctober 20th, 2005 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : mozilla\nVulnerability : several\nProblem type : remote\nDebian-specific: no\nCVE IDs : CAN-2005-2871 CAN-2005-2701 CAN-2005-2702 CAN-2005-2703 \n CAN-2005-2704 CAN-2005-2705 CAN-2005-2706 CAN-2005-2707\n CAN-2005-2968 \nDebian Bug : 327366 329778\n\nSeveral security-related problems have been discovered in Mozilla and\nderived programs. The Common Vulnerabilities and Exposures project\nidentifies the following problems:\n\nCAN-2005-2871\n\n Tom Ferris discovered a bug in the IDN hostname handling of\n Mozilla that allows remote attackers to cause a denial of service\n and possibly execute arbitrary code via a hostname with dashes.\n\nCAN-2005-2701\n\n A buffer overflow allows remote attackers to execute arbitrary\n code via an XBM image file that ends in a large number of spaces\n instead of the expected end tag.\n\nCAN-2005-2702\n\n Mats Palmgren discovered a buffer overflow in the Unicode string\n parser that allowas a specially crafted unicode sequences to\n overflow a buffer and cause arbitrary code to be executed.\n\nCAN-2005-2703\n\n Remote attackers could spoof HTTP headers of XML HTTP requests\n via XMLHttpRequest and possibly use the client to exploit\n vulnerabilities in servers or proxies.\n\nCAN-2005-2704\n\n Remote attackers could spoof DOM objects via an XBL control that\n implements an internal XPCOM interface.\n\nCAN-2005-2705\n\n Georgi Guninski discovered an integer overflow in the JavaScript\n engine that might allow remote attackers to execute arbitrary\n code.\n\nCAN-2005-2706\n\n Remote attackers could execute Javascript code with chrome\n privileges via an about: page such as about:mozilla.\n\nCAN-2005-2707\n\n Remote attackers could spawn windows without user interface\n components such as the address and status bar that could be used\n to conduct spoofing or phishing attacks.\n\nCAN-2005-2968\n\n Peter Zelezny discovered that shell metacharacters are not\n properly escaped when they are passed to a shell script and allow\n the execution of arbitrary commands, e.g. when a malicious URL is\n automatically copied from another program into Mozilla as default\n browser.\n\nFor the stable distribution (sarge) these problems have been fixed in\nversion 1.7.8-1sarge3.\n\nFor the unstable distribution (sid) these problems have been fixed in\nversion 1.7.12-1.\n\nWe recommend that you upgrade your mozilla package.\n\n\nUpgrade Instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 3.1 alias sarge\n- --------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge3.dsc\n Size/MD5 checksum: 1123 8bcf5da1d244d5793c6848126887cb6e\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge3.diff.gz\n Size/MD5 checksum: 410904 c6a4dc4aa262b71eb3e2f927ccba5be0\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8.orig.tar.gz\n Size/MD5 checksum: 30589520 13c0f0331617748426679e8f2e9f537a\n\n Alpha architecture:\n\n http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge3_alpha.deb\n Size/MD5 checksum: 168068 0f0d0d688c3ab7cc560f8fd9d6c25d42\n http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge3_alpha.deb\n Size/MD5 checksum: 141750 2ae997e1246b9b1622206b501bea6600\n http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge3_alpha.deb\n Size/MD5 checksum: 184954 4abf2c0225afacf0aa1e1ba3dd800f4b\n http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge3_alpha.deb\n Size/MD5 checksum: 851320 2322e9672808b8dbd61ce546c34ae48d\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge3_alpha.deb\n Size/MD5 checksum: 1034 ccbb5b52c82a76d6068fb1e566cfc0e8\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge3_alpha.deb\n Size/MD5 checksum: 11473888 416d49672810722e9d6a4744ba720801\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge3_alpha.deb\n Size/MD5 checksum: 403252 54b0512cf811dca554b670fdd86d49bc\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge3_alpha.deb\n Size/MD5 checksum: 158332 27c845b849ff9572f4dc422f49a245bb\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge3_alpha.deb\n Size/MD5 checksum: 3356504 309d86cb85b51f705a90305234bdd349\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge3_alpha.deb\n Size/MD5 checksum: 122294 9da4fba65b40fb381f7c286845db016c\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge3_alpha.deb\n Size/MD5 checksum: 204138 daba15cfb57b4e90f82f6d5d9229dadd\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge3_alpha.deb\n Size/MD5 checksum: 1937032 e3e3b5b01ccc599e80802ea5542be2a8\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge3_alpha.deb\n Size/MD5 checksum: 212304 34a959e6684c4d2420ec8b171431337f\n\n AMD64 architecture:\n\n http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge3_amd64.deb\n Size/MD5 checksum: 168070 468e694be0ebaa5ce4e16ea0c4406189\n http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge3_amd64.deb\n Size/MD5 checksum: 140860 ee10c3ff4a930822c9429adc52bc45ec\n http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge3_amd64.deb\n Size/MD5 checksum: 184958 fd569d871b83791830e2a34bb6d7057d\n http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge3_amd64.deb\n Size/MD5 checksum: 709690 daa6df6f1136911cebd67b65e5ae0d8c\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge3_amd64.deb\n Size/MD5 checksum: 1034 7506e80353b173f5937fa81b5226c46f\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge3_amd64.deb\n Size/MD5 checksum: 10945966 04cc79158e4dbd34d4914c74b77bf171\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge3_amd64.deb\n Size/MD5 checksum: 403278 ac4204e9a030cedbcc2d70f9cf29ec74\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge3_amd64.deb\n Size/MD5 checksum: 158332 a948ab9d30f0f70ed531df741bbef633\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge3_amd64.deb\n Size/MD5 checksum: 3350620 ed6b86963e5633e930efa04cbf49c23a\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge3_amd64.deb\n Size/MD5 checksum: 121188 461d803a26259e607a8ae88227bb8f9b\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge3_amd64.deb\n Size/MD5 checksum: 204146 57847a442a198b0292cb7342aa601f6a\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge3_amd64.deb\n Size/MD5 checksum: 1935958 ecf18b188b80e21b5d453a5f10c98eec\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge3_amd64.deb\n Size/MD5 checksum: 204120 adedcdc7ce580e37aa1691e1f0017465\n\n ARM architecture:\n\n http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge3_arm.deb\n Size/MD5 checksum: 168072 1680de3cf45d25f199169df90198d91b\n http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge3_arm.deb\n Size/MD5 checksum: 119254 ed0841a82dcbff6f50eaf86884123139\n http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge3_arm.deb\n Size/MD5 checksum: 184958 760e7eca4f231c8b710679223a1509f4\n http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge3_arm.deb\n Size/MD5 checksum: 626902 b827e60ee8ef0451819d2b35d94e0cde\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge3_arm.deb\n Size/MD5 checksum: 1034 4067826ca023d09accef5e01cdcf8927\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge3_arm.deb\n Size/MD5 checksum: 9199650 6c0531d03c913bdd833244c09c69a755\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge3_arm.deb\n Size/MD5 checksum: 403318 8528b835eb767963139990e95ac22479\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge3_arm.deb\n Size/MD5 checksum: 158370 63bf5489d67b03f59914660f5e3fbc19\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge3_arm.deb\n Size/MD5 checksum: 3340150 7677f622511082306114f5975a1fdfd5\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge3_arm.deb\n Size/MD5 checksum: 112664 6a63c4b71535b14a2951b496bb1737ee\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge3_arm.deb\n Size/MD5 checksum: 204180 a721d46a7ae817223a25a917d7b75b59\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge3_arm.deb\n Size/MD5 checksum: 1604374 b8c9560bc78a2b11dfa47b909a134915\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge3_arm.deb\n Size/MD5 checksum: 168724 68e4814d6b8a48ae504c0348e8ba5339\n\n Intel IA-32 architecture:\n\n http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge3_i386.deb\n Size/MD5 checksum: 170348 3a338ed93f9999e56e8de24750380951\n http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge3_i386.deb\n Size/MD5 checksum: 131660 371c4a5c674351727d2dafe5981ed459\n http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge3_i386.deb\n Size/MD5 checksum: 187124 8d536c4dc957e4448d1ca923ff7504e1\n http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge3_i386.deb\n Size/MD5 checksum: 656500 9a48b94605f82038226bdfae108437ad\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge3_i386.deb\n Size/MD5 checksum: 1032 e00305ced1db4728dc26cbde13f0c875\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge3_i386.deb\n Size/MD5 checksum: 10323428 d781aa4f05704110d987cd24ff60787b\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge3_i386.deb\n Size/MD5 checksum: 403498 d0b31286d891952b68f8f96244264933\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge3_i386.deb\n Size/MD5 checksum: 158350 cac6b890d307df1f55f64c5ffa6aa0ec\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge3_i386.deb\n Size/MD5 checksum: 3591928 60af02162969c248eea0960220b8c494\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge3_i386.deb\n Size/MD5 checksum: 116678 1aac8406b1c144c534bcb59cbf2915e5\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge3_i386.deb\n Size/MD5 checksum: 204160 b5b7c32fba5f1e20f7e9180888a36c86\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge3_i386.deb\n Size/MD5 checksum: 1816024 4a576d88be7edd2557b00e0f27b475ca\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge3_i386.deb\n Size/MD5 checksum: 192474 4a5c07772c5ae39ae8567f50ddd87510\n\n Intel IA-64 architecture:\n\n http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge3_ia64.deb\n