ID RHSA-2008:0208 Type redhat Reporter RedHat Modified 2018-05-11T23:26:55
Description
SeaMonkey is an open source Web browser, advanced email and newsgroup
client, IRC chat client, and HTML editor.
Several flaws were found in the processing of some malformed web content. A
web page containing such malicious content could cause SeaMonkey to crash
or, potentially, execute arbitrary code as the user running SeaMonkey.
(CVE-2008-1233, CVE-2008-1235, CVE-2008-1236, CVE-2008-1237)
Several flaws were found in the display of malformed web content. A web
page containing specially-crafted content could, potentially, trick a
SeaMonkey user into surrendering sensitive information. (CVE-2008-1234,
CVE-2008-1238, CVE-2008-1241)
All SeaMonkey users should upgrade to these updated packages, which contain
backported patches to resolve these issues.
{"centos": [{"lastseen": "2017-10-03T18:24:51", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2008:0208\n\n\nSeaMonkey is an open source Web browser, advanced email and newsgroup\r\nclient, IRC chat client, and HTML editor.\r\n\r\nSeveral flaws were found in the processing of some malformed web content. A\r\nweb page containing such malicious content could cause SeaMonkey to crash\r\nor, potentially, execute arbitrary code as the user running SeaMonkey.\r\n(CVE-2008-1233, CVE-2008-1235, CVE-2008-1236, CVE-2008-1237)\r\n\r\nSeveral flaws were found in the display of malformed web content. A web\r\npage containing specially-crafted content could, potentially, trick a\r\nSeaMonkey user into surrendering sensitive information. (CVE-2008-1234,\r\nCVE-2008-1238, CVE-2008-1241)\r\n\r\nAll SeaMonkey users should upgrade to these updated packages, which contain\r\nbackported patches to resolve these issues.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2008-March/014785.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-March/014786.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-March/014787.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-March/014788.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-March/014789.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-March/014791.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-March/014792.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-March/014794.html\n\n**Affected packages:**\nseamonkey\nseamonkey-chat\nseamonkey-devel\nseamonkey-dom-inspector\nseamonkey-js-debugger\nseamonkey-mail\nseamonkey-nspr\nseamonkey-nspr-devel\nseamonkey-nss\nseamonkey-nss-devel\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2008-0208.html", "modified": "2008-03-29T17:25:08", "published": "2008-03-28T11:28:19", "href": "http://lists.centos.org/pipermail/centos-announce/2008-March/014785.html", "id": "CESA-2008:0208", "title": "seamonkey security update", "type": "centos", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-10-03T18:26:19", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2008:0208-01\n\n\nSeaMonkey is an open source Web browser, advanced email and newsgroup\r\nclient, IRC chat client, and HTML editor.\r\n\r\nSeveral flaws were found in the processing of some malformed web content. A\r\nweb page containing such malicious content could cause SeaMonkey to crash\r\nor, potentially, execute arbitrary code as the user running SeaMonkey.\r\n(CVE-2008-1233, CVE-2008-1235, CVE-2008-1236, CVE-2008-1237)\r\n\r\nSeveral flaws were found in the display of malformed web content. A web\r\npage containing specially-crafted content could, potentially, trick a\r\nSeaMonkey user into surrendering sensitive information. (CVE-2008-1234,\r\nCVE-2008-1238, CVE-2008-1241)\r\n\r\nAll SeaMonkey users should upgrade to these updated packages, which contain\r\nbackported patches to resolve these issues.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2008-March/014784.html\n\n**Affected packages:**\nseamonkey\nseamonkey-chat\nseamonkey-devel\nseamonkey-dom-inspector\nseamonkey-js-debugger\nseamonkey-mail\nseamonkey-nspr\nseamonkey-nspr-devel\nseamonkey-nss\nseamonkey-nss-devel\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/rh21as-errata.html", "modified": "2008-03-28T04:51:58", "published": "2008-03-28T04:51:58", "href": "http://lists.centos.org/pipermail/centos-announce/2008-March/014784.html", "id": "CESA-2008:0208-01", "title": "seamonkey security update", "type": "centos", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-10-03T18:25:04", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2008:0209\n\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\r\n\r\nSeveral flaws were found in the processing of some malformed HTML mail\r\ncontent. An HTML mail message containing such malicious content could cause\r\nThunderbird to crash or, potentially, execute arbitrary code as the user\r\nrunning Thunderbird. (CVE-2008-1233, CVE-2008-1235, CVE-2008-1236,\r\nCVE-2008-1237)\r\n\r\nSeveral flaws were found in the display of malformed web content. An HTML\r\nmail message containing specially-crafted content could, potentially, trick\r\na user into surrendering sensitive information. (CVE-2008-1234,\r\nCVE-2008-1238, CVE-2008-1241)\r\n\r\nNote: JavaScript support is disabled by default in Thunderbird; the above\r\nissues are not exploitable unless JavaScript is enabled.\r\n\r\nAll Thunderbird users should upgrade to these updated packages, which\r\ncontain backported patches to resolve these issues.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2008-April/014807.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-April/014808.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-April/014816.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-April/014817.html\n\n**Affected packages:**\nthunderbird\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2008-0209.html", "modified": "2008-04-12T07:43:53", "published": "2008-04-10T17:03:24", "href": "http://lists.centos.org/pipermail/centos-announce/2008-April/014807.html", "id": "CESA-2008:0209", "title": "thunderbird security update", "type": "centos", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-10-03T18:24:38", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2008:0207\n\n\nMozilla Firefox is an open source Web browser.\r\n\r\nSeveral flaws were found in the processing of some malformed web content. A\r\nweb page containing such malicious content could cause Firefox to crash or,\r\npotentially, execute arbitrary code as the user running Firefox.\r\n(CVE-2008-1233, CVE-2008-1235, CVE-2008-1236, CVE-2008-1237)\r\n\r\nSeveral flaws were found in the display of malformed web content. A web\r\npage containing specially-crafted content could, potentially, trick a\r\nFirefox user into surrendering sensitive information. (CVE-2008-1234,\r\nCVE-2008-1238, CVE-2008-1241)\r\n\r\nAll Firefox users should upgrade to these updated packages, which contain\r\nbackported patches that correct these issues.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2008-March/014778.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-March/014779.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-March/014780.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-March/014781.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-March/014782.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-March/014783.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-March/014790.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-March/014793.html\n\n**Affected packages:**\nfirefox\nfirefox-devel\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2008-0207.html", "modified": "2008-03-29T09:18:01", "published": "2008-03-27T14:36:53", "href": "http://lists.centos.org/pipermail/centos-announce/2008-March/014778.html", "id": "CESA-2008:0207", "title": "firefox security update", "type": "centos", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2019-01-16T20:08:13", "bulletinFamily": "scanner", "description": "Updated SeaMonkey packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 2.1, 3, and 4.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nSeaMonkey is an open source Web browser, advanced email and newsgroup\nclient, IRC chat client, and HTML editor.\n\nSeveral flaws were found in the processing of some malformed web\ncontent. A web page containing such malicious content could cause\nSeaMonkey to crash or, potentially, execute arbitrary code as the user\nrunning SeaMonkey. (CVE-2008-1233, CVE-2008-1235, CVE-2008-1236,\nCVE-2008-1237)\n\nSeveral flaws were found in the display of malformed web content. A\nweb page containing specially crafted content could, potentially,\ntrick a SeaMonkey user into surrendering sensitive information.\n(CVE-2008-1234, CVE-2008-1238, CVE-2008-1241)\n\nAll SeaMonkey users should upgrade to these updated packages, which\ncontain backported patches to resolve these issues.", "modified": "2019-01-02T00:00:00", "published": "2008-03-28T00:00:00", "id": "REDHAT-RHSA-2008-0208.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=31695", "title": "RHEL 2.1 / 3 / 4 : seamonkey (RHSA-2008:0208)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2008:0208. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(31695);\n script_version (\"1.23\");\n script_cvs_date(\"Date: 2019/01/02 16:37:55\");\n\n script_cve_id(\"CVE-2008-0414\", \"CVE-2008-1233\", \"CVE-2008-1234\", \"CVE-2008-1235\", \"CVE-2008-1236\", \"CVE-2008-1237\", \"CVE-2008-1238\", \"CVE-2008-1241\");\n script_bugtraq_id(28448);\n script_xref(name:\"RHSA\", value:\"2008:0208\");\n\n script_name(english:\"RHEL 2.1 / 3 / 4 : seamonkey (RHSA-2008:0208)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated SeaMonkey packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 2.1, 3, and 4.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nSeaMonkey is an open source Web browser, advanced email and newsgroup\nclient, IRC chat client, and HTML editor.\n\nSeveral flaws were found in the processing of some malformed web\ncontent. A web page containing such malicious content could cause\nSeaMonkey to crash or, potentially, execute arbitrary code as the user\nrunning SeaMonkey. (CVE-2008-1233, CVE-2008-1235, CVE-2008-1236,\nCVE-2008-1237)\n\nSeveral flaws were found in the display of malformed web content. A\nweb page containing specially crafted content could, potentially,\ntrick a SeaMonkey user into surrendering sensitive information.\n(CVE-2008-1234, CVE-2008-1238, CVE-2008-1241)\n\nAll SeaMonkey users should upgrade to these updated packages, which\ncontain backported patches to resolve these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-0414\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-1233\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-1234\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-1235\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-1236\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-1237\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-1238\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-1241\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2008:0208\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 59, 79, 94, 287, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:seamonkey\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:seamonkey-chat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:seamonkey-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:seamonkey-dom-inspector\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:seamonkey-js-debugger\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:seamonkey-mail\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:seamonkey-nspr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:seamonkey-nspr-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:seamonkey-nss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:seamonkey-nss-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:2.