Size/MD5 checksum: 168074 34194b2472f75c435e4888d035751c7e\n http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge3_ia64.deb\n Size/MD5 checksum: 169256 69f323c191a107e6d13131457bcb4201\n http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge3_ia64.deb\n Size/MD5 checksum: 184942 1c81683df7075e3ff638943fd66da558\n http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge3_ia64.deb\n Size/MD5 checksum: 961618 d70bed86c7064819420484ef09f747fa\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge3_ia64.deb\n Size/MD5 checksum: 1034 8942e83eb30f9c784fda07e000ffd2cb\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge3_ia64.deb\n Size/MD5 checksum: 12935870 d31336ee6f759a56f0c5a031be5db2a0\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge3_ia64.deb\n Size/MD5 checksum: 403266 af925e5281bb125f9b9dcb8118ede048\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge3_ia64.deb\n Size/MD5 checksum: 158328 0c6de22bd54959f4ef12a7ee148d0a1c\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge3_ia64.deb\n Size/MD5 checksum: 3376324 f1d100626a6b892fbe560613db00d4e1\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge3_ia64.deb\n Size/MD5 checksum: 125600 99bf7b1eac7fd3b9325292c6bb01983c\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge3_ia64.deb\n Size/MD5 checksum: 204150 7b429e1c119fb0c6f99b73202dd47340\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge3_ia64.deb\n Size/MD5 checksum: 2302138 90d4d4480fddd4b33843d5ede6c6432b\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge3_ia64.deb\n Size/MD5 checksum: 242290 19ef32ec7a3d8112bd262a972abc3244\n\n HP Precision architecture:\n\n http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge3_hppa.deb\n Size/MD5 checksum: 168074 857d31e6f4765f484dcf2188dcc98179\n http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge3_hppa.deb\n Size/MD5 checksum: 151784 93fad6b80c013029fcb2a05d1a894f62\n http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge3_hppa.deb\n Size/MD5 checksum: 184934 a68dbc505fc8c4816adb46a5a3c82c67\n http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge3_hppa.deb\n Size/MD5 checksum: 749684 997993f03e0ff8d8feae6ea7a0ee4dff\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge3_hppa.deb\n Size/MD5 checksum: 1036 ad7167f505365eed5c800f3a6d824a16\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge3_hppa.deb\n Size/MD5 checksum: 12151356 c3088480f9d891e0668475c630871fa1\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge3_hppa.deb\n Size/MD5 checksum: 403266 4b3a2d2248051b60f2c8193fff5e0027\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge3_hppa.deb\n Size/MD5 checksum: 158348 52d42654912ce2b829e74f4cae61e5f3\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge3_hppa.deb\n Size/MD5 checksum: 3357118 030f4677e561c75940a23fc17c53186b\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge3_hppa.deb\n Size/MD5 checksum: 123528 575de4da90909f637a8209a8b5206a75\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge3_hppa.deb\n Size/MD5 checksum: 204160 52cb13a773c8cf6720444832773b2a6d\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge3_hppa.deb\n Size/MD5 checksum: 2135076 95b9731fc144da69aa8a565129285867\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge3_hppa.deb\n Size/MD5 checksum: 216088 0b580da8010bc446450437c4bef6a852\n\n Motorola 680x0 architecture:\n\n http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge3_m68k.deb\n Size/MD5 checksum: 168086 5baab34b027715db138a553fa6186ca2\n http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge3_m68k.deb\n Size/MD5 checksum: 120922 30aefe61290eea8ecd5d3bb394393cc3\n http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge3_m68k.deb\n Size/MD5 checksum: 184978 d28e4c157e0f7f8d7e6365871325472d\n http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge3_m68k.deb\n Size/MD5 checksum: 594988 d0fbe7576e14d79a8a26a6aca6febe54\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge3_m68k.deb\n Size/MD5 checksum: 1040 df7a707868c3782e3e185f51398652ec\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge3_m68k.deb\n Size/MD5 checksum: 9694422 d35904c88782014105ad627782a4d647\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge3_m68k.deb\n Size/MD5 checksum: 403392 e9baf3831aabc80453fc932a21705f55\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge3_m68k.deb\n Size/MD5 checksum: 158404 64d9cacaee7eddbbebcba896d91a3fb8\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge3_m68k.deb\n Size/MD5 checksum: 3336022 410c6771807a58f84fbc68f4efe5d8c0\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge3_m68k.deb\n Size/MD5 checksum: 114488 ce1439ec5417be6c5331a4d36b2d0ad3\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge3_m68k.deb\n Size/MD5 checksum: 204204 b0586fecf23027fbb2da77ab2a087374\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge3_m68k.deb\n Size/MD5 checksum: 1683046 202452b798d007b686cfc73b4828e6e4\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge3_m68k.deb\n Size/MD5 checksum: 174656 0576d4e28cff50f35b3b792820a891ee\n\n Big endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge3_mips.deb\n Size/MD5 checksum: 168074 6e600772f1ae9937fad3a85e2d2a819b\n http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge3_mips.deb\n Size/MD5 checksum: 135780 da21f8ecfc98011cab3878329edf0e90\n http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge3_mips.deb\n Size/MD5 checksum: 184964 eb695db44835f788ffd161d9a09bc07e\n http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge3_mips.deb\n Size/MD5 checksum: 720760 df7ed9e05f5feb97ad5b5aed6a8c1cb9\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge3_mips.deb\n Size/MD5 checksum: 1030 9e7a23c2f26c00651603614bfffcadf7\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge3_mips.deb\n Size/MD5 checksum: 10717192 7532d54da0609102c98779fcb91342ab\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge3_mips.deb\n Size/MD5 checksum: 403276 b7e6d63030f2507aa6a0edf202a5fcf5\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge3_mips.deb\n Size/MD5 checksum: 158342 c0e3c0a92974c016ebe747abe219025a\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge3_mips.deb\n Size/MD5 checksum: 3356424 475fa0b07bf51ff03deae78dbe03e49a\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge3_mips.deb\n Size/MD5 checksum: 117650 0c5e2d08ec8f6994fd25249412905810\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge3_mips.deb\n Size/MD5 checksum: 204154 6dc1f043fd9711ef85e746fa68343466\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge3_mips.deb\n Size/MD5 checksum: 1795494 2902bb4f3409ca9bf1bf5db9f156f4f5\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge3_mips.deb\n Size/MD5 checksum: 189686 03ba2c9ff569a7fd9c5662593a79a203\n\n Little endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge3_mipsel.deb\n Size/MD5 checksum: 168078 dc38711d28268f3612fb63aab9e81e48\n http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge3_mipsel.deb\n Size/MD5 checksum: 135722 82e9e23f175607d8df77972ebf1ff567\n http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge3_mipsel.deb\n Size/MD5 checksum: 184960 56362daf4f5ece4a42f70d4d679b8920\n http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge3_mipsel.deb\n Size/MD5 checksum: 710146 6ff64a6b95ae5a9769f1137b515bb718\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge3_mipsel.deb\n Size/MD5 checksum: 1036 0c163e3c37edcce0f892385bba98ae68\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge3_mipsel.deb\n Size/MD5 checksum: 10595798 8c436a58b72d41a17be8b5bd1ba937d0\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge3_mipsel.deb\n Size/MD5 checksum: 403298 74b98bdc891109b89396b728c3a350d6\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge3_mipsel.deb\n Size/MD5 checksum: 158360 0abb0b8f6b9a66598faedc36a4c6aeef\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge3_mipsel.deb\n Size/MD5 checksum: 3357168 6c6ade8883db324618c8eb087204b848\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge3_mipsel.deb\n Size/MD5 checksum: 117230 2a3525c7ae141f632ea91d7f9c53d867\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge3_mipsel.deb\n Size/MD5 checksum: 204168 8f9b446f41a6ed4377aeabadbb5f727a\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge3_mipsel.deb\n Size/MD5 checksum: 1777632 a89dff300509a955328983a11fa9715f\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge3_mipsel.deb\n Size/MD5 checksum: 187280 4e690552ec6beb0984781e3d02d6ae0b\n\n PowerPC architecture:\n\n http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge3_powerpc.deb\n Size/MD5 checksum: 168070 2910309767f54c3d9179e41d6609071c\n http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge3_powerpc.deb\n Size/MD5 checksum: 126254 b48a81baa031c2f66a41138694092bde\n http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge3_powerpc.deb\n Size/MD5 checksum: 184970 885947f4a6c993fe56b9d7ca7a4d0a49\n http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge3_powerpc.deb\n Size/MD5 checksum: 713902 a3f5f45ebfcb4572eee055f34ddc6d3c\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge3_powerpc.deb\n Size/MD5 checksum: 1032 a79846dc6dee5341341dfc0efb839da5\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge3_powerpc.deb\n Size/MD5 checksum: 9692218 c4c97459a3358dd97f2bb13adb6617b1\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge3_powerpc.deb\n Size/MD5 checksum: 403262 327617a0606e4403989f357bc5816f00\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge3_powerpc.deb\n Size/MD5 checksum: 158338 7223c837a306972a49005963272827d0\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge3_powerpc.deb\n Size/MD5 checksum: 3338984 438eeba7c05594e72b934aa3ff0d6b00\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge3_powerpc.deb\n Size/MD5 checksum: 114572 3dc6efa3ec953457adef9e86e2218252\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge3_powerpc.deb\n