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4.6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/03/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/03/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(2\\.1|3|4)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 2.1 / 3.x / 4.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2008:0208\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"seamonkey-1.0.9-0.14.el2\")) flag++;\n\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"seamonkey-chat-1.0.9-0.14.el2\")) flag++;\n\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"seamonkey-devel-1.0.9-0.14.el2\")) flag++;\n\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"seamonkey-dom-inspector-1.0.9-0.14.el2\")) flag++;\n\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"seamonkey-js-debugger-1.0.9-0.14.el2\")) flag++;\n\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"seamonkey-mail-1.0.9-0.14.el2\")) flag++;\n\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"seamonkey-nspr-1.0.9-0.14.el2\")) flag++;\n\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"seamonkey-nspr-devel-1.0.9-0.14.el2\")) flag++;\n\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"seamonkey-nss-1.0.9-0.14.el2\")) flag++;\n\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"seamonkey-nss-devel-1.0.9-0.14.el2\")) flag++;\n\n\n if (rpm_check(release:\"RHEL3\", reference:\"seamonkey-1.0.9-0.16.el3\")) flag++;\n\n if (rpm_check(release:\"RHEL3\", reference:\"seamonkey-chat-1.0.9-0.16.el3\")) flag++;\n\n if (rpm_check(release:\"RHEL3\", reference:\"seamonkey-devel-1.0.9-0.16.el3\")) flag++;\n\n if (rpm_check(release:\"RHEL3\", reference:\"seamonkey-dom-inspector-1.0.9-0.16.el3\")) flag++;\n\n if (rpm_check(release:\"RHEL3\", reference:\"seamonkey-js-debugger-1.0.9-0.16.el3\")) flag++;\n\n if (rpm_check(release:\"RHEL3\", reference:\"seamonkey-mail-1.0.9-0.16.el3\")) flag++;\n\n if (rpm_check(release:\"RHEL3\", reference:\"seamonkey-nspr-1.0.9-0.16.el3\")) flag++;\n\n if (rpm_check(release:\"RHEL3\", reference:\"seamonkey-nspr-devel-1.0.9-0.16.el3\")) flag++;\n\n if (rpm_check(release:\"RHEL3\", reference:\"seamonkey-nss-1.0.9-0.16.el3\")) flag++;\n\n if (rpm_check(release:\"RHEL3\", reference:\"seamonkey-nss-devel-1.0.9-0.16.el3\")) flag++;\n\n\n if (rpm_check(release:\"RHEL4\", reference:\"seamonkey-1.0.9-15.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"seamonkey-chat-1.0.9-15.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"seamonkey-devel-1.0.9-15.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"seamonkey-dom-inspector-1.0.9-15.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"seamonkey-js-debugger-1.0.9-15.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"seamonkey-mail-1.0.9-15.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"seamonkey-nspr-1.0.9-15.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"seamonkey-nspr-devel-1.0.9-15.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"seamonkey-nss-1.0.9-15.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"seamonkey-nss-devel-1.0.9-15.el4\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"seamonkey / seamonkey-chat / seamonkey-devel / etc\");\n }\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:16:28", "bulletinFamily": "scanner", "description": "From Red Hat Security Advisory 2008:0208 :\n\nUpdated SeaMonkey packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 2.1, 3, and 4.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nSeaMonkey is an open source Web browser, advanced email and newsgroup\nclient, IRC chat client, and HTML editor.\n\nSeveral flaws were found in the processing of some malformed web\ncontent. A web page containing such malicious content could cause\nSeaMonkey to crash or, potentially, execute arbitrary code as the user\nrunning SeaMonkey. (CVE-2008-1233, CVE-2008-1235, CVE-2008-1236,\nCVE-2008-1237)\n\nSeveral flaws were found in the display of malformed web content. A\nweb page containing specially crafted content could, potentially,\ntrick a SeaMonkey user into surrendering sensitive information.\n(CVE-2008-1234, CVE-2008-1238, CVE-2008-1241)\n\nAll SeaMonkey users should upgrade to these updated packages, which\ncontain backported patches to resolve these issues.", "modified": "2019-01-02T00:00:00", "published": "2013-07-12T00:00:00", "id": "ORACLELINUX_ELSA-2008-0208.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=67676", "title": "Oracle Linux 3 / 4 : seamonkey (ELSA-2008-0208)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2008:0208 and \n# Oracle Linux Security Advisory ELSA-2008-0208 respectively.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(67676);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2019/01/02 16:37:55\");\n\n script_cve_id(\"CVE-2008-0414\", \"CVE-2008-1233\", \"CVE-2008-1234\", \"CVE-2008-1235\", \"CVE-2008-1236\", \"CVE-2008-1237\", \"CVE-2008-1238\", \"CVE-2008-1241\");\n script_bugtraq_id(28448);\n script_xref(name:\"RHSA\", value:\"2008:0208\");\n\n script_name(english:\"Oracle Linux 3 / 4 : seamonkey (ELSA-2008-0208)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2008:0208 :\n\nUpdated SeaMonkey packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 2.1, 3, and 4.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nSeaMonkey is an open source Web browser, advanced email and newsgroup\nclient, IRC chat client, and HTML editor.\n\nSeveral flaws were found in the processing of some malformed web\ncontent. A web page containing such malicious content could cause\nSeaMonkey to crash or, potentially, execute arbitrary code as the user\nrunning SeaMonkey. (CVE-2008-1233, CVE-2008-1235, CVE-2008-1236,\nCVE-2008-1237)\n\nSeveral flaws were found in the display of malformed web content. A\nweb page containing specially crafted content could, potentially,\ntrick a SeaMonkey user into surrendering sensitive information.\n(CVE-2008-1234, CVE-2008-1238, CVE-2008-1241)\n\nAll SeaMonkey users should upgrade to these updated packages, which\ncontain backported patches to resolve these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2008-March/000553.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2008-March/000554.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected seamonkey packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 59, 79, 94, 287, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:seamonkey\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:seamonkey-chat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:seamonkey-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:seamonkey-dom-inspector\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:seamonkey-js-debugger\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:seamonkey-mail\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:seamonkey-nspr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:seamonkey-nspr-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:seamonkey-nss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:seamonkey-nss-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/03/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(3|4)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 3 / 4\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"seamonkey-1.0.9-0.16.el3.0.1\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"seamonkey-1.0.9-0.16.el3.0.1\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"seamonkey-chat-1.0.9-0.16.el3.0.1\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"seamonkey-chat-1.0.9-0.16.el3.0.1\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"seamonkey-devel-1.0.9-0.16.el3.0.1\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"seamonkey-devel-1.0.9-0.16.el3.0.1\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"seamonkey-dom-inspector-1.0.9-0.16.el3.0.1\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"seamonkey-dom-inspector-1.0.9-0.16.el3.0.1\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"seamonkey-js-debugger-1.0.9-0.16.el3.0.1\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"seamonkey-js-debugger-1.0.9-0.16.el3.0.1\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"seamonkey-mail-1.0.9-0.16.el3.0.1\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"seamonkey-mail-1.0.9-0.16.el3.0.1\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"seamonkey-nspr-1.0.9-0.16.el3.0.1\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"seamonkey-nspr-1.0.9-0.16.el3.0.1\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"seamonkey-nspr-devel-1.0.9-0.16.el3.0.1\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"seamonkey-nspr-devel-1.0.9-0.16.el3.0.1\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"seamonkey-nss-1.0.9-0.16.el3.0.1\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"seamonkey-nss-1.0.9-0.16.el3.0.1\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"seamonkey-nss-devel-1.0.9-0.16.el3.0.1\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"seamonkey-nss-devel-1.0.9-0.16.el3.0.1\")) flag++;\n\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"seamonkey-1.0.9-15.el4.0.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"seamonkey-1.0.9-15.el4.0.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"seamonkey-chat-1.0.9-15.el4.0.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"seamonkey-chat-1.0.9-15.el4.0.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"seamonkey-devel-1.0.9-15.el4.0.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"seamonkey-devel-1.0.9-15.el4.0.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"seamonkey-dom-inspector-1.0.9-15.el4.0.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"seamonkey-dom-inspector-1.0.9-15.el4.0.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"seamonkey-js-debugger-1.0.9-15.el4.0.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"seamonkey-js-debugger-1.0.9-15.el4.0.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"seamonkey-mail-1.0.9-15.el4.0.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"seamonkey-mail-1.0.9-15.el4.0.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"seamonkey-nspr-1.0.9-15.el4.0.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"seamonkey-nspr-1.0.9-15.el4.0.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"seamonkey-nspr-devel-1.0.9-15.el4.0.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"seamonkey-nspr-devel-1.0.9-15.el4.0.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"seamonkey-nss-1.0.9-15.el4.0.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"seamonkey-nss-1.0.9-15.el4.0.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"seamonkey-nss-devel-1.0.9-15.el4.0.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"seamonkey-nss-devel-1.0.9-15.el4.0.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"seamonkey / seamonkey-chat / seamonkey-devel / etc\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:08:12", "bulletinFamily": "scanner", "description": "Updated SeaMonkey packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 2.1, 3, and 4.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nSeaMonkey is an open source Web browser, advanced email and newsgroup\nclient, IRC chat client, and HTML editor.\n\nSeveral flaws were found in the processing of some malformed web\ncontent. A web page containing such malicious content could cause\nSeaMonkey to crash or, potentially, execute arbitrary code as the user\nrunning SeaMonkey. (CVE-2008-1233, CVE-2008-1235, CVE-2008-1236,\nCVE-2008-1237)\n\nSeveral flaws were found in the display of malformed web content. A\nweb page containing specially crafted content could, potentially,\ntrick a SeaMonkey user into surrendering sensitive information.\n(CVE-2008-1234, CVE-2008-1238, CVE-2008-1241)\n\nAll SeaMonkey users should upgrade to these updated packages, which\ncontain backported patches to resolve these issues.", "modified": "2018-11-28T00:00:00", "published": "2008-03-28T00:00:00", "id": "CENTOS_RHSA-2008-0208.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=31685", "title": "CentOS 3 / 4 : seamonkey (CESA-2008:0208)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2008:0208 and \n# CentOS Errata and Security Advisory 2008:0208 respectively.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(31685);\n script_version(\"1.16\");\n script_cvs_date(\"Date: 2018/11/28 22:47:41\");\n\n script_cve_id(\"CVE-2008-0414\", \"CVE-2008-1233\", \"CVE-2008-1234\", \"CVE-2008-1235\", \"CVE-2008-1236\", \"CVE-2008-1237\", \"CVE-2008-1238\", \"CVE-2008-1241\");\n script_bugtraq_id(28448);\n script_xref(name:\"RHSA\", value:\"2008:0208\");\n\n script_name(english:\"CentOS 3 / 4 : seamonkey (CESA-2008:0208)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated SeaMonkey packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 2.1, 3, and 4.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nSeaMonkey is an open source Web browser, advanced email and newsgroup\nclient, IRC chat client, and HTML editor.\n\nSeveral flaws were found in the processing of some malformed web\ncontent. A web page containing such malicious content could cause\nSeaMonkey to crash or, potentially, execute arbitrary code as the user\nrunning SeaMonkey. (CVE-2008-1233, CVE-2008-1235, CVE-2008-1236,\nCVE-2008-1237)\n\nSeveral flaws were found in the display of malformed web content. A\nweb page containing specially crafted content could, potentially,\ntrick a SeaMonkey user into surrendering sensitive information.\n(CVE-2008-1234, CVE-2008-1238, CVE-2008-1241)\n\nAll SeaMonkey users should upgrade to these updated packages, which\ncontain backported patches to resolve these issues.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2008-March/014785.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8ede1fec\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2008-March/014786.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?eab8fa86\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2008-March/014787.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e19014ec\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2008-March/014788.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?563a58d7\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2008-March/014789.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?90e79e58\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2008-March/014791.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7f54bb20\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected seamonkey packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 59, 79, 94, 287, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:seamonkey\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:seamonkey-chat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:seamonkey-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:seamonkey-dom-inspector\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:seamonkey-js-debugger\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:seamonkey-mail\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:seamonkey-nspr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:seamonkey-nspr-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:seamonkey-nss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:seamonkey-nss-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/03/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/03/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-3\", reference:\"seamonkey-1.0.9-0.16.el3.centos3\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"seamonkey-chat-1.0.9-0.16.el3.centos3\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"seamonkey-devel-1.0.9-0.16.el3.centos3\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"seamonkey-dom-inspector-1.0.9-0.16.el3.centos3\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"seamonkey-js-debugger-1.0.9-0.16.el3.centos3\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"seamonkey-mail-1.0.9-0.16.el3.centos3\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"seamonkey-nspr-1.0.9-0.16.el3.centos3\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"seamonkey-nspr-devel-1.0.9-0.16.el3.centos3\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"seamonkey-nss-1.0.9-0.16.el3.centos3\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"seamonkey-nss-devel-1.0.9-0.16.el3.centos3\")) flag++;\n\nif (rpm_check(release:\"CentOS-4\", reference:\"seamonkey-1.0.9-15.el4.centos\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"seamonkey-chat-1.0.9-15.el4.centos\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"seamonkey-devel-1.0.9-15.el4.centos\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"seamonkey-dom-inspector-1.0.9-15.el4.centos\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"seamonkey-js-debugger-1.0.9-15.el4.centos\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"seamonkey-mail-1.0.9-15.el4.centos\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"seamonkey-nspr-1.0.9-15.el4.centos\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"seamonkey-nspr-devel-1.0.9-15.el4.centos\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"seamonkey-nss-1.0.9-15.el4.centos\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"seamonkey-nss-devel-1.0.9-15.el4.centos\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:08:19", "bulletinFamily": "scanner", "description": "# This shares a lot of text with dsa-1532.wml, dsa-1534.wml,\ndsa-1535.wml\n\nSeveral remote vulnerabilities have been discovered in the Icedove\nmail client, an unbranded version of the Thunderbird client. The\nCommon Vulnerabilities and Exposures project identifies the following\nproblems :\n\n - CVE-2008-1233\n 'moz_bug_r_a4' discovered that variants of CVE-2007-3738\n and CVE-2007-5338 allow the execution of arbitrary code\n through XPCNativeWrapper.\n\n - CVE-2008-1234\n 'moz_bug_r_a4' discovered that insecure handling of\n event handlers could lead to cross-site scripting.\n\n - CVE-2008-1235\n Boris Zbarsky, Johnny Stenback and 'moz_bug_r_a4'\n discovered that incorrect principal handling could lead\n to cross-site scripting and the execution of arbitrary\n code.\n\n - CVE-2008-1236\n Tom Ferris, Seth Spitzer, Martin Wargers, John Daggett\n and Mats Palmgren discovered crashes in the layout\n engine, which might allow the execution of arbitrary\n code.\n\n - CVE-2008-1237\n 'georgi', 'tgirmann' and Igor Bukanov discovered crashes\n in the JavaScript engine, which might allow the\n execution of arbitrary code.", "modified": "2018-11-28T00:00:00", "published": "2008-05-13T00:00:00", "id": "DEBIAN_DSA-1574.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=32308", "title": "Debian DSA-1574-1 : icedove - several vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1574. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(32308);\n script_version(\"1.17\");\n script_cvs_date(\"Date: 2018/11/28 22:47:41\");\n\n script_cve_id(\"CVE-2008-1233\", \"CVE-2008-1234\", \"CVE-2008-1235\", \"CVE-2008-1236\", \"CVE-2008-1237\");\n script_bugtraq_id(28448);\n script_xref(name:\"DSA\", value:\"1574\");\n\n script_name(english:\"Debian DSA-1574-1 : icedove - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"# This shares a lot of text with dsa-1532.wml, dsa-1534.wml,\ndsa-1535.wml\n\nSeveral remote vulnerabilities have been discovered in the Icedove\nmail client, an unbranded version of the Thunderbird client. The\nCommon Vulnerabilities and Exposures project identifies the following\nproblems :\n\n - CVE-2008-1233\n 'moz_bug_r_a4' discovered that variants of CVE-2007-3738\n and CVE-2007-5338 allow the execution of arbitrary code\n through XPCNativeWrapper.\n\n - CVE-2008-1234\n 'moz_bug_r_a4' discovered that insecure handling of\n event handlers could lead to cross-site scripting.\n\n - CVE-2008-1235\n Boris Zbarsky, Johnny Stenback and 'moz_bug_r_a4'\n discovered that incorrect principal handling could lead\n to cross-site scripting and the execution of arbitrary\n code.\n\n - CVE-2008-1236\n Tom Ferris, Seth Spitzer, Martin Wargers, John Daggett\n and Mats Palmgren discovered crashes in the layout\n engine, which might allow the execution of arbitrary\n code.\n\n - CVE-2008-1237\n 'georgi', 'tgirmann' and Igor Bukanov discovered crashes\n in the JavaScript engine, which might allow the\n execution of arbitrary code.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-1233\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2007-3738\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2007-5338\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-1234\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-1235\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-1236\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-1237\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2008/dsa-1574\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the icedove packages.\n\nFor the stable distribution (etch), these problems have been fixed in\nversion 1.5.0.13+1.5.0.15b.dfsg1+prepatch080417a-0etch1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(79, 94, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:4.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/05/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/05/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"4.0\", prefix:\"icedove\", reference:\"1.5.0.13+1.5.0.15b.dfsg1+prepatch080417a-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"icedove-dbg\", reference:\"1.5.0.13+1.5.0.15b.dfsg1+prepatch080417a-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"icedove-dev\", reference:\"1.5.0.13+1.5.0.15b.dfsg1+prepatch080417a-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"icedove-gnome-support\", reference:\"1.5.0.13+1.5.0.15b.dfsg1+prepatch080417a-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"icedove-inspector\", reference:\"1.5.0.13+1.5.0.15b.dfsg1+prepatch080417a-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"icedove-typeaheadfind\", reference:\"1.5.0.13+1.5.0.15b.dfsg1+prepatch080417a-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"mozilla-thunderbird\", reference:\"1.5.0.13+1.5.0.15b.dfsg1+prepatch080417a-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"mozilla-thunderbird-dev\", reference:\"1.5.0.13+1.5.0.15b.dfsg1+prepatch080417a-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"mozilla-thunderbird-inspector\", reference:\"1.5.0.13+1.5.0.15b.dfsg1+prepatch080417a-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"mozilla-thunderbird-typeaheadfind\", reference:\"1.5.0.13+1.5.0.15b.dfsg1+prepatch080417a-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"thunderbird\", reference:\"1.5.0.13+1.5.0.15b.dfsg1+prepatch080417a-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"thunderbird-dbg\", reference:\"1.5.0.13+1.5.0.15b.dfsg1+prepatch080417a-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"thunderbird-dev\", reference:\"1.5.0.13+1.5.0.15b.dfsg1+prepatch080417a-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"thunderbird-gnome-support\", reference:\"1.5.0.13+1.5.0.15b.dfsg1+prepatch080417a-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"thunderbird-inspector\", reference:\"1.5.0.13+1.5.0.15b.dfsg1+prepatch080417a-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"thunderbird-typeaheadfind\", reference:\"1.5.0.13+1.5.0.15b.dfsg1+prepatch080417a-0etch1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:08:15", "bulletinFamily": "scanner", "description": "Updated thunderbird packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 4 and 5.