Size/MD5 checksum: 204148 cdb236b98cdd04ea38c4cfeae882dddd\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge3_powerpc.deb\n Size/MD5 checksum: 1642994 83c2648f40675e1166c38642e5c018fc\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge3_powerpc.deb\n Size/MD5 checksum: 175488 f91f3374e33d102f2e80f47845bbd37a\n\n IBM S/390 architecture:\n\n http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge3_s390.deb\n Size/MD5 checksum: 168076 9b7c95dae196bca9760da3044314101c\n http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge3_s390.deb\n Size/MD5 checksum: 151560 2d8299d552d5aefb1909635cd6855178\n http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge3_s390.deb\n Size/MD5 checksum: 184944 026e95bb0540d3adefc663ef05c30d26\n http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge3_s390.deb\n Size/MD5 checksum: 793916 4af6b6eff683ecea1c0774e87a9824a4\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge3_s390.deb\n Size/MD5 checksum: 1036 5deff17e56c5bbb63c62abde258dec81\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge3_s390.deb\n Size/MD5 checksum: 11316324 577ebed78cd6b3967932766a559b8138\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge3_s390.deb\n Size/MD5 checksum: 403278 497e377c89b6efcff42109fe8056bf2f\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge3_s390.deb\n Size/MD5 checksum: 158342 3add2de4c148f0a9b10c8d2a1332a152\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge3_s390.deb\n Size/MD5 checksum: 3351434 4e3097be4aea2a697126b9a65c459b31\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge3_s390.deb\n Size/MD5 checksum: 121362 cd9ba2c09ca95d7a642d0d786211998e\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge3_s390.deb\n Size/MD5 checksum: 204160 1171d20b501f7753313fdaf23a41c024\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge3_s390.deb\n Size/MD5 checksum: 1944682 2049277c30f63f1d615cc627eb2cec4f\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge3_s390.deb\n Size/MD5 checksum: 213338 5a916db53bef94506e6b0d6f1df9376f\n\n Sun Sparc architecture:\n\n http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge3_sparc.deb\n Size/MD5 checksum: 168074 53076a1fba2d330bd5571cb4fea4fa95\n http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge3_sparc.deb\n Size/MD5 checksum: 123456 818e82c6902a8eb7ff83e5e9ee49d638\n http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge3_sparc.deb\n Size/MD5 checksum: 184950 9ed1a72a7ad2f7822c45b640fc12db2d\n http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge3_sparc.deb\n Size/MD5 checksum: 667752 f51a3e38c77d915b56fc4dc858542df0\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge3_sparc.deb\n Size/MD5 checksum: 1038 2c6c69ca282a5b3795400a4a6be97dab\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge3_sparc.deb\n Size/MD5 checksum: 9363540 21cd6ebf954090ec18d4440ca3b42ea3\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge3_sparc.deb\n Size/MD5 checksum: 403306 b2c9c63ba99a77f2c201a131982913d7\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge3_sparc.deb\n Size/MD5 checksum: 158338 5e7b31b5566dfcb672fc77304e397bc2\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge3_sparc.deb\n Size/MD5 checksum: 3339922 e85b9b0a8bb22ba133603e5079176c24\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge3_sparc.deb\n Size/MD5 checksum: 112514 5e9c038d6af9878049b337fc7752acca\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge3_sparc.deb\n Size/MD5 checksum: 204154 2c38ffa9843ed399eeb91c497c512db9\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge3_sparc.deb\n Size/MD5 checksum: 1583742 ea09d4a4dbf10fb80f35e6ff6da8c690\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge3_sparc.deb\n Size/MD5 checksum: 167912 7c07aaca4dcc3a97589237a0b7ffa650\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n\n", "modified": "2005-10-20T00:00:00", "published": "2005-10-20T00:00:00", "id": "DEBIAN:DSA-866-1:69D52", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2005/msg00260.html", "title": "[SECURITY] [DSA 866-1] New Mozilla packages fix several vulnerabilities", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-30T02:22:26", "bulletinFamily": "unix", "description": "- --------------------------------------------------------------------------\nDebian Security Advisory DSA 838-1 security@debian.org\nhttp://www.debian.org/security/ Michael Stone\nOctober 2nd, 2005 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : mozilla-firefox\nVulnerability : multiple\nProblem type : remote\nDebian-specific: no\nCVE Id(s) : CAN-2005-2701 CAN-2005-2702 CAN-2005-2703 CAN-2005-2704 \n\t\t CAN-2005-2705 CAN-2005-2706 CAN-2005-2707\n\nMultiple security vulnerabilities have been identified in the\nmozilla-firefox web browser. These vulnerabilities could allow an\nattacker to execute code on the victim's machine via specially crafted\nnetwork resources.\n\nCAN-2005-2701\n\n\tHeap overrun in XBM image processing\n\nCAN-2005-2702\n\n\tDenial of service (crash) and possible execution of arbitrary\n\tcode via Unicode sequences with "zero-width non-joiner"\n\tcharacters.\n\nCAN-2005-2703\n\n\tXMLHttpRequest header spoofing\n\nCAN-2005-2704\n\n\tObject spoofing using XBL <implements>\n\nCAN-2005-2705\n\n\tJavaScript integer overflow\n\nCAN-2005-2706\n\n\tPrivilege escalation using about: scheme\n\nCAN-2005-2707\n\n\tChrome window spoofing allowing windows to be created without\n\tUI components such as a URL bar or status bar that could be\n\tused to carry out phishing attacks\n\nFor the stable distribution (sarge), these problems have been fixed in\nversion 1.0.4-2sarge5\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.0.7-1\n\nWe recommend that you upgrade your mozilla-firefox package.\n\n\nUpgrade Instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 3.1 alias sarge\n- --------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge5.dsc\n Size/MD5 checksum: 1001 bf9cf2b7106335cccc2afb10f6386c57\n http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge5.diff.gz\n Size/MD5 checksum: 332598 d3f81e09a762be3c51aa20655ada5d32\n http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4.orig.tar.gz\n Size/MD5 checksum: 40212297 8e4ba81ad02c7986446d4e54e978409d\n\n Alpha architecture:\n\n http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge5_alpha.deb\n Size/MD5 checksum: 11167102 e970a996296228bd2af2cb8006a86398\n http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge5_alpha.deb\n Size/MD5 checksum: 167592 d446479007005f2d27d079ccedf51d7d\n http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge5_alpha.deb\n Size/MD5 checksum: 59416 7bf500b4f181df6ab4aa6dc831a23338\n\n AMD64 architecture:\n\n http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge5_amd64.deb\n Size/MD5 checksum: 9399402 d94263433669cae93749d3f0d378839c\n http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge5_amd64.deb\n Size/MD5 checksum: 162334 4ffdc291bacf5b604deeaf8d6efd96eb\n http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge5_amd64.deb\n Size/MD5 checksum: 57946 7d7472b0fb90ed789c4f84dbcdd14687\n\n ARM architecture:\n\n http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge5_arm.deb\n Size/MD5 checksum: 8217720 3e0ce81e8d78fbca6d38d6a7e90791f3\n http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge5_arm.deb\n Size/MD5 checksum: 153792 662f8f96e75cc109541bf141e79a2714\n http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge5_arm.deb\n Size/MD5 checksum: 53280 b3517ce11632b3adbf5970d8f4c35b8c\n\n Intel IA-32 architecture:\n\n http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge5_i386.deb\n Size/MD5 checksum: 8891730 795a6aa3ca33a5e328e863612ceb0ac3\n http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge5_i386.deb\n Size/MD5 checksum: 157566 5e5d92e6c30a1d677edcc2fd9beb1861\n http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge5_i386.deb\n Size/MD5 checksum: 54820 885991c2f4580f06f12ba1cc6ff456ac\n\n Intel IA-64 architecture:\n\n http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge5_ia64.deb\n Size/MD5 checksum: 11618922 f02ebe51045adc2008ebba0a7355f58c\n http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge5_ia64.deb\n Size/MD5 checksum: 167924 863962943669b737773e716bb45560b7\n http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge5_ia64.deb\n Size/MD5 checksum: 62602 01f5675efee57e112e1734306580e43b\n\n HP Precision architecture:\n\n http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge5_hppa.deb\n Size/MD5 checksum: 10267086 7fb5e359ae146c7306def5b0a7ba48b4\n http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge5_hppa.deb\n Size/MD5 checksum: 165300 cf86dfe338ca9bfde77a402690db15ae\n http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge5_hppa.deb\n Size/MD5 checksum: 58402 f98081adb227cf6a12dc267bbf9c7689\n\n Motorola 680x0 architecture:\n\n http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge5_m68k.deb\n Size/MD5 checksum: 8167708 d5d4eadda39add959235921126b5db4b\n http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge5_m68k.deb\n Size/MD5 checksum: 156434 01a518572787d1e5505eb393c4670cd9\n http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge5_m68k.deb\n Size/MD5 checksum: 54070 b50c79ee5b2b3fd61ccb3848ad201f29\n\n Big endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge5_mips.deb\n Size/MD5 checksum: 9922382 384196380da339cc6c381afd18c8d0e8\n http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge5_mips.deb\n Size/MD5 checksum: 155362 38e914d95e0b2d38b2d34f09988218c9\n http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge5_mips.deb\n Size/MD5 checksum: 55078 343647c905cf9792d53eb67b4e11df02\n\n Little endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge5_mipsel.deb\n Size/MD5 checksum: 9804868 cfe93fb808ecfc8e9a2bf359af772069\n http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge5_mipsel.deb\n Size/MD5 