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the processing of some malformed HTML mail\ncontent. An HTML mail message containing such malicious content could\ncause Thunderbird to crash or, potentially, execute arbitrary code as\nthe user running Thunderbird. (CVE-2008-1233, CVE-2008-1235,\nCVE-2008-1236, CVE-2008-1237)\n\nSeveral flaws were found in the display of malformed web content. An\nHTML mail message containing specially crafted content could,\npotentially, trick a user into surrendering sensitive information.\n(CVE-2008-1234, CVE-2008-1238, CVE-2008-1241)\n\nNote: JavaScript support is disabled by default in Thunderbird; the\nabove issues are not exploitable unless JavaScript is enabled.\n\nAll Thunderbird users should upgrade to these updated packages, which\ncontain backported patches to resolve these issues.", "modified": "2018-11-28T00:00:00", "published": "2008-04-17T00:00:00", "id": "CENTOS_RHSA-2008-0209.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=31946", "title": "CentOS 4 / 5 : thunderbird (CESA-2008:0209)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2008:0209 and \n# CentOS Errata and Security Advisory 2008:0209 respectively.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(31946);\n script_version(\"1.17\");\n script_cvs_date(\"Date: 2018/11/28 22:47:41\");\n\n script_cve_id(\"CVE-2008-1233\", \"CVE-2008-1234\", \"CVE-2008-1235\", \"CVE-2008-1236\", \"CVE-2008-1237\", \"CVE-2008-1238\", \"CVE-2008-1241\");\n script_bugtraq_id(28448);\n script_xref(name:\"RHSA\", value:\"2008:0209\");\n\n script_name(english:\"CentOS 4 / 5 : thunderbird (CESA-2008:0209)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated thunderbird packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 4 and 5.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the processing of some malformed HTML mail\ncontent. An HTML mail message containing such malicious content could\ncause Thunderbird to crash or, potentially, execute arbitrary code as\nthe user running Thunderbird. (CVE-2008-1233, CVE-2008-1235,\nCVE-2008-1236, CVE-2008-1237)\n\nSeveral flaws were found in the display of malformed web content. An\nHTML mail message containing specially crafted content could,\npotentially, trick a user into surrendering sensitive information.\n(CVE-2008-1234, CVE-2008-1238, CVE-2008-1241)\n\nNote: JavaScript support is disabled by default in Thunderbird; the\nabove issues are not exploitable unless JavaScript is enabled.\n\nAll Thunderbird users should upgrade to these updated packages, which\ncontain backported patches to resolve these issues.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2008-April/014801.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?32391eb1\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2008-April/014802.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0b48cbb9\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2008-April/014807.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?44768f91\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2008-April/014808.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1653d2fd\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2008-April/014816.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?239e66bd\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected thunderbird package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(59, 79, 94, 287, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/04/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/04/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-4\", reference:\"thunderbird-1.5.0.12-10.el4.centos\")) flag++;\n\nif (rpm_check(release:\"CentOS-5\", reference:\"thunderbird-1.5.0.12-11.el5.centos\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:08:13", "bulletinFamily": "scanner", "description": "# This shares a lot of text with dsa-1532.wml, dsa-1535.wml,\ndsa-1574.wml\n\nSeveral remote vulnerabilities have been discovered in the Iceape\ninternet suite, an unbranded version of the SeaMonkey Internet Suite.\nThe Common Vulnerabilities and Exposures project identifies the\nfollowing problems :\n\n - CVE-2007-4879\n Peter Brodersen and Alexander Klink discovered that the\n autoselection of SSL client certificates could lead to\n users being tracked, resulting in a loss of privacy.\n\n - CVE-2008-1233\n 'moz_bug_r_a4' discovered that variants of CVE-2007-3738\n and CVE-2007-5338 allow the execution of arbitrary code\n through XPCNativeWrapper.\n\n - CVE-2008-1234\n 'moz_bug_r_a4' discovered that insecure handling of\n event handlers could lead to cross-site scripting.\n\n - CVE-2008-1235\n Boris Zbarsky, Johnny Stenback and 'moz_bug_r_a4'\n discovered that incorrect principal handling could lead\n to cross-site scripting and the execution of arbitrary\n code.\n\n - CVE-2008-1236\n Tom Ferris, Seth Spitzer, Martin Wargers, John Daggett\n and Mats Palmgren discovered crashes in the layout\n engine, which might allow the execution of arbitrary\n code.\n\n - CVE-2008-1237\n 'georgi', 'tgirmann' and Igor Bukanov discovered crashes\n in the JavaScript engine, which might allow the\n execution of arbitrary code.\n\n - CVE-2008-1238\n Gregory Fleischer discovered that HTTP Referrer headers\n were handled incorrectly in combination with URLs\n containing Basic Authentication credentials with empty\n usernames, resulting in potential Cross-Site Request\n Forgery attacks.\n\n - CVE-2008-1240\n Gregory Fleischer discovered that web content fetched\n through the jar: protocol can use Java to connect to\n arbitrary ports. This is only an issue in combination\n with the non-free Java plugin.\n\n - CVE-2008-1241\n Chris Thomas discovered that background tabs could\n generate XUL popups overlaying the current tab,\n resulting in potential spoofing attacks.\n\nThe Mozilla products from the old stable distribution (sarge) are no\nlonger supported.", "modified": "2018-11-10T00:00:00", "published": "2008-03-31T00:00:00", "id": "DEBIAN_DSA-1534.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=31711", "title": "Debian DSA-1534-1 : iceape - several vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1534. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(31711);\n script_version(\"1.19\");\n script_cvs_date(\"Date: 2018/11/10 11:49:33\");\n\n script_cve_id(\"CVE-2007-4879\", \"CVE-2008-1233\", \"CVE-2008-1234\", \"CVE-2008-1235\", \"CVE-2008-1236\", \"CVE-2008-1237\", \"CVE-2008-1238\", \"CVE-2008-1240\", \"CVE-2008-1241\");\n script_xref(name:\"DSA\", value:\"1534\");\n\n script_name(english:\"Debian DSA-1534-1 : iceape - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"# This shares a lot of text with dsa-1532.wml, dsa-1535.wml,\ndsa-1574.wml\n\nSeveral remote vulnerabilities have been discovered in the Iceape\ninternet suite, an unbranded version of the SeaMonkey Internet Suite.\nThe Common Vulnerabilities and Exposures project identifies the\nfollowing problems :\n\n - CVE-2007-4879\n Peter Brodersen and Alexander Klink discovered that the\n autoselection of SSL client certificates could lead to\n users being tracked, resulting in a loss of privacy.\n\n - CVE-2008-1233\n 'moz_bug_r_a4' discovered that variants of CVE-2007-3738\n and CVE-2007-5338 allow the execution of arbitrary code\n through XPCNativeWrapper.\n\n - CVE-2008-1234\n 'moz_bug_r_a4' discovered that insecure handling of\n event handlers could lead to cross-site scripting.\n\n - CVE-2008-1235\n Boris Zbarsky, Johnny Stenback and 'moz_bug_r_a4'\n discovered that incorrect principal handling could lead\n to cross-site scripting and the execution of arbitrary\n code.\n\n - CVE-2008-1236\n Tom Ferris, Seth Spitzer, Martin Wargers, John Daggett\n and Mats Palmgren discovered crashes in the layout\n engine, which might allow the execution of arbitrary\n code.\n\n - CVE-2008-1237\n 'georgi', 'tgirmann' and Igor Bukanov discovered crashes\n in the JavaScript engine, which might allow the\n execution of arbitrary code.\n\n - CVE-2008-1238\n Gregory Fleischer discovered that HTTP Referrer headers\n were handled incorrectly in combination with URLs\n containing Basic Authentication credentials with empty\n usernames, resulting in potential Cross-Site Request\n Forgery attacks.\n\n - CVE-2008-1240\n Gregory Fleischer discovered that web content fetched\n through the jar: protocol can use Java to connect to\n arbitrary ports. This is only an issue in combination\n with the non-free Java plugin.\n\n - CVE-2008-1241\n Chris Thomas discovered that background tabs could\n generate XUL popups overlaying the current tab,\n resulting in potential spoofing attacks.\n\nThe Mozilla products from the old stable distribution (sarge) are no\nlonger supported.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2007-4879\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-1233\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2007-3738\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2007-5338\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-1234\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-1235\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-1236\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-1237\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-1238\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-1240\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-1241\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2008/dsa-1534\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the iceape packages.\n\nFor the stable distribution (etch), these problems have been fixed in\nversion 1.0.13~pre080323b-0etch1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(59, 79, 94, 287, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceape\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:4.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/03/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/03/31\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"4.0\", prefix:\"iceape\", reference:\"1.0.13~pre080323b-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"iceape-browser\", reference:\"1.0.13~pre080323b-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"iceape-calendar\", reference:\"1.0.13~pre080323b-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"iceape-chatzilla\", reference:\"1.0.13~pre080323b-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"iceape-dbg\", reference:\"1.0.13~pre080323b-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"iceape-dev\", reference:\"1.0.13~pre080323b-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"iceape-dom-inspector\", reference:\"1.0.13~pre080323b-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"iceape-gnome-support\", reference:\"1.0.13~pre080323b-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"iceape-mailnews\", reference:\"1.0.13~pre080323b-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"mozilla\", reference:\"1.8+1.0.13~pre080323b-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"mozilla-browser\", reference:\"1.8+1.0.13~pre080323b-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"mozilla-calendar\", reference:\"1.8+1.0.13~pre080323b-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"mozilla-chatzilla\", reference:\"1.8+1.0.13~pre080323b-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"mozilla-dev\", reference:\"1.8+1.0.13~pre080323b-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"mozilla-dom-inspector\", reference:\"1.8+1.0.13~pre080323b-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"mozilla-js-debugger\", reference:\"1.8+1.0.13~pre080323b-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"mozilla-mailnews\", reference:\"1.8+1.0.13~pre080323b-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"mozilla-psm\", reference:\"1.8+1.0.13~pre080323b-0etch1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:08:13", "bulletinFamily": "scanner", "description": "The Mozilla Foundation reports of multiple security issues in Firefox,\nSeaMonkey, and Thunderbird. Several of these issues can probably be\nused to run arbitrary code with the privilege of the user running the\nprogram.\n\n- MFSA 2008-19 XUL popup spoofing variant (cross-tab popups)\n\n- MFSA 2008-18 Java socket connection to any local port via\nLiveConnect\n\n- MFSA 2008-17 Privacy issue with SSL Client Authentication\n\n- MFSA 2008-16 HTTP Referrer spoofing with malformed URLs\n\n- MFSA 2008-15 Crashes with evidence of memory corruption\n(rv:1.8.1.13)\n\n- MFSA 2008-14 JavaScript privilege escalation and arbitrary code\nexecution", "modified": "2018-12-05T00:00:00", "published": "2008-03-31T00:00:00", "id": "FREEBSD_PKG_12B336C6FE3611DCB09C001C2514716C.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=31714", "title": "FreeBSD : mozilla -- multiple vulnerabilities (12b336c6-fe36-11dc-b09c-001c2514716c)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(31714);\n script_version(\"1.21\");\n script_cvs_date(\"Date: 2018/12/05 20:31:22\");\n\n script_cve_id(\"CVE-2007-4879\", \"CVE-2008-1233\", \"CVE-2008-1234\", \"CVE-2008-1235\", \"CVE-2008-1236\", \"CVE-2008-1237\", \"CVE-2008-1238\", \"CVE-2008-1240\", \"CVE-2008-1241\");\n script_bugtraq_id(28448);\n\n script_name(english:\"FreeBSD : mozilla -- multiple vulnerabilities (12b336c6-fe36-11dc-b09c-001c2514716c)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Mozilla Foundation reports of multiple security issues in Firefox,\nSeaMonkey, and Thunderbird. Several of these issues can probably be\nused to run arbitrary code with the privilege of the user running the\nprogram.\n\n- MFSA 2008-19 XUL popup spoofing variant (cross-tab popups)\n\n- MFSA 2008-18 Java socket connection to any local port via\nLiveConnect\n\n- MFSA 2008-17 Privacy issue with SSL Client Authentication\n\n- MFSA 2008-16 HTTP Referrer spoofing with malformed URLs\n\n- MFSA 2008-15 Crashes with evidence of memory corruption\n(rv:1.8.1.13)\n\n- MFSA 2008-14 JavaScript privilege escalation and arbitrary code\nexecution\"\n );\n # https://vuxml.freebsd.org/freebsd/12b336c6-fe36-11dc-b09c-001c2514716c.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?fe5374e1\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(59, 79, 94, 287, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:flock\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-firefox-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-flock\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-seamonkey\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-seamonkey-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:seamonkey\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/03/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/03/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/03/31\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"firefox<2.0.0.13,1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"linux-firefox<2.0.0.13\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"linux-firefox-devel<2.0.0.13\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"seamonkey<1.1.9\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"linux-seamonkey<1.1.9\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"flock<1.1.1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"linux-flock<1.1.1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"linux-seamonkey-devel>0\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"thunderbird<2.0.0.14\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"linux-thunderbird<2.0.0.14\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:08:12", "bulletinFamily": "scanner", "description": "Mozilla Firefox is an open source Web browser. Several flaws were\nfound in the processing of some malformed web content. A web page\ncontaining such malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code as the user running Firefox.\n(CVE-2008-1233, CVE-2008-1235, CVE-2008-1236, CVE-2008-1237) Several\nflaws were found in the display of malformed web content. A web page\ncontaining specially crafted content could, potentially, trick a\nFirefox user into surrendering sensitive information. (CVE-2008-1234,\nCVE-2008-1238, CVE-2008-1241) All Firefox users should upgrade to\nthese updated packages, which correct these issues, and are rebuilt\nagainst the update Firefox packages.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2018-11-28T00:00:00", "published": "2008-03-28T00:00:00", "id": "FEDORA_2008-2662.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=31689", "title": "Fedora 7 : Miro-1.1.2-2.fc7 / chmsee-1.0.0-1.30.fc7 / devhelp-0.13-15.fc7 / epiphany-2.18.3-8.fc7 / etc (2008-2662)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2008-2662.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(31689);\n script_version (\"1.19\");\n script_cvs_date(\"Date: 2018/11/28 22:47:42\");\n\n script_cve_id(\"CVE-2008-1233\", \"CVE-2008-1234\", \"CVE-2008-1235\", \"CVE-2008-1236\", \"CVE-2008-1237\", \"CVE-2008-1238\", \"CVE-2008-1241\");\n script_bugtraq_id(28448);\n script_xref(name:\"FEDORA\", value:\"2008-2662\");\n\n script_name(english:\"Fedora 7 : Miro-1.1.2-2.fc7 / chmsee-1.0.0-1.30.fc7 / devhelp-0.13-15.fc7 / epiphany-2.18.3-8.fc7 / etc (2008-2662)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Mozilla Firefox is an open source Web browser. Several flaws were\nfound in the processing of some malformed web content. A web page\ncontaining such malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code as the user running Firefox.\n(CVE-2008-1233, CVE-2008-1235, CVE-2008-1236, CVE-2008-1237) Several\nflaws were found in the display of malformed web content. A web page\ncontaining specially crafted content could, potentially, trick a\nFirefox user into surrendering sensitive information. (CVE-2008-1234,\nCVE-2008-1238, CVE-2008-1241) All Firefox users should upgrade to\nthese updated packages, which correct these issues, and are rebuilt\nagainst the update Firefox packages.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=438713\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=438715\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=438717\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=438718\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=438721\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=438724\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=438730\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-March/008891.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a60985bb\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-March/008892.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e698c52e\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-March/008893.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a347b664\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-March/008894.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1a11951d\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-March/008895.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8e659ac4\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-March/008896.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?fef4a278\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-March/008897.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?fa8742b5\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-March/008898.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?907312be\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-March/008899.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a43e3f49\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-March/008900.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?afdb0626\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-March/008901.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ef43dad0\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-March/008902.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?30c744a4\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-March/008903.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4afe99c2\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-March/008904.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?9269017c\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(59, 79, 94, 287, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:Miro\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:chmsee\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:devhelp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:epiphany\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:epiphany-extensions\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:galeon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:gnome-python2-extras\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:gtkmozembedmm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kazehakase\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:liferea\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:openvrml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:ruby-gnome2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:yelp\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:7\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/03/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/03/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 7.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC7\", reference:\"Miro-1.1.2-2.fc7\")) flag++;\nif (rpm_check(release:\"FC7\", reference:\"chmsee-1.0.0-1.30.fc7\")) flag++;\nif (rpm_check(release:\"FC7\", reference:\"devhelp-0.13-15.fc7\")) flag++;\nif (rpm_check(release:\"FC7\", reference:\"epiphany-2.18.3-8.fc7\")) flag++;\nif (rpm_check(release:\"FC7\", reference:\"epiphany-extensions-2.18.3-8\")) flag++;\nif (rpm_check(release:\"FC7\", reference:\"firefox-2.0.0.13-1.fc7\")) flag++;\nif (rpm_check(release:\"FC7\", reference:\"galeon-2.0.3-16.fc7\")) flag++;\nif (rpm_check(release:\"FC7\", reference:\"gnome-python2-extras-2.14.3-9.fc7\")) flag++;\nif (rpm_check(release:\"FC7\", reference:\"gtkmozembedmm-1.4.2.cvs20060817-16.fc7\")) flag++;\nif (rpm_check(release:\"FC7\", reference:\"kazehakase-0.5.3-5.fc7\")) flag++;\nif (rpm_check(release:\"FC7\", reference:\"liferea-1.4.13-2.fc7\")) flag++;\nif (rpm_check(release:\"FC7\", reference:\"openvrml-0.16.7-4.fc7\")) flag++;\nif (rpm_check(release:\"FC7\", reference:\"ruby-gnome2-0.16.0-22.fc7\")) flag++;\nif (rpm_check(release:\"FC7\", reference:\"yelp-2.18.1-10.fc7\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Miro / chmsee / devhelp / epiphany / epiphany-extensions / firefox / etc\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:08:18", "bulletinFamily": "scanner", "description": "The installed version of Thunderbird is affected by various security\nissues :\n\n - A series of vulnerabilities exist that allow for\n JavaScript privilege escalation and arbitrary code\n execution.\n\n - Several stability bugs exist leading to crashes which,\n in some cases, show traces of memory corruption.", "modified": "2018-08-10T00:00:00", "published": "2008-05-06T00:00:00", "id": "MOZILLA_THUNDERBIRD_20014.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=32134", "title": "Mozilla Thunderbird < 2.0.0.14 Multiple Vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\n\nif (description)\n{\n script_id(32134);\n script_version(\"1.13\");\n\n script_cve_id(\"CVE-2008-1233\", \"CVE-2008-1234\", \"CVE-2008-1235\",\n \"CVE-2008-1236\", \"CVE-2008-1237\");\n\n script_name(english:\"Mozilla Thunderbird < 2.0.0.14 Multiple Vulnerabilities\");\n script_summary(english:\"Checks version of Thunderbird\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host contains a mail client that is affected by\nmultiple vulnerabilities.