checksum: 154892 9321e20f831ad309fc214c8130223103\n http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge5_mipsel.deb\n Size/MD5 checksum: 54904 74a6c0efaa41729a646d5f5762ab637d\n\n PowerPC architecture:\n\n http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge5_powerpc.deb\n Size/MD5 checksum: 8563444 7c373a381a8ba34307e59f2cd47fcc43\n http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge5_powerpc.deb\n Size/MD5 checksum: 155948 a764030b0841e225c5a89e6366bb88e5\n http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge5_powerpc.deb\n Size/MD5 checksum: 57186 39cb6349c6ef1bc0e9e62365e7beeebf\n\n Sun Sparc architecture:\n\n http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge5_sparc.deb\n Size/MD5 checksum: 8652776 fa0fdecf5fb5ed186ade4d987b8920cb\n http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge5_sparc.deb\n Size/MD5 checksum: 156204 84483f5fa63c2da5f6e8de90f462edbe\n http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge5_sparc.deb\n Size/MD5 checksum: 53640 d43b2dbd4fd362e7fd01b4985c0ff3d0\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n\n", "modified": "2005-10-02T00:00:00", "published": "2005-10-02T00:00:00", "id": "DEBIAN:DSA-838-1:0150B", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2005/msg00231.html", "title": "[SECURITY] [DSA 838-1] New mozilla-firefox packages fox multiple vulnerabilities", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-30T02:22:55", "bulletinFamily": "unix", "description": "- --------------------------------------------------------------------------\nDebian Security Advisory DSA 868-1 security@debian.org\nhttp://www.debian.org/security/ Martin Schulze\nOctober 20th, 2005 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : mozilla-thunderbird\nVulnerability : several\nProblem type : remote\nDebian-specific: no\nCVE IDs : CAN-2005-2871 CAN-2005-2701 CAN-2005-2702 CAN-2005-2703\n CAN-2005-2704 CAN-2005-2705 CAN-2005-2706 CAN-2005-2707\n CAN-2005-2968 \nCERT advisory : VU#573857\nBugTraq ID : 14784\nDebian Bug : 327366 329778\n\nSeveral security-related problems have been discovered in Mozilla and\nderived programs. Some of the following problems don't exactly apply\nto Mozilla Thunderbird, even though the code is present. In order to\nkeep the codebase in sync with upstream it has been altered\nnevertheless. The Common Vulnerabilities and Exposures project\nidentifies the following problems:\n\nCAN-2005-2871\n\n Tom Ferris discovered a bug in the IDN hostname handling of\n Mozilla that allows remote attackers to cause a denial of service\n and possibly execute arbitrary code via a hostname with dashes.\n\nCAN-2005-2701\n\n A buffer overflow allows remote attackers to execute arbitrary\n code via an XBM image file that ends in a large number of spaces\n instead of the expected end tag.\n\nCAN-2005-2702\n\n Mats Palmgren discovered a buffer overflow in the Unicode string\n parser that allowas a specially crafted unicode sequences to\n overflow a buffer and cause arbitrary code to be executed.\n\nCAN-2005-2703\n\n Remote attackers could spoof HTTP headers of XML HTTP requests\n via XMLHttpRequest and possibly use the client to exploit\n vulnerabilities in servers or proxies.\n\nCAN-2005-2704\n\n Remote attackers could spoof DOM objects via an XBL control that\n implements an internal XPCOM interface.\n\nCAN-2005-2705\n\n Georgi Guninski discovered an integer overflow in the JavaScript\n engine that might allow remote attackers to execute arbitrary\n code.\n\nCAN-2005-2706\n\n Remote attackers could execute Javascript code with chrome\n privileges via an about: page such as about:mozilla.\n\nCAN-2005-2707\n\n Remote attackers could spawn windows without user interface\n components such as the address and status bar that could be used\n to conduct spoofing or phishing attacks.\n\nCAN-2005-2968\n\n Peter Zelezny discovered that shell metacharacters are not\n properly escaped when they are passed to a shell script and allow\n the execution of arbitrary commands, e.g. when a malicious URL is\n automatically copied from another program into Mozilla as default\n browser.\n\nFor the stable distribution (sarge) these problems have been fixed in\nversion 1.0.2-2.sarge1.0.7.\n\nFor the unstable distribution (sid) these problems have been fixed in\nversion 1.0.7-1.\n\nWe recommend that you upgrade your mozilla-thunderbird package.\n\n\nUpgrade Instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 3.1 alias sarge\n- --------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.7.dsc\n Size/MD5 checksum: 997 303ed28d7dac19a27a47c23819f80bd7\n http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.7.diff.gz\n Size/MD5 checksum: 210991 79fbaf89373ea1d4698942f289b556d2\n http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2.orig.tar.gz\n Size/MD5 checksum: 33288906 806175393a226670aa66060452d31df4\n\n Alpha architecture:\n\n http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.7_alpha.deb\n Size/MD5 checksum: 12829612 e50199388042e84de94d2b015484fedc\n http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.7_alpha.deb\n Size/MD5 checksum: 3269804 1b50a6a5ca2df178025f4bfb9e72ef7d\n http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.7_alpha.deb\n Size/MD5 checksum: 145778 4bffbad43fba608ae24f64b36d936c99\n http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.7_alpha.deb\n Size/MD5 checksum: 27290 f979f0128931281a2eb004910b8ba5c8\n http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.7_alpha.deb\n Size/MD5 checksum: 83080 d39767ad00fc79d6dd014d20aa2b94e9\n\n AMD64 architecture:\n\n http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.7_amd64.deb\n Size/MD5 checksum: 12240810 5ac70842faf52d027c0376bc5d4f60e5\n http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.7_amd64.deb\n Size/MD5 checksum: 3270622 60d3f2eecebb4806bfaef54db73d26c6\n http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.7_amd64.deb\n Size/MD5 checksum: 144798 152536a2fa4d71b41a73f614824809c5\n http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.7_amd64.deb\n Size/MD5 checksum: 27280 21aaf659e40e08d2434fca10e8a97a5b\n http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.7_amd64.deb\n Size/MD5 checksum: 82972 dc0c6b48cbbdc2c0f39e30ab930ac612\n\n ARM architecture:\n\n http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.7_arm.deb\n Size/MD5 checksum: 10328712 2e587b8809aeda36023974b42693e4f2\n http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.7_arm.deb\n Size/MD5 checksum: 3265014 ce2fcff9b73b5c2ba69ad3a8c47fdd83\n http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.7_arm.deb\n Size/MD5 checksum: 136886 b13673a24d714b375b54c17ce7a8a308\n http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.7_arm.deb\n Size/MD5 checksum: 27308 a2a3d30505885a521b703b99b40ebd66\n http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.7_arm.deb\n Size/MD5 checksum: 74954 039d4f13961625a42dbeaac125e0a125\n\n Intel IA-32 architecture:\n\n http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.7_i386.deb\n Size/MD5 checksum: 11550326 fc8572c0a89b914fc288fd638e224213\n http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.7_i386.deb\n Size/MD5 checksum: 3497080 02fbded3b5e503def6c29f32c34b24d1\n http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.7_i386.deb\n Size/MD5 checksum: 140456 a90c517acdcaf177b4585cf8f9e35344\n http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.7_i386.deb\n Size/MD5 checksum: 27286 ec039bd40938c0d6bb87874cc8703c25\n http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.7_i386.deb\n Size/MD5 checksum: 81696 ecf0d09362306bcd6c8a65c2e779f792\n\n Intel IA-64 architecture:\n\n http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.7_ia64.deb\n Size/MD5 checksum: 14602590 f69ca59b99191b96a3a8dbd69f2652b1\n http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.7_ia64.deb\n Size/MD5 checksum: 3284198 ea4287ce4ba1b6f36ab96d419528d8e3\n http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.7_ia64.deb\n Size/MD5 checksum: 149120 8c288112472ef49da43cdfd24b9524ac\n http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.7_ia64.deb\n Size/MD5 checksum: 27286 789de6fbe31cf969076e3ef19bcc9319\n http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.7_ia64.deb\n Size/MD5 checksum: 100774 b27c9fb9fef1cb19959953d8cb13e74a\n\n HP Precision architecture:\n\n http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.7_hppa.deb\n Size/MD5 checksum: 13550208 82ea35b6046092051ee9e7212f160403\n http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.7_hppa.deb\n Size/MD5 checksum: 3275452 06778a5a45f737f5f0fffa8f7e2648f1\n http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.7_hppa.deb\n Size/MD5 checksum: 147020 9ebbdd2d3bc44c45d0752c62c68e527e\n http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.7_hppa.deb\n Size/MD5 checksum: 27294 2a7860aedde7c3535fd19105121c2043\n http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.7_hppa.deb\n Size/MD5 checksum: 90916 4a602f8c63d22f80fabb10e2019402e2\n\n Motorola 680x0 architecture:\n\n http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.7_m68k.deb\n Size/MD5 checksum: 10774276 d3ea2f30a593a8ec702230168a59fc24\n http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.7_m68k.deb\n Size/MD5 checksum: 3263230 5757de718fb0c34c9db6affcb554068f\n http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.7_m68k.deb\n Size/MD5 checksum: 138658 6f3f3b329ee12275eb6eea3be2d9c59a\n http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.7_m68k.deb\n Size/MD5 checksum: 27318 b9e4fe5b540bc544eab853b8077cc2d3\n http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.7_m68k.deb\n Size/MD5 checksum: 76178 8aa668acaf233693e6bc55d3d3f983e0\n\n Big endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.7_mips.deb\n Size/MD5 checksum: 11933302 e1859aeb3cba8f716f6358499c79a6c6\n