\" );\n script_set_attribute(attribute:\"description\", value:\n\"The installed version of Thunderbird is affected by various security\nissues :\n\n - A series of vulnerabilities exist that allow for\n JavaScript privilege escalation and arbitrary code\n execution.\n\n - Several stability bugs exist leading to crashes which,\n in some cases, show traces of memory corruption.\");\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2008-14/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2008-15/\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Upgrade to Mozilla Thunderbird 2.0.0.14 or later.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(79, 94, 399);\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2008/05/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value: \"2008/03/25\");\n\n script_cvs_date(\"Date: 2018/08/10 18:07:08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:thunderbird\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n script_copyright(english:\"This script is Copyright (C) 2008-2018 Tenable Network Security, Inc.\");\n script_dependencies(\"mozilla_org_installed.nasl\");\n script_require_keys(\"Mozilla/Thunderbird/Version\");\n exit(0);\n}\n\ninclude(\"mozilla_version.inc\");\nport = get_kb_item_or_exit(\"SMB/transport\");\n\ninstalls = get_kb_list(\"SMB/Mozilla/Thunderbird/*\");\nif (isnull(installs)) audit(AUDIT_NOT_INST, \"Thunderbird\");\n\nmozilla_check_version(installs:installs, product:'thunderbird', esr:FALSE, fix:'2.0.0.14', severity:SECURITY_HOLE);\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:08:18", "bulletinFamily": "scanner", "description": "Various flaws were discovered in the JavaScript engine. If a user had\nJavaScript enabled and were tricked into opening a malicious email, an\nattacker could escalate privileges within Thunderbird, perform\ncross-site scripting attacks and/or execute arbitrary code with the\nuser's privileges. (CVE-2008-1233, CVE-2008-1234, CVE-2008-1235)\n\nSeveral problems were discovered in Thunderbird which could lead to\ncrashes and memory corruption. If a user had JavaScript enabled and\nwere tricked into opening a malicious email, an attacker may be able\nto execute arbitrary code with the user's privileges. (CVE-2008-1236,\nCVE-2008-1237).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2018-11-28T00:00:00", "published": "2008-05-09T00:00:00", "id": "UBUNTU_USN-605-1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=32185", "title": "Ubuntu 6.06 LTS / 7.04 / 7.10 / 8.04 LTS : mozilla-thunderbird, thunderbird vulnerabilities (USN-605-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-605-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(32185);\n script_version(\"1.15\");\n script_cvs_date(\"Date: 2018/11/28 11:42:05\");\n\n script_cve_id(\"CVE-2008-1233\", \"CVE-2008-1234\", \"CVE-2008-1235\", \"CVE-2008-1236\", \"CVE-2008-1237\");\n script_xref(name:\"USN\", value:\"605-1\");\n\n script_name(english:\"Ubuntu 6.06 LTS / 7.04 / 7.10 / 8.04 LTS : mozilla-thunderbird, thunderbird vulnerabilities (USN-605-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Various flaws were discovered in the JavaScript engine. If a user had\nJavaScript enabled and were tricked into opening a malicious email, an\nattacker could escalate privileges within Thunderbird, perform\ncross-site scripting attacks and/or execute arbitrary code with the\nuser's privileges. (CVE-2008-1233, CVE-2008-1234, CVE-2008-1235)\n\nSeveral problems were discovered in Thunderbird which could lead to\ncrashes and memory corruption. If a user had JavaScript enabled and\nwere tricked into opening a malicious email, an attacker may be able\nto execute arbitrary code with the user's privileges. (CVE-2008-1236,\nCVE-2008-1237).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/605-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(79, 94, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mozilla-thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mozilla-thunderbird-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mozilla-thunderbird-inspector\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mozilla-thunderbird-typeaheadfind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-gnome-support\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:6.06:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:7.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:7.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.04:-:lts\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/05/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/05/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2008-2018 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(6\\.06|7\\.04|7\\.10|8\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 6.06 / 7.04 / 7.10 / 8.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"6.06\", pkgname:\"mozilla-thunderbird\", pkgver:\"1.5.0.13+1.5.0.15~prepatch080417a-0ubuntu0.6.06.1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"mozilla-thunderbird-dev\", pkgver:\"1.5.0.13+1.5.0.15~prepatch080417a-0ubuntu0.6.06.1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"mozilla-thunderbird-inspector\", pkgver:\"1.5.0.13+1.5.0.15~prepatch080417a-0ubuntu0.6.06.1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"mozilla-thunderbird-typeaheadfind\", pkgver:\"1.5.0.13+1.5.0.15~prepatch080417a-0ubuntu0.6.06.1\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"mozilla-thunderbird\", pkgver:\"1.5.0.13+1.5.0.15~prepatch080417a-0ubuntu0.7.04.1\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"mozilla-thunderbird-dev\", pkgver:\"1.5.0.13+1.5.0.15~prepatch080417a-0ubuntu0.7.04.1\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"mozilla-thunderbird-inspector\", pkgver:\"1.5.0.13+1.5.0.15~prepatch080417a-0ubuntu0.7.04.1\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"mozilla-thunderbird-typeaheadfind\", pkgver:\"1.5.0.13+1.5.0.15~prepatch080417a-0ubuntu0.7.04.1\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"mozilla-thunderbird\", pkgver:\"2.0.0.14+nobinonly-0ubuntu0.7.10.0\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"mozilla-thunderbird-dev\", pkgver:\"2.0.0.14+nobinonly-0ubuntu0.7.10.0\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"thunderbird\", pkgver:\"2.0.0.14+nobinonly-0ubuntu0.7.10.0\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"thunderbird-dev\", pkgver:\"2.0.0.14+nobinonly-0ubuntu0.7.10.0\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"thunderbird-gnome-support\", pkgver:\"2.0.0.14+nobinonly-0ubuntu0.7.10.0\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"mozilla-thunderbird\", pkgver:\"2.0.0.14+nobinonly-0ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"mozilla-thunderbird-dev\", pkgver:\"2.0.0.14+nobinonly-0ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"thunderbird\", pkgver:\"2.0.0.14+nobinonly-0ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"thunderbird-dev\", pkgver:\"2.0.0.14+nobinonly-0ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"thunderbird-gnome-support\", pkgver:\"2.0.0.14+nobinonly-0ubuntu0.8.04.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mozilla-thunderbird / mozilla-thunderbird-dev / etc\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "oraclelinux": [{"lastseen": "2018-08-31T01:47:31", "bulletinFamily": "unix", "description": "[1.0.9-15.el4.0.1]\n- Add mozilla-oracle-default-bookmarks.html, mozilla-oracle-default-prefs.js,\n and mozilla-home-page.patch with Oracle default URLs\n[1.0.9-15.el4]\n- Fix SMTP regression\n[1.0.9-14.el4]\n- Don't deny for native wrappers in an XBL Binding\n[1.0.9-13.el4]\n- Fix assertions in script\n[1.0.9-12.el4]\n- Update to latest snapshot of Mozilla 1.8.0 branch\n- Add patches for backported fixes from 1.8.1.13\n[1.0.9-11.el4]\n- Added workaround for #238893\n- added fix for #207480 - Seamonkey 'Update Notifications' \n incorrectly enabled by default\n[1.0.9-10.el4]\n- Updated patch for mozbz#413250", "modified": "2008-03-28T00:00:00", "published": "2008-03-28T00:00:00", "id": "ELSA-2008-0208", "href": "http://linux.oracle.com/errata/ELSA-2008-0208.html", "title": "seamonkey security update", "type": "oraclelinux", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T01:43:22", "bulletinFamily": "unix", "description": "[1.5.0.12-14.0.1]\n- Add firefox-oracle-default-bookmarks.html and firefox-oracle-default-prefs.js\n[1.5.0.12-14]\n- Fix assertions from script\n[1.5.0.12-13]\n- Ensure wrappers are properly disposed of\n[1.5.0.12-12]\n- Update to latest snapshot of Mozilla 1.8.0 branch\n- Add patches for backported fixes from 1.8.1.13", "modified": "2008-03-27T00:00:00", "published": "2008-03-27T00:00:00", "id": "ELSA-2008-0207", "href": "http://linux.oracle.com/errata/ELSA-2008-0207.html", "title": "firefox security update", "type": "oraclelinux", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T01:46:47", "bulletinFamily": "unix", "description": "[1.5.0.12-10.el4.0.1]\n- Add thunderbird-oracle-default-prefs.js for errata rebuild\n[1.5.0.12-10]\n- Regression fixes\n[1.5.0.12-9]\n- Update to latest snapshot of Mozilla 1.8.0 branch\n- Add patches for backported fixes from 1.8.1.13", "modified": "2008-04-03T00:00:00", "published": "2008-04-03T00:00:00", "id": "ELSA-2008-0209", "href": "http://linux.oracle.com/errata/ELSA-2008-0209.html", "title": "thunderbird security update", "type": "oraclelinux", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "openvas": [{"lastseen": "2017-07-25T10:56:15", "bulletinFamily": "scanner", "description": "Check for the Version of openvrml", "modified": "2017-07-10T00:00:00", "published": "2009-02-16T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=860768", "id": "OPENVAS:860768", "title": "Fedora Update for openvrml FEDORA-2008-2682", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for openvrml FEDORA-2008-2682\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"openvrml on Fedora 8\";\ntag_insight = \"OpenVRML is a VRML/X3D support library, including a runtime and facilities\n for reading and displaying VRML and X3D models.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00588.html\");\n script_id(860768);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-16 16:22:52 +0100 (Mon, 16 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2008-2682\");\n script_cve_id(\"CVE-2008-1233\", \"CVE-2008-1235\", \"CVE-2008-1236\", \"CVE-2008-1237\", \"CVE-2008-1234\", \"CVE-2008-1238\", \"CVE-2008-1241\");\n script_name( \"Fedora Update for openvrml FEDORA-2008-2682\");\n\n script_summary(\"Check for the Version of openvrml\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC8\")\n{\n\n if ((res = isrpmvuln(pkg:\"openvrml\", rpm:\"openvrml~0.17.5~4.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:56:41", "bulletinFamily": "scanner", "description": "Check for the Version of yelp", "modified": "2017-07-10T00:00:00", "published": "2009-02-16T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=860490", "id": "OPENVAS:860490", "title": "Fedora Update for yelp FEDORA-2008-2662", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for yelp FEDORA-2008-2662\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"yelp on Fedora 7\";\ntag_insight = \"Yelp is the Gnome 2 help/documentation browser. It is designed\n to help you browse all the documentation on your system in\n one central tool.