http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.7_mips.deb\n Size/MD5 checksum: 3269570 383accb42b1d5cb16ed669ebdeea3db0\n http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.7_mips.deb\n Size/MD5 checksum: 141722 f94d559a76c4488fd29ca08f2a5aa2e4\n http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.7_mips.deb\n Size/MD5 checksum: 27288 d44eb068d5211f6ec32a912c7158b95c\n http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.7_mips.deb\n Size/MD5 checksum: 78500 cf4e68bdc3956dc3ad780ed88188667c\n\n Little endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.7_mipsel.deb\n Size/MD5 checksum: 11793468 99b3eb9576dc324920f2217c9eb153ef\n http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.7_mipsel.deb\n Size/MD5 checksum: 3270338 5c13a33de951afe85fed1adb014be4ab\n http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.7_mipsel.deb\n Size/MD5 checksum: 141292 8fe41e9685ddbdd396fd73354867f49b\n http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.7_mipsel.deb\n Size/MD5 checksum: 27304 3f96914c37025c901090a86cb6a2fc07\n http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.7_mipsel.deb\n Size/MD5 checksum: 78350 37448dc23ebcf8d8a7a5431d579c6670\n\n PowerPC architecture:\n\n http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.7_powerpc.deb\n Size/MD5 checksum: 10892752 c4642646840672162e058dd2ca7a3309\n http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.7_powerpc.deb\n Size/MD5 checksum: 3263168 6e5b333f01170824eaf06b219caea6ab\n http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.7_powerpc.deb\n Size/MD5 checksum: 138680 ff10d8c364f08f8d6dbf3c01c1aa19df\n http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.7_powerpc.deb\n Size/MD5 checksum: 27296 1112ef17ba7fcd97b5e9ef96ea2a03ab\n http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.7_powerpc.deb\n Size/MD5 checksum: 75032 6083403690046238fa54fb19262f19da\n\n IBM S/390 architecture:\n\n http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.7_s390.deb\n Size/MD5 checksum: 12685000 d9dcc7200f471840874dd933e327d6ea\n http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.7_s390.deb\n Size/MD5 checksum: 3270478 c7164fc9fc49387916f7d4f2d46d369f\n http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.7_s390.deb\n Size/MD5 checksum: 145108 766d10f0d52d8f877ae10291c7f092a7\n http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.7_s390.deb\n Size/MD5 checksum: 27292 5d5a68b544e284c162476096ea263eda\n http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.7_s390.deb\n Size/MD5 checksum: 82992 8648e3e4157d11344b483d3997156af0\n\n Sun Sparc architecture:\n\n http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.7_sparc.deb\n Size/MD5 checksum: 11157174 d19fc8bcdc091d58abac26844734568b\n http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.7_sparc.deb\n Size/MD5 checksum: 3267158 1f4f1ab1f525c261be893df79a77639b\n http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.7_sparc.deb\n Size/MD5 checksum: 138358 eeb8d91cc46daf6020a7f60d17ccdb7c\n http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.7_sparc.deb\n Size/MD5 checksum: 27304 9786860d3265d8dd03c964df8afbc5ab\n http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.7_sparc.deb\n Size/MD5 checksum: 76782 7231203489126cc4f3ad6d68fa863783\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n\n", "modified": "2005-10-20T00:00:00", "published": "2005-10-20T00:00:00", "id": "DEBIAN:DSA-868-1:0F895", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2005/msg00262.html", "title": "[SECURITY] [DSA 868-1] New Mozilla Thunderbird packages fix several vulnerabilities", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "suse": [{"lastseen": "2016-09-04T11:40:07", "bulletinFamily": "unix", "description": "The web browsers Mozilla and Mozilla Firefox have been updated to contain fixes for the vulnerabilities fixed in:\n#### Solution\nThere is no known workaround, please install the update packages.", "modified": "2005-09-30T09:06:58", "published": "2005-09-30T09:06:58", "id": "SUSE-SA:2005:058", "href": "http://lists.opensuse.org/opensuse-security-announce/2005-09/msg00022.html", "title": "remote code execution in mozilla,MozillaFirefox", "type": "suse", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-04T11:36:35", "bulletinFamily": "unix", "description": "Stefan Esser discovered a bug in in the register_globals emulation of phpMyAdmin that allowes to overwrite variables. An attacker could exploit the bug to ultimately execute code (CVE-2005-4079). Additionally several cross-site-scripting bugs were discovered (CVE-2005-3787, CVE-2005-3665). We have released a version update to phpMyAdmin-2.7.0-pl2 which addresses the issues mentioned above.\n#### Solution\nThere is no known workaround, please install the update packages.", "modified": "2006-01-26T13:53:52", "published": "2006-01-26T13:53:52", "id": "SUSE-SA:2006:004", "href": "http://lists.opensuse.org/opensuse-security-announce/2006-01/msg00012.html", "title": "remote code execution in phpMyAdmin", "type": "suse", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:43:03", "bulletinFamily": "unix", "description": "Various security bugs have been fixed in Mozilla Thunderbird, bringing it up to bugfix level of version 1.0.8.\n#### Solution\nThere is no known workaround, please install the update packages.", "modified": "2006-04-25T13:15:04", "published": "2006-04-25T13:15:04", "id": "SUSE-SA:2006:022", "href": "http://lists.opensuse.org/opensuse-security-announce/2006-04/msg00008.html", "type": "suse", "title": "remote code execution in MozillaThunderbird", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "ubuntu": [{"lastseen": "2019-05-29T17:23:02", "bulletinFamily": "unix", "description": "A buffer overflow was discovered in the XBM image handler. By tricking an user into opening a specially crafted XBM image, an attacker could exploit this to execute arbitrary code with the user\u2019s privileges. (CAN-2005-2701)\n\nMats Palmgren discovered a buffer overflow in the Unicode string parser. Unicode strings that contained \u201czero-width non-joiner\u201d characters caused a browser crash, which could possibly even exploited to execute arbitrary code with the user\u2019s privileges. (CAN-2005-2702)\n\nGeorgi Guninski reported an integer overflow in the JavaScript engine. This could be exploited to run arbitrary code under some conditions. (CAN-2005-2705)\n\nPeter Zelezny discovered that URLs which are passed to Thunderbird on the command line are not correctly protected against interpretation by the shell. If Thunderbird is configured as the default handler for \u201cmailto:\u201d URLs, this could be exploited to execute arbitrary code with user privileges by tricking the user into clicking on a specially crafted URL (for example, in an email or chat client). (CAN-2005-2968)\n\nThis update also fixes some less critical issues which are described at <http://www.mozilla.org/security/announce/mfsa2005-58.html>. (CAN-2005-2703, CAN-2005-2704, CAN-2005-2706, CAN-2005-2707)\n\nThe \u201cenigmail\u201d plugin has been updated to work with the new Thunderbird and Mozilla versions.", "modified": "2005-10-11T00:00:00", "published": "2005-10-11T00:00:00", "id": "USN-200-1", "href": "https://usn.ubuntu.com/200-1/", "title": "Thunderbird vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "cve": [{"lastseen": "2019-05-29T18:08:14", "bulletinFamily": "NVD", "description": "Heap-based buffer overflow in Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to execute arbitrary code via an XBM image file that ends in a large number of spaces instead of the expected end tag.", "modified": "2017-10-11T01:30:00", "id": "CVE-2005-2701", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-2701", "published": "2005-09-23T19:03:00", "title": "CVE-2005-2701", "type": "cve", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:08:14", "bulletinFamily": "NVD", "description": "Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via Unicode sequences with \"zero-width non-joiner\" characters.", "modified": "2017-10-11T01:30:00", "id": "CVE-2005-2702", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-2702", "published": "2005-09-23T19:03:00", "title": "CVE-2005-2702", "type": "cve", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:08:14", "bulletinFamily": "NVD", "description": "Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to spoof DOM objects via an XBL control that implements an internal XPCOM interface.", "modified": "2017-10-11T01:30:00", "id": "CVE-2005-2704", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-2704", "published": "2005-09-23T19:03:00", "title": "CVE-2005-2704", "type": "cve", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:08:14", "bulletinFamily": "NVD", "description": "Integer overflow in the JavaScript engine in Firefox before 1.0.7 and Mozilla Suite before 1.7.12 might allow remote attackers to execute arbitrary code.", "modified": "2017-10-11T01:30:00", "id": "CVE-2005-2705", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-2705", "published": "2005-09-23T19:03:00", "title": "CVE-2005-2705", "type": "cve", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:08:14", "bulletinFamily": "NVD", "description": "Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to spawn windows without user interface components such as the address and status bar, which could be used to conduct spoofing or phishing attacks.", "modified": "2017-10-11T01:30:00", "id": "CVE-2005-2707", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-2707", "published": "2005-09-23T19:03:00", "title": "CVE-2005-2707", "type": "cve", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:08:14", "bulletinFamily": "NVD", "description": "Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to modify HTTP headers of XML HTTP requests via XMLHttpRequest, and possibly use the client to exploit vulnerabilities in servers or proxies, including HTTP request smuggling and HTTP request splitting.", "modified": "2017-10-11T01:30:00", "id": "CVE-2005-2703", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-2703", "published": "2005-09-23T19:03:00", "title": "CVE-2005-2703", "type": "cve", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:08:14", "bulletinFamily": "NVD", "description": "Firefox before 1.0.7 and Mozilla before Suite 1.7.12 allows remote attackers to execute Javascript with chrome privileges via an about: page such as about:mozilla.", "modified": "2017-10-11T01:30:00", "id": "CVE-2005-2706", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-2706", "published": "2005-09-23T19:03:00", "title": "CVE-2005-2706", "type": "cve", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}], "osvdb": [{"lastseen": "2017-04-28T13:20:16", "bulletinFamily": "software", "description": "# No description provided by the source\n\n## References:\nVendor Specific News/Changelog Entry: https://bugzilla.mozilla.org/show_bug.cgi?id=300936\n[Vendor Specific Advisory URL](http://slackware.com/security/viewer.php?l=slackware-security&y=2005&m=slackware-security.479350)\n[Vendor Specific Advisory URL](ftp://ftp.sco.com/pub/openserver5/507/mp/osr507mp4/osr507mp4.htm)\n[Vendor Specific Advisory URL](http://www.mozilla.org/security/announce/mfsa2005-58.html#xbm)\n[Vendor Specific Advisory URL](http://frontal1.mandriva.com/security/advisories?name=MDKSA-2005:170)\n[Vendor Specific Advisory URL](http://sunsolve.sun.com/search/document.do?assetkey=1-26-101952-1)\n[Vendor Specific Advisory URL](http://www.debian.org/security/2005/dsa-868)\n[Vendor Specific Advisory URL](ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt)\n[Vendor Specific Advisory URL](http://www.debian.org/security/2005/dsa-866)\nSecurity Tracker: 1014954\nSecurity Tracker: 1014955\n[Secunia Advisory ID:16917](https://secuniaresearch.flexerasoftware.com/advisories/16917/)\n[Secunia Advisory ID:16919](https://secuniaresearch.flexerasoftware.com/advisories/16919/)\n[Secunia Advisory ID:16953](https://secuniaresearch.flexerasoftware.com/advisories/16953/)\n[Secunia Advisory ID:17149](https://secuniaresearch.flexerasoftware.com/advisories/17149/)\n[Secunia Advisory ID:17263](https://secuniaresearch.flexerasoftware.com/advisories/17263/)\n[Secunia Advisory ID:16977](https://secuniaresearch.flexerasoftware.com/advisories/16977/)\n[Secunia Advisory ID:17026](https://secuniaresearch.flexerasoftware.com/advisories/17026/)\n[Secunia Advisory ID:17645](https://secuniaresearch.flexerasoftware.com/advisories/17645/)\n[Secunia Advisory ID:16911](https://secuniaresearch.flexerasoftware.com/advisories/16911/)\n[Secunia Advisory ID:16928](https://secuniaresearch.flexerasoftware.com/advisories/16928/)\n[Secunia Advisory ID:16918](https://secuniaresearch.flexerasoftware.com/advisories/16918/)\n[Secunia Advisory ID:16964](https://secuniaresearch.flexerasoftware.com/advisories/16964/)\n[Secunia Advisory ID:17235](https://secuniaresearch.flexerasoftware.com/advisories/17235/)\n[Secunia Advisory ID:17284](https://secuniaresearch.flexerasoftware.com/advisories/17284/)\n[Secunia Advisory ID:16960](https://secuniaresearch.flexerasoftware.com/advisories/16960/)\n[Secunia Advisory ID:17014](https://secuniaresearch.flexerasoftware.com/advisories/17014/)\n[Related OSVDB ID: 19644](https://vulners.com/osvdb/OSVDB:19644)\n[Related OSVDB ID: 19649](https://vulners.com/osvdb/OSVDB:19649)\n[Related OSVDB ID: 19646](https://vulners.com/osvdb/OSVDB:19646)\n[Related OSVDB ID: 19647](https://vulners.com/osvdb/OSVDB:19647)\n[Related OSVDB ID: 19645](https://vulners.com/osvdb/OSVDB:19645)\n[Related OSVDB ID: 19648](https://vulners.com/osvdb/OSVDB:19648)\nRedHat RHSA: RHSA-2005:785\nRedHat RHSA: RHSA-2005:789\nOther Advisory URL: http://lists.suse.com/archive/suse-security-announce/2005-Sep/0011.html\nOther Advisory URL: http://lists.debian.org/debian-security-announce/debian-security-announce-2005/msg00231.html\nOther Advisory URL: http://www.ubuntu.com/usn/usn-200-1\nOther Advisory URL: http://www.ubuntu.com/usn/usn-186-1\nOther Advisory URL: ftp://patches.sgi.com/support/free/security/advisories/20050903-02-U.asc\nKeyword: SCOSA-2005.49\n[CVE-2005-2701](https://vulners.com/cve/CVE-2005-2701)\n", "modified": "2005-09-22T05:31:37", "published": "2005-09-22T05:31:37", "href": "https://vulners.com/osvdb/OSVDB:19643", "id": "OSVDB:19643", "title": "Mozilla Browsers XBM Image Processing Overflow", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:16", "bulletinFamily": "software", "description": "# No description provided by the source\n\n## References:\nVendor Specific News/Changelog Entry: https://bugzilla.mozilla.org/show_bug.cgi?id=299518\n[Vendor Specific Advisory URL](http://slackware.com/security/viewer.php?l=slackware-security&y=2005&m=slackware-security.479350)\n[Vendor Specific Advisory URL](ftp://ftp.sco.com/pub/openserver5/507/mp/osr507mp4/osr507mp4.htm)\n[Vendor Specific Advisory URL](http://www.mozilla.org/security/announce/mfsa2005-58.html#xblspoof)\n[Vendor Specific Advisory URL](http://frontal1.mandriva.com/security/advisories?name=MDKSA-2005:170)\n[Vendor Specific Advisory URL](http://www.debian.org/security/2005/dsa-868)\n[Vendor Specific Advisory URL](ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt)\n[Vendor Specific Advisory URL](http://www.debian.org/security/2005/dsa-866)\nSecurity Tracker: 1014954\nSecurity Tracker: 1014955\n[Secunia Advisory ID:16917](https://secuniaresearch.flexerasoftware.com/advisories/16917/)\n[Secunia Advisory ID:16919](https://secuniaresearch.flexerasoftware.com/advisories/16919/)\n[Secunia Advisory ID:16953](https://secuniaresearch.flexerasoftware.com/advisories/16953/)\n[Secunia Advisory ID:17149](https://secuniaresearch.flexerasoftware.com/advisories/17149/)\n[Secunia Advisory ID:17263](https://secuniaresearch.flexerasoftware.com/advisories/17263/)\n[Secunia Advisory ID:16944](https://secuniaresearch.flexerasoftware.com/advisories/16944/)\n[Secunia Advisory ID:16977](https://secuniaresearch.flexerasoftware.com/advisories/16977/)\n[Secunia Advisory ID:17026](https://secuniaresearch.flexerasoftware.com/advisories/17026/)\n[Secunia Advisory ID:17645](https://secuniaresearch.flexerasoftware.com/advisories/17645/)\n[Secunia Advisory ID:16911](https://secuniaresearch.flexerasoftware.com/advisories/16911/)\n[Secunia Advisory ID:16928](https://secuniaresearch.flexerasoftware.com/advisories/16928/)\n[Secunia Advisory ID:16918](https://secuniaresearch.flexerasoftware.com/advisories/16918/)\n[Secunia Advisory ID:16964](https://secuniaresearch.flexerasoftware.com/advisories/16964/)\n[Secunia Advisory ID:17284](https://secuniaresearch.flexerasoftware.com/advisories/17284/)\n[Secunia Advisory ID:16960](https://secuniaresearch.flexerasoftware.com/advisories/16960/)\n[Secunia Advisory ID:17014](https://secuniaresearch.flexerasoftware.com/advisories/17014/)\n[Related OSVDB ID: 19643](https://vulners.com/osvdb/OSVDB:19643)\n[Related OSVDB ID: 19644](https://vulners.com/osvdb/OSVDB:19644)\n[Related OSVDB ID: 19649](https://vulners.com/osvdb/OSVDB:19649)\n[Related OSVDB ID: 19647](https://vulners.com/osvdb/OSVDB:19647)\n[Related OSVDB ID: 19645](https://vulners.com/osvdb/OSVDB:19645)\n[Related OSVDB ID: 19648](https://vulners.com/osvdb/OSVDB:19648)\nRedHat RHSA: RHSA-2005:785\nRedHat RHSA: RHSA-2005:789\nOther Advisory URL: http://lists.suse.com/archive/suse-security-announce/2005-Sep/0011.html\nOther Advisory URL: http://lists.debian.org/debian-security-announce/debian-security-announce-2005/msg00231.html\nOther Advisory URL: http://www.ubuntu.com/usn/usn-200-1\nOther Advisory URL: http://www.ubuntu.com/usn/usn-186-1\nOther Advisory URL: ftp://patches.sgi.com/support/free/security/advisories/20050903-02-U.asc\nKeyword: SCOSA-2005.49\n[CVE-2005-2704](https://vulners.com/cve/CVE-2005-2704)\n", "modified": "2005-09-22T05:31:37", "published": "2005-09-22T05:31:37", "href": "https://vulners.com/osvdb/OSVDB:19646", "id": "OSVDB:19646", "title": "Multiple Browser XBL <implements> Object Spoofing", "type": "osvdb", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-04-28T13:20:16", "bulletinFamily": "software", "description": "# No description provided by the source\n\n## References:\nVendor Specific News/Changelog Entry: https://bugzilla.mozilla.org/show_bug.cgi?id=296134\n[Vendor Specific Advisory URL](http://slackware.com/security/viewer.php?l=slackware-security&y=2005&m=slackware-security.479350)\n[Vendor Specific Advisory URL](ftp://ftp.sco.com/pub/openserver5/507/mp/osr507mp4/osr507mp4.htm)\n[Vendor Specific Advisory URL](http://frontal1.mandriva.com/security/advisories?name=MDKSA-2005:170)\n[Vendor Specific Advisory URL](http://www.debian.org/security/2005/dsa-868)\n[Vendor Specific Advisory URL](ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt)\n[Vendor Specific Advisory URL](http://www.mozilla.org/security/announce/mfsa2005-58.html#zero-width)\n[Vendor Specific Advisory URL](http://www.debian.org/security/2005/dsa-866)\nSecurity Tracker: 1014954\nSecurity Tracker: 1014955\n[Secunia Advisory ID:16917](https://secuniaresearch.flexerasoftware.com/advisories/16917/)\n[Secunia Advisory ID:16919](https://secuniaresearch.flexerasoftware.com/advisories/16919/)\n[Secunia Advisory ID:16953](https://secuniaresearch.flexerasoftware.com/advisories/16953/)\n[Secunia Advisory ID:17149](https://secuniaresearch.flexerasoftware.com/advisories/17149/)\n[Secunia Advisory ID:17263](https://secuniaresearch.flexerasoftware.com/advisories/17263/)\n[Secunia Advisory ID:16944](https://secuniaresearch.flexerasoftware.com/advisories/16944/)\n[Secunia Advisory ID:16977](https://secuniaresearch.flexerasoftware.com/advisories/16977/)\n[Secunia