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00565.html\");\n script_id(860490);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-16 16:22:52 +0100 (Mon, 16 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2008-2662\");\n script_cve_id(\"CVE-2008-1233\", \"CVE-2008-1235\", \"CVE-2008-1236\", \"CVE-2008-1237\", \"CVE-2008-1234\", \"CVE-2008-1238\", \"CVE-2008-1241\");\n script_name( \"Fedora Update for yelp FEDORA-2008-2662\");\n\n script_summary(\"Check for the Version of yelp\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC7\")\n{\n\n if ((res = isrpmvuln(pkg:\"yelp\", rpm:\"yelp~2.18.1~10.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:41:14", "bulletinFamily": "scanner", "description": "Check for the Version of thunderbird", "modified": "2018-04-06T00:00:00", "published": "2009-02-27T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880287", "id": "OPENVAS:1361412562310880287", "title": "CentOS Update for thunderbird CESA-2008:0209 centos4 x86_64", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for thunderbird CESA-2008:0209 centos4 x86_64\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Mozilla Thunderbird is a standalone mail and newsgroup client.\n\n Several flaws were found in the processing of some malformed HTML mail\n content. An HTML mail message containing such malicious content could cause\n Thunderbird to crash or, potentially, execute arbitrary code as the user\n running Thunderbird. (CVE-2008-1233, CVE-2008-1235, CVE-2008-1236,\n CVE-2008-1237)\n \n Several flaws were found in the display of malformed web content. An HTML\n mail message containing specially-crafted content could, potentially, trick\n a user into surrendering sensitive information. (CVE-2008-1234,\n CVE-2008-1238, CVE-2008-1241)\n \n Note: JavaScript support is disabled by default in Thunderbird; the above\n issues are not exploitable unless JavaScript is enabled.\n \n All Thunderbird users should upgrade to these updated packages, which\n contain backported patches to resolve these issues.\";\n\ntag_affected = \"thunderbird on CentOS 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2008-April/014808.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880287\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 09:02:20 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2008:0209\");\n script_cve_id(\"CVE-2008-1233\", \"CVE-2008-1234\", \"CVE-2008-1235\", \"CVE-2008-1236\", \"CVE-2008-1237\", \"CVE-2008-1238\", \"CVE-2008-1241\");\n script_name( \"CentOS Update for thunderbird CESA-2008:0209 centos4 x86_64\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of thunderbird\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"thunderbird\", rpm:\"thunderbird~1.5.0.12~10.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:39:02", "bulletinFamily": "scanner", "description": "Check for the Version of seamonkey", "modified": "2018-04-06T00:00:00", "published": "2009-02-27T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880112", "id": "OPENVAS:1361412562310880112", "title": "CentOS Update for seamonkey CESA-2008:0208 centos3 x86_64", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for seamonkey CESA-2008:0208 centos3 x86_64\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"SeaMonkey is an open source Web browser, advanced email and newsgroup\n client, IRC chat client, and HTML editor.\n\n Several flaws were found in the processing of some malformed web content. A\n web page containing such malicious content could cause SeaMonkey to crash\n or, potentially, execute arbitrary code as the user running SeaMonkey.\n (CVE-2008-1233, CVE-2008-1235, CVE-2008-1236, CVE-2008-1237)\n \n Several flaws were found in the display of malformed web content. A web\n page containing specially-crafted content could, potentially, trick a\n SeaMonkey user into surrendering sensitive information. (CVE-2008-1234,\n CVE-2008-1238, CVE-2008-1241)\n \n All SeaMonkey users should upgrade to these updated packages, which contain\n backported patches to resolve these issues.\";\n\ntag_affected = \"seamonkey on CentOS 3\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2008-March/014786.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880112\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 09:02:20 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2008:0208\");\n script_cve_id(\"CVE-2008-1233\", \"CVE-2008-1234\", \"CVE-2008-1235\", \"CVE-2008-1236\", \"CVE-2008-1237\", \"CVE-2008-1238\", \"CVE-2008-1241\");\n script_name( \"CentOS Update for seamonkey CESA-2008:0208 centos3 x86_64\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of seamonkey\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS3\")\n{\n\n if ((res = isrpmvuln(pkg:\"seamonkey\", rpm:\"seamonkey~1.0.9~0.16.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-chat\", rpm:\"seamonkey-chat~1.0.9~0.16.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-devel\", rpm:\"seamonkey-devel~1.0.9~0.16.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-dom-inspector\", rpm:\"seamonkey-dom-inspector~1.0.9~0.16.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-js-debugger\", rpm:\"seamonkey-js-debugger~1.0.9~0.16.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-mail\", rpm:\"seamonkey-mail~1.0.9~0.16.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nspr\", rpm:\"seamonkey-nspr~1.0.9~0.16.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nspr-devel\", rpm:\"seamonkey-nspr-devel~1.0.9~0.16.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nss\", rpm:\"seamonkey-nss~1.0.9~0.16.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nss-devel\", rpm:\"seamonkey-nss-devel~1.0.9~0.16.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:57:02", "bulletinFamily": "scanner", "description": "Check for the Version of thunderbird", "modified": "2017-07-10T00:00:00", "published": "2009-02-27T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=880287", "id": "OPENVAS:880287", "title": "CentOS Update for thunderbird CESA-2008:0209 centos4 x86_64", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for thunderbird CESA-2008:0209 centos4 x86_64\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Mozilla Thunderbird is a standalone mail and newsgroup client.\n\n Several flaws were found in the processing of some malformed HTML mail\n content. An HTML mail message containing such malicious content could cause\n Thunderbird to crash or, potentially, execute arbitrary code as the user\n running Thunderbird. (CVE-2008-1233, CVE-2008-1235, CVE-2008-1236,\n CVE-2008-1237)\n \n Several flaws were found in the display of malformed web content. An HTML\n mail message containing specially-crafted content could, potentially, trick\n a user into surrendering sensitive information. (CVE-2008-1234,\n CVE-2008-1238, CVE-2008-1241)\n \n Note: JavaScript support is disabled by default in Thunderbird; the above\n issues are not exploitable unless JavaScript is enabled.\n \n All Thunderbird users should upgrade to these updated packages, which\n contain backported patches to resolve these issues.\";\n\ntag_affected = \"thunderbird on CentOS 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2008-April/014808.html\");\n script_id(880287);\n script_version(\"$Revision: 6651 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:45:21 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 09:02:20 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2008:0209\");\n script_cve_id(\"CVE-2008-1233\", \"CVE-2008-1234\", \"CVE-2008-1235\", \"CVE-2008-1236\", \"CVE-2008-1237\", \"CVE-2008-1238\", \"CVE-2008-1241\");\n script_name( \"CentOS Update for thunderbird CESA-2008:0209 centos4 x86_64\");\n\n script_summary(\"Check for the Version of thunderbird\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"thunderbird\", rpm:\"thunderbird~1.5.0.12~10.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:40:40", "bulletinFamily": "scanner", "description": "Check for the Version of firefox", "modified": "2018-04-06T00:00:00", "published": "2009-02-27T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880027", "id": "OPENVAS:1361412562310880027", "type": "openvas", "title": "CentOS Update for firefox CESA-2008:0207 centos3 i386", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for firefox CESA-2008:0207 centos3 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Mozilla Firefox is an open source Web browser.\n\n Several flaws were found in the processing of some malformed web content. A\n web page containing such malicious content could cause Firefox to crash or,\n potentially, execute arbitrary code as the user running Firefox.\n (CVE-2008-1233, CVE-2008-1235, CVE-2008-1236, CVE-2008-1237)\n \n Several flaws were found in the display of malformed web content. A web\n page containing specially-crafted content could, potentially, trick a\n Firefox user into surrendering sensitive information. (CVE-2008-1234,\n CVE-2008-1238, CVE-2008-1241)\n \n All Firefox users should upgrade to these updated packages, which contain\n backported patches that correct these issues.\";\n\ntag_affected = \"firefox on CentOS 3\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2008-March/014781.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880027\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 09:02:20 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2008:0207\");\n script_cve_id(\"CVE-2008-1233\", \"CVE-2008-1234\", \"CVE-2008-1235\", \"CVE-2008-1236\", \"CVE-2008-1237\", \"CVE-2008-1238\", \"CVE-2008-1241\");\n script_name( \"CentOS Update for firefox CESA-2008:0207 centos3 i386\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of firefox\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS3\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~1.5.0.12~0.14.el4.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:57:00", "bulletinFamily": "scanner", "description": "Check for the Version of kazehakase", "modified": "2017-07-10T00:00:00", "published": "2009-02-16T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=860259", "id": "OPENVAS:860259", "title": "Fedora Update for kazehakase FEDORA-2008-2662", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for kazehakase FEDORA-2008-2662\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Kazehakase is a Web browser which aims to provide\n a user interface that is truly user-friendly & fully customizable.\n\n This package uses Gecko for HTML rendering engine.\n If you want to use WebKit for HTML rendering engine, install\n "kazehakase-webkit" rpm instead.\";\n\ntag_affected = \"kazehakase on Fedora 7\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00561.html\");\n script_id(860259);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-16 16:22:52 +0100 (Mon, 16 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2008-2662\");\n script_cve_id(\"CVE-2008-1233\", \"CVE-2008-1235\", \"CVE-2008-1236\", \"CVE-2008-1237\", \"CVE-2008-1234\", \"CVE-2008-1238\", \"CVE-2008-1241\");\n script_name( \"Fedora Update for kazehakase FEDORA-2008-2662\");\n\n script_summary(\"Check for the Version of kazehakase\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC7\")\n{\n\n if ((res = isrpmvuln(pkg:\"kazehakase\", rpm:\"kazehakase~0.5.3~5.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:38:35", "bulletinFamily": "scanner", "description": "Check for the Version of seamonkey", "modified": "2018-04-06T00:00:00", "published": "2009-02-27T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880000", "id": "OPENVAS:1361412562310880000", "title": "CentOS Update for seamonkey CESA-2008:0208-01 centos2 i386", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for seamonkey CESA-2008:0208-01 centos2 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"SeaMonkey is an open source Web browser, advanced email and newsgroup\n client, IRC chat client, and HTML editor.