Advisory ID:17026](https://secuniaresearch.flexerasoftware.com/advisories/17026/)\n[Secunia Advisory ID:17645](https://secuniaresearch.flexerasoftware.com/advisories/17645/)\n[Secunia Advisory ID:16911](https://secuniaresearch.flexerasoftware.com/advisories/16911/)\n[Secunia Advisory ID:16928](https://secuniaresearch.flexerasoftware.com/advisories/16928/)\n[Secunia Advisory ID:16918](https://secuniaresearch.flexerasoftware.com/advisories/16918/)\n[Secunia Advisory ID:16964](https://secuniaresearch.flexerasoftware.com/advisories/16964/)\n[Secunia Advisory ID:17284](https://secuniaresearch.flexerasoftware.com/advisories/17284/)\n[Secunia Advisory ID:16960](https://secuniaresearch.flexerasoftware.com/advisories/16960/)\n[Secunia Advisory ID:17014](https://secuniaresearch.flexerasoftware.com/advisories/17014/)\n[Related OSVDB ID: 19643](https://vulners.com/osvdb/OSVDB:19643)\n[Related OSVDB ID: 19649](https://vulners.com/osvdb/OSVDB:19649)\n[Related OSVDB ID: 19646](https://vulners.com/osvdb/OSVDB:19646)\n[Related OSVDB ID: 19647](https://vulners.com/osvdb/OSVDB:19647)\n[Related OSVDB ID: 19645](https://vulners.com/osvdb/OSVDB:19645)\n[Related OSVDB ID: 19648](https://vulners.com/osvdb/OSVDB:19648)\nRedHat RHSA: RHSA-2005:785\nRedHat RHSA: RHSA-2005:789\nOther Advisory URL: http://lists.suse.com/archive/suse-security-announce/2005-Sep/0011.html\nOther Advisory URL: http://lists.debian.org/debian-security-announce/debian-security-announce-2005/msg00231.html\nOther Advisory URL: http://www.ubuntu.com/usn/usn-200-1\nOther Advisory URL: http://www.ubuntu.com/usn/usn-186-1\nOther Advisory URL: ftp://patches.sgi.com/support/free/security/advisories/20050903-02-U.asc\nKeyword: SCOSA-2005.49\nKeyword: ZWNJ\n[CVE-2005-2702](https://vulners.com/cve/CVE-2005-2702)\n", "modified": "2005-09-22T05:31:37", "published": "2005-09-22T05:31:37", "href": "https://vulners.com/osvdb/OSVDB:19644", "id": "OSVDB:19644", "title": "Multiple Browser Unicode zero-width non- joiner Character DoS", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:16", "bulletinFamily": "software", "description": "# No description provided by the source\n\n## References:\nVendor Specific News/Changelog Entry: https://bugzilla.mozilla.org/show_bug.cgi?id=306804\n[Vendor Specific Advisory URL](http://slackware.com/security/viewer.php?l=slackware-security&y=2005&m=slackware-security.479350)\n[Vendor Specific Advisory URL](ftp://ftp.sco.com/pub/openserver5/507/mp/osr507mp4/osr507mp4.htm)\n[Vendor Specific Advisory URL](http://www.mozilla.org/security/announce/mfsa2005-58.html#closedwin)\n[Vendor Specific Advisory URL](http://frontal1.mandriva.com/security/advisories?name=MDKSA-2005:170)\n[Vendor Specific Advisory URL](http://www.debian.org/security/2005/dsa-868)\n[Vendor Specific Advisory URL](ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt)\n[Vendor Specific Advisory URL](http://www.debian.org/security/2005/dsa-866)\n[Vendor Specific Advisory URL](http://www.novell.com/linux/security/advisories/2006_04_25.html)\nSecurity Tracker: 1014954\nSecurity Tracker: 1014955\n[Secunia Advisory ID:16917](https://secuniaresearch.flexerasoftware.com/advisories/16917/)\n[Secunia Advisory ID:16919](https://secuniaresearch.flexerasoftware.com/advisories/16919/)\n[Secunia Advisory ID:16953](https://secuniaresearch.flexerasoftware.com/advisories/16953/)\n[Secunia Advisory ID:17149](https://secuniaresearch.flexerasoftware.com/advisories/17149/)\n[Secunia Advisory ID:17263](https://secuniaresearch.flexerasoftware.com/advisories/17263/)\n[Secunia Advisory ID:16944](https://secuniaresearch.flexerasoftware.com/advisories/16944/)\n[Secunia Advisory ID:16977](https://secuniaresearch.flexerasoftware.com/advisories/16977/)\n[Secunia Advisory ID:17026](https://secuniaresearch.flexerasoftware.com/advisories/17026/)\n[Secunia Advisory ID:17645](https://secuniaresearch.flexerasoftware.com/advisories/17645/)\n[Secunia Advisory ID:19823](https://secuniaresearch.flexerasoftware.com/advisories/19823/)\n[Secunia Advisory ID:16911](https://secuniaresearch.flexerasoftware.com/advisories/16911/)\n[Secunia Advisory ID:16928](https://secuniaresearch.flexerasoftware.com/advisories/16928/)\n[Secunia Advisory ID:16918](https://secuniaresearch.flexerasoftware.com/advisories/16918/)\n[Secunia Advisory ID:16964](https://secuniaresearch.flexerasoftware.com/advisories/16964/)\n[Secunia Advisory ID:17284](https://secuniaresearch.flexerasoftware.com/advisories/17284/)\n[Secunia Advisory ID:16960](https://secuniaresearch.flexerasoftware.com/advisories/16960/)\n[Secunia Advisory ID:17014](https://secuniaresearch.flexerasoftware.com/advisories/17014/)\n[Related OSVDB ID: 19643](https://vulners.com/osvdb/OSVDB:19643)\n[Related OSVDB ID: 19644](https://vulners.com/osvdb/OSVDB:19644)\n[Related OSVDB ID: 19646](https://vulners.com/osvdb/OSVDB:19646)\n[Related OSVDB ID: 19647](https://vulners.com/osvdb/OSVDB:19647)\n[Related OSVDB ID: 19645](https://vulners.com/osvdb/OSVDB:19645)\n[Related OSVDB ID: 19648](https://vulners.com/osvdb/OSVDB:19648)\nRedHat RHSA: RHSA-2005:785\nRedHat RHSA: RHSA-2005:789\nOther Advisory URL: http://lists.suse.com/archive/suse-security-announce/2005-Sep/0011.html\nOther Advisory URL: http://lists.debian.org/debian-security-announce/debian-security-announce-2005/msg00231.html\nOther Advisory URL: http://www.ubuntu.com/usn/usn-200-1\nOther Advisory URL: http://www.ubuntu.com/usn/usn-186-1\nOther Advisory URL: ftp://patches.sgi.com/support/free/security/advisories/20050903-02-U.asc\nKeyword: SCOSA-2005.49\n[CVE-2005-2707](https://vulners.com/cve/CVE-2005-2707)\n", "modified": "2005-09-22T05:31:37", "published": "2005-09-22T05:31:37", "href": "https://vulners.com/osvdb/OSVDB:19649", "id": "OSVDB:19649", "title": "Multiple Browser Chrome Window Spoofing", "type": "osvdb", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-04-28T13:20:16", "bulletinFamily": "software", "description": "# No description provided by the source\n\n## References:\nVendor Specific News/Changelog Entry: https://bugzilla.mozilla.org/show_bug.cgi?id=303213\n[Vendor Specific Advisory URL](http://slackware.com/security/viewer.php?l=slackware-security&y=2005&m=slackware-security.479350)\n[Vendor Specific Advisory URL](ftp://ftp.sco.com/pub/openserver5/507/mp/osr507mp4/osr507mp4.htm)\n[Vendor Specific Advisory URL](http://frontal1.mandriva.com/security/advisories?name=MDKSA-2005:170)\n[Vendor Specific Advisory URL](http://www.debian.org/security/2005/dsa-868)\n[Vendor Specific Advisory URL](ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt)\n[Vendor Specific Advisory URL](http://www.mozilla.org/security/announce/mfsa2005-58.html#js-int)\n[Vendor Specific Advisory URL](http://www.debian.org/security/2005/dsa-866)\nSecurity Tracker: 1014954\nSecurity Tracker: 1014955\n[Secunia Advisory ID:16917](https://secuniaresearch.flexerasoftware.com/advisories/16917/)\n[Secunia Advisory ID:16919](https://secuniaresearch.flexerasoftware.com/advisories/16919/)\n[Secunia Advisory ID:16953](https://secuniaresearch.flexerasoftware.com/advisories/16953/)\n[Secunia Advisory ID:17149](https://secuniaresearch.flexerasoftware.com/advisories/17149/)\n[Secunia Advisory ID:17263](https://secuniaresearch.flexerasoftware.com/advisories/17263/)\n[Secunia Advisory ID:16977](https://secuniaresearch.flexerasoftware.com/advisories/16977/)\n[Secunia Advisory ID:17026](https://secuniaresearch.flexerasoftware.com/advisories/17026/)\n[Secunia Advisory ID:17645](https://secuniaresearch.flexerasoftware.com/advisories/17645/)\n[Secunia Advisory ID:16911](https://secuniaresearch.flexerasoftware.com/advisories/16911/)\n[Secunia Advisory ID:16928](https://secuniaresearch.flexerasoftware.com/advisories/16928/)\n[Secunia Advisory ID:16918](https://secuniaresearch.flexerasoftware.com/advisories/16918/)\n[Secunia Advisory ID:16964](https://secuniaresearch.flexerasoftware.com/advisories/16964/)\n[Secunia Advisory ID:17284](https://secuniaresearch.flexerasoftware.com/advisories/17284/)\n[Secunia Advisory ID:16960](https://secuniaresearch.flexerasoftware.com/advisories/16960/)\n[Secunia Advisory ID:17014](https://secuniaresearch.flexerasoftware.com/advisories/17014/)\n[Related OSVDB ID: 19643](https://vulners.com/osvdb/OSVDB:19643)\n[Related OSVDB ID: 19644](https://vulners.com/osvdb/OSVDB:19644)\n[Related OSVDB ID: 19649](https://vulners.com/osvdb/OSVDB:19649)\n[Related OSVDB ID: 19646](https://vulners.com/osvdb/OSVDB:19646)\n[Related OSVDB ID: 19645](https://vulners.com/osvdb/OSVDB:19645)\n[Related OSVDB ID: 19648](https://vulners.com/osvdb/OSVDB:19648)\nRedHat RHSA: RHSA-2005:785\nRedHat RHSA: RHSA-2005:789\nOther Advisory URL: http://lists.suse.com/archive/suse-security-announce/2005-Sep/0011.html\nOther Advisory URL: http://lists.debian.org/debian-security-announce/debian-security-announce-2005/msg00231.html\nOther Advisory URL: http://www.ubuntu.com/usn/usn-200-1\nOther Advisory URL: http://www.ubuntu.com/usn/usn-186-1\nOther Advisory URL: ftp://patches.sgi.com/support/free/security/advisories/20050903-02-U.asc\nKeyword: SCOSA-2005.49\n[CVE-2005-2705](https://vulners.com/cve/CVE-2005-2705)\n", "modified": "2005-09-22T05:31:37", "published": "2005-09-22T05:31:37", "href": "https://vulners.com/osvdb/OSVDB:19647", "id": "OSVDB:19647", "title": "Multiple Browser JavaScript Engine Overflow", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:16", "bulletinFamily": "software", "description": "# No description provided by the source\n\n## References:\nVendor Specific News/Changelog Entry: https://bugzilla.mozilla.org/show_bug.cgi?id=306261\nVendor Specific News/Changelog Entry: https://bugzilla.mozilla.org/show_bug.cgi?id=304754\n[Vendor Specific Advisory URL](http://slackware.com/security/viewer.php?l=slackware-security&y=2005&m=slackware-security.479350)\n[Vendor Specific Advisory URL](ftp://ftp.sco.com/pub/openserver5/507/mp/osr507mp4/osr507mp4.htm)\n[Vendor Specific Advisory URL](http://www.mozilla.org/security/announce/mfsa2005-58.html#about)\n[Vendor Specific Advisory URL](http://frontal1.mandriva.com/security/advisories?name=MDKSA-2005:170)\n[Vendor Specific Advisory URL](http://www.debian.org/security/2005/dsa-868)\n[Vendor Specific Advisory URL](ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt)\n[Vendor Specific Advisory URL](http://www.debian.org/security/2005/dsa-866)\n[Vendor Specific Advisory URL](http://www.novell.com/linux/security/advisories/2006_04_25.html)\nSecurity Tracker: 1014954\nSecurity Tracker: 1014955\n[Secunia Advisory ID:16917](https://secuniaresearch.flexerasoftware.com/advisories/16917/)\n[Secunia Advisory ID:16919](https://secuniaresearch.flexerasoftware.com/advisories/16919/)\n[Secunia Advisory ID:16953](https://secuniaresearch.flexerasoftware.com/advisories/16953/)\n[Secunia Advisory ID:17149](https://secuniaresearch.flexerasoftware.com/advisories/17149/)\n[Secunia Advisory ID:17263](https://secuniaresearch.flexerasoftware.com/advisories/17263/)\n[Secunia Advisory ID:16977](https://secuniaresearch.flexerasoftware.com/advisories/16977/)\n[Secunia Advisory ID:17026](https://secuniaresearch.flexerasoftware.com/advisories/17026/)\n[Secunia Advisory ID:17645](https://secuniaresearch.flexerasoftware.com/advisories/17645/)\n[Secunia Advisory ID:19823](https://secuniaresearch.flexerasoftware.com/advisories/19823/)\n[Secunia Advisory ID:16911](https://secuniaresearch.flexerasoftware.com/advisories/16911/)\n[Secunia Advisory ID:16928](https://secuniaresearch.flexerasoftware.com/advisories/16928/)\n[Secunia Advisory ID:16918](https://secuniaresearch.flexerasoftware.com/advisories/16918/)\n[Secunia Advisory ID:16964](https://secuniaresearch.flexerasoftware.com/advisories/16964/)\n[Secunia Advisory ID:17284](https://secuniaresearch.flexerasoftware.com/advisories/17284/)\n[Secunia Advisory ID:16960](https://secuniaresearch.flexerasoftware.com/advisories/16960/)\n[Secunia Advisory ID:17014](https://secuniaresearch.flexerasoftware.com/advisories/17014/)\n[Related OSVDB ID: 19643](https://vulners.com/osvdb/OSVDB:19643)\n[Related OSVDB ID: 19644](https://vulners.com/osvdb/OSVDB:19644)\n[Related OSVDB ID: 19649](https://vulners.com/osvdb/OSVDB:19649)\n[Related OSVDB ID: 19646](https://vulners.com/osvdb/OSVDB:19646)\n[Related OSVDB ID: 19647](https://vulners.com/osvdb/OSVDB:19647)\n[Related OSVDB ID: 19645](https://vulners.com/osvdb/OSVDB:19645)\nRedHat RHSA: RHSA-2005:785\nRedHat RHSA: RHSA-2005:789\nOther Advisory URL: http://lists.suse.com/archive/suse-security-announce/2005-Sep/0011.html\nOther Advisory URL: http://lists.debian.org/debian-security-announce/debian-security-announce-2005/msg00231.html\nOther Advisory URL: http://www.ubuntu.com/usn/usn-200-1\nOther Advisory URL: http://www.ubuntu.com/usn/usn-186-1\nOther Advisory URL: ftp://patches.sgi.com/support/free/security/advisories/20050903-02-U.asc\nKeyword: SCOSA-2005.49\n[CVE-2005-2706](https://vulners.com/cve/CVE-2005-2706)\n", "modified": "2005-09-22T05:31:37", "published": "2005-09-22T05:31:37", "href": "https://vulners.com/osvdb/OSVDB:19648", "id": "OSVDB:19648", "title": "Mozilla Browsers about: Page Privilege Escalation", "type": "osvdb", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-04-28T13:20:16", "bulletinFamily": "software", "description": "# No description provided by the source\n\n## References:\nVendor Specific News/Changelog Entry: https://bugzilla.mozilla.org/show_bug.cgi?id=302263\nVendor Specific News/Changelog Entry: https://bugzilla.mozilla.org/show_bug.cgi?id=297078\n[Vendor Specific Advisory URL](http://www.mozilla.org/security/announce/mfsa2005-58.html#xmlhttp)\n[Vendor Specific Advisory URL](http://slackware.com/security/viewer.php?l=slackware-security&y=2005&m=slackware-security.479350)\n[Vendor Specific Advisory URL](ftp://ftp.sco.com/pub/openserver5/507/mp/osr507mp4/osr507mp4.htm)\n[Vendor Specific Advisory URL](http://frontal1.mandriva.com/security/advisories?name=MDKSA-2005:170)\n[Vendor Specific Advisory URL](http://www.debian.org/security/2005/dsa-868)\n[Vendor Specific Advisory URL](ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt)\n[Vendor Specific Advisory URL](http://www.debian.org/security/2005/dsa-866)\nSecurity Tracker: 1014954\nSecurity Tracker: 1014955\n[Secunia Advisory ID:16917](https://secuniaresearch.flexerasoftware.com/advisories/16917/)\n[Secunia Advisory ID:16919](https://secuniaresearch.flexerasoftware.com/advisories/16919/)\n[Secunia Advisory ID:16953](https://secuniaresearch.flexerasoftware.com/advisories/16953/)\n[Secunia Advisory ID:17149](https://secuniaresearch.flexerasoftware.com/advisories/17149/)\n[Secunia Advisory ID:17263](https://secuniaresearch.flexerasoftware.com/advisories/17263/)\n[Secunia Advisory ID:16944](https://secuniaresearch.flexerasoftware.com/advisories/16944/)\n[Secunia Advisory ID:16977](https://secuniaresearch.flexerasoftware.com/advisories/16977/)\n[Secunia Advisory ID:17026](https://secuniaresearch.flexerasoftware.com/advisories/17026/)\n[Secunia Advisory ID:17645](https://secuniaresearch.flexerasoftware.com/advisories/17645/)\n[Secunia Advisory ID:16911](https://secuniaresearch.flexerasoftware.com/advisories/16911/)\n[Secunia Advisory ID:16928](https://secuniaresearch.flexerasoftware.com/advisories/16928/)\n[Secunia Advisory ID:16918](https://secuniaresearch.flexerasoftware.com/advisories/16918/)\n[Secunia Advisory ID:16964](https://secuniaresearch.flexerasoftware.com/advisories/16964/)\n[Secunia Advisory ID:17284](https://secuniaresearch.flexerasoftware.com/advisories/17284/)\n[Secunia Advisory ID:16960](https://secuniaresearch.flexerasoftware.com/advisories/16960/)\n[Secunia Advisory ID:17014](https://secuniaresearch.flexerasoftware.com/advisories/17014/)\n[Related OSVDB ID: 19643](https://vulners.com/osvdb/OSVDB:19643)\n[Related OSVDB ID: 19644](https://vulners.com/osvdb/OSVDB:19644)\n[Related OSVDB ID: 19649](https://vulners.com/osvdb/OSVDB:19649)\n[Related OSVDB ID: 19646](https://vulners.com/osvdb/OSVDB:19646)\n[Related OSVDB ID: 19647](https://vulners.com/osvdb/OSVDB:19647)\n[Related OSVDB ID: 19648](https://vulners.com/osvdb/OSVDB:19648)\nRedHat RHSA: RHSA-2005:785\nRedHat RHSA: RHSA-2005:789\nOther Advisory URL: http://lists.suse.com/archive/suse-security-announce/2005-Sep/0011.html\nOther Advisory URL: http://lists.debian.org/debian-security-announce/debian-security-announce-2005/msg00231.html\nOther Advisory URL: http://www.ubuntu.com/usn/usn-200-1\nOther Advisory URL: http://www.ubuntu.com/usn/usn-186-1\nOther Advisory URL: ftp://patches.sgi.com/support/free/security/advisories/20050903-02-U.asc\nKeyword: SCOSA-2005.49\n[CVE-2005-2703](https://vulners.com/cve/CVE-2005-2703)\n", "modified": "2005-09-22T05:31:37", "published": "2005-09-22T05:31:37", "href": "https://vulners.com/osvdb/OSVDB:19645", "id": "OSVDB:19645", "title": "Multiple Browser XMLHttpRequest Header Spoofing", "type": "osvdb", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:14", "bulletinFamily": "software", "description": "The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com\r\n- - promotion\r\n\r\nThe SecuriTeam alerts list - Free, Accurate, Independent.\r\n\r\nGet your security news from a reliable source.\r\nhttp://www.securiteam.com/mailinglist.html \r\n\r\n- - - - - - - - -\r\n\r\n\r\n\r\n Gecko based browsers Stack Corruption\r\n------------------------------------------------------------------------\r\n\r\n\r\nSUMMARY\r\n\r\nLack of proper length and value checking allow attacker to cause a buffer \r\noverflow and execute arbitrary code or cause a DoS using Gecko based web \r\nbrowsers.\r\n\r\nDETAILS\r\n\r\nVulnerable Systems:\r\n * Mozilla firefox 1.0.6 and prior\r\n * Netscape Browser version 8.0.3.3\r\n * K-Meleon Browser version 0.9\r\n\r\nImmune Systems:\r\n * Mozilla firefox 1.0.7\r\n\r\nStack Corruption:\r\nThe problem existed in "zero-width non-joiner" sequence of unicode chars \r\nthat uses Arabic shaping style. Because the code did not checked for \r\nbuffer length before manipulating the given text. On a crafted content, it \r\nis possible to cause the buffer to be twice the size the actual data, and \r\nmemory allocated for the buffer itself.\r\n\r\nProof of Concept:\r\n< html>\r\n< body>\r\n& #8204;& #8204;&# 8204;& #8204;& #8204;& #8204;& #8204;& #8204;& #1742;\r\n& #8204;& #8204;& #1740;& #8204;\r\n< /body>\r\n< /html>\r\n\r\nCVE Information:\r\n <http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2702> \r\nCAN-2005-2702\r\n\r\n\r\nADDITIONAL INFORMATION\r\n\r\nThe information has been provided by <mailto:juha-matti.laurio@netti.fi> \r\nJuha-Matti Laurio .\r\nThe original article can be found at: \r\n<http://www.mozilla.org/security/announce/mfsa2005-58.html> \r\nhttp://www.mozilla.org/security/announce/mfsa2005-58.html\r\nThe bug report can be found at: \r\n<https://bugzilla.mozilla.org/show_bug.cgi?id=296134> \r\nhttps://bugzilla.mozilla.org/show_bug.cgi?id=296134\r\n\r\n\r\n\r\n======================================== \r\n\r\n\r\nThis bulletin is sent to members of the SecuriTeam mailing list. \r\nTo unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com \r\nIn order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com \r\n\r\n\r\n==================== \r\n==================== \r\n\r\nDISCLAIMER: \r\nThe information in this bulletin is provided "AS IS" without warranty of any kind. \r\nIn no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages. \r\n\r\n\r\n\r\n", "modified": "2005-09-26T00:00:00", "published": "2005-09-26T00:00:00", "id": "SECURITYVULNS:DOC:9790", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:9790", "title": "[NEWS] Gecko based browsers Stack Corruption", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}