\n\n Several flaws were found in the processing of some malformed web content. A\n web page containing such malicious content could cause SeaMonkey to crash\n or, potentially, execute arbitrary code as the user running SeaMonkey.\n (CVE-2008-1233, CVE-2008-1235, CVE-2008-1236, CVE-2008-1237)\n \n Several flaws were found in the display of malformed web content. A web\n page containing specially-crafted content could, potentially, trick a\n SeaMonkey user into surrendering sensitive information. (CVE-2008-1234,\n CVE-2008-1238, CVE-2008-1241)\n \n All SeaMonkey users should upgrade to these updated packages, which contain\n backported patches to resolve these issues.\";\n\ntag_affected = \"seamonkey on CentOS 2\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2008-March/014784.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880000\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 09:02:20 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2008:0208-01\");\n script_cve_id(\"CVE-2008-1233\", \"CVE-2008-1234\", \"CVE-2008-1235\", \"CVE-2008-1236\", \"CVE-2008-1237\", \"CVE-2008-1238\", \"CVE-2008-1241\");\n script_name( \"CentOS Update for seamonkey CESA-2008:0208-01 centos2 i386\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of seamonkey\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS2\")\n{\n\n if ((res = isrpmvuln(pkg:\"seamonkey\", rpm:\"seamonkey~1.0.9~0.14.el2.c2.1\", rls:\"CentOS2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-chat\", rpm:\"seamonkey-chat~1.0.9~0.14.el2.c2.1\", rls:\"CentOS2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-devel\", rpm:\"seamonkey-devel~1.0.9~0.14.el2.c2.1\", rls:\"CentOS2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-dom-inspector\", rpm:\"seamonkey-dom-inspector~1.0.9~0.14.el2.c2.1\", rls:\"CentOS2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-js-debugger\", rpm:\"seamonkey-js-debugger~1.0.9~0.14.el2.c2.1\", rls:\"CentOS2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-mail\", rpm:\"seamonkey-mail~1.0.9~0.14.el2.c2.1\", rls:\"CentOS2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nspr\", rpm:\"seamonkey-nspr~1.0.9~0.14.el2.c2.1\", rls:\"CentOS2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nspr-devel\", rpm:\"seamonkey-nspr-devel~1.0.9~0.14.el2.c2.1\", rls:\"CentOS2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nss\", rpm:\"seamonkey-nss~1.0.9~0.14.el2.c2.1\", rls:\"CentOS2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nss-devel\", rpm:\"seamonkey-nss-devel~1.0.9~0.14.el2.c2.1\", rls:\"CentOS2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:56:52", "bulletinFamily": "scanner", "description": "Check for the Version of thunderbird", "modified": "2017-07-10T00:00:00", "published": "2009-02-27T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=880088", "id": "OPENVAS:880088", "title": "CentOS Update for thunderbird CESA-2008:0209 centos4 i386", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for thunderbird CESA-2008:0209 centos4 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Mozilla Thunderbird is a standalone mail and newsgroup client.\n\n Several flaws were found in the processing of some malformed HTML mail\n content. An HTML mail message containing such malicious content could cause\n Thunderbird to crash or, potentially, execute arbitrary code as the user\n running Thunderbird. (CVE-2008-1233, CVE-2008-1235, CVE-2008-1236,\n CVE-2008-1237)\n \n Several flaws were found in the display of malformed web content. An HTML\n mail message containing specially-crafted content could, potentially, trick\n a user into surrendering sensitive information. (CVE-2008-1234,\n CVE-2008-1238, CVE-2008-1241)\n \n Note: JavaScript support is disabled by default in Thunderbird; the above\n issues are not exploitable unless JavaScript is enabled.\n \n All Thunderbird users should upgrade to these updated packages, which\n contain backported patches to resolve these issues.\";\n\ntag_affected = \"thunderbird on CentOS 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2008-April/014807.html\");\n script_id(880088);\n script_version(\"$Revision: 6651 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:45:21 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 09:02:20 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2008:0209\");\n script_cve_id(\"CVE-2008-1233\", \"CVE-2008-1234\", \"CVE-2008-1235\", \"CVE-2008-1236\", \"CVE-2008-1237\", \"CVE-2008-1238\", \"CVE-2008-1241\");\n script_name( \"CentOS Update for thunderbird CESA-2008:0209 centos4 i386\");\n\n script_summary(\"Check for the Version of thunderbird\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"thunderbird\", rpm:\"thunderbird~1.5.0.12~10.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:56:34", "bulletinFamily": "scanner", "description": "Check for the Version of firefox", "modified": "2017-07-10T00:00:00", "published": "2009-02-27T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=880201", "id": "OPENVAS:880201", "title": "CentOS Update for firefox CESA-2008:0207 centos3 x86_64", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for firefox CESA-2008:0207 centos3 x86_64\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Mozilla Firefox is an open source Web browser.\n\n Several flaws were found in the processing of some malformed web content. A\n web page containing such malicious content could cause Firefox to crash or,\n potentially, execute arbitrary code as the user running Firefox.\n (CVE-2008-1233, CVE-2008-1235, CVE-2008-1236, CVE-2008-1237)\n \n Several flaws were found in the display of malformed web content. A web\n page containing specially-crafted content could, potentially, trick a\n Firefox user into surrendering sensitive information. (CVE-2008-1234,\n CVE-2008-1238, CVE-2008-1241)\n \n All Firefox users should upgrade to these updated packages, which contain\n backported patches that correct these issues.\";\n\ntag_affected = \"firefox on CentOS 3\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2008-March/014780.html\");\n script_id(880201);\n script_version(\"$Revision: 6651 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:45:21 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 09:02:20 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2008:0207\");\n script_cve_id(\"CVE-2008-1233\", \"CVE-2008-1234\", \"CVE-2008-1235\", \"CVE-2008-1236\", \"CVE-2008-1237\", \"CVE-2008-1238\", \"CVE-2008-1241\");\n script_name( \"CentOS Update for firefox CESA-2008:0207 centos3 x86_64\");\n\n script_summary(\"Check for the Version of firefox\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS3\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~1.5.0.12~0.14.el4.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "slackware": [{"lastseen": "2018-08-31T00:36:58", "bulletinFamily": "unix", "description": "New mozilla-thunderbird packages are available for Slackware 10.2, 11.0, 12.0,\n12.1, and -current to fix security issues, including crashes that can corrupt\nmemory, as well as a JavaScript privilege escalation and arbitrary code\nexecution flaw.\n\nMore details about these issues may be found here:\n http://www.mozilla.org/projects/security/known-vulnerabilities.html#thunderbird\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1233\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1234\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1235\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1236\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1237\n\n\nHere are the details from the Slackware 12.1 ChangeLog:\n\npatches/packages/mozilla-thunderbird-2.0.0.14-i686-1.tgz:\n Upgraded to thunderbird-2.0.0.14.\n This upgrade fixes some more security bugs.\n For more information, see:\n http://www.mozilla.org/projects/security/known-vulnerabilities.html#thunderbird\n (* Security fix *)\n\nWhere to find the new packages:\n\nHINT: Getting slow download speeds from ftp.slackware.com?\nGive slackware.osuosl.org a try. This is another primary FTP site\nfor Slackware that can be considerably faster than downloading\ndirectly from ftp.slackware.com.\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating additional FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the "Get Slack" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 10.2:\nftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/mozilla-thunderbird-2.0.0.14-i686-1.tgz\n\nUpdated package for Slackware 11.0:\nftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/mozilla-thunderbird-2.0.0.14-i686-1.tgz\n\nUpdated package for Slackware 12.0:\nftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/mozilla-thunderbird-2.0.0.14-i686-1.tgz\n\nUpdated package for Slackware 12.1:\nftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/mozilla-thunderbird-2.0.0.14-i686-1.tgz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/mozilla-thunderbird-2.0.0.14-i686-1.tgz\n\n\nMD5 signatures:\n\nSlackware 10.2 package:\n6b7959fe16dc8ffe11e8ed9fcdfeb8b9 mozilla-thunderbird-2.0.0.14-i686-1.tgz\n\nSlackware 11.0 package:\n6b7959fe16dc8ffe11e8ed9fcdfeb8b9 mozilla-thunderbird-2.0.0.14-i686-1.tgz\n\nSlackware 12.0 package:\n6b7959fe16dc8ffe11e8ed9fcdfeb8b9 mozilla-thunderbird-2.0.0.14-i686-1.tgz\n\nSlackware 12.1 package:\n6b7959fe16dc8ffe11e8ed9fcdfeb8b9 mozilla-thunderbird-2.0.0.14-i686-1.tgz\n\nSlackware -current package:\n6b7959fe16dc8ffe11e8ed9fcdfeb8b9 mozilla-thunderbird-2.0.0.14-i686-1.tgz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg mozilla-thunderbird-2.0.0.14-i686-1.tgz", "modified": "2008-05-07T20:53:40", "published": "2008-05-07T20:53:40", "id": "SSA-2008-128-02", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.447313", "title": "mozilla-thunderbird", "type": "slackware", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "ubuntu": [{"lastseen": "2018-08-31T00:09:57", "bulletinFamily": "unix", "description": "Various flaws were discovered in the JavaScript engine. If a user had JavaScript enabled and were tricked into opening a malicious email, an attacker could escalate privileges within Thunderbird, perform cross-site scripting attacks and/or execute arbitrary code with the user\u2019s privileges. (CVE-2008-1233, CVE-2008-1234, CVE-2008-1235)\n\nSeveral problems were discovered in Thunderbird which could lead to crashes and memory corruption. If a user had JavaScript enabled and were tricked into opening a malicious email, an attacker may be able to execute arbitrary code with the user\u2019s privileges. (CVE-2008-1236, CVE-2008-1237)", "modified": "2008-05-06T00:00:00", "published": "2008-05-06T00:00:00", "id": "USN-605-1", "href": "https://usn.ubuntu.com/605-1/", "title": "Thunderbird vulnerabilities", "type": "ubuntu", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "redhat": [{"lastseen": "2018-12-11T17:43:03", "bulletinFamily": "unix", "description": "Mozilla Firefox is an open source Web browser.\r\n\r\nSeveral flaws were found in the processing of some malformed web content. A\r\nweb page containing such malicious content could cause Firefox to crash or,\r\npotentially, execute arbitrary code as the user running Firefox.\r\n(CVE-2008-1233, CVE-2008-1235, CVE-2008-1236, CVE-2008-1237)\r\n\r\nSeveral flaws were found in the display of malformed web content. A web\r\npage containing specially-crafted content could, potentially, trick a\r\nFirefox user into surrendering sensitive information. (CVE-2008-1234,\r\nCVE-2008-1238, CVE-2008-1241)\r\n\r\nAll Firefox users should upgrade to these updated packages, which contain\r\nbackported patches that correct these issues.", "modified": "2017-09-08T12:20:22", "published": "2008-03-26T04:00:00", "id": "RHSA-2008:0207", "href": "https://access.redhat.com/errata/RHSA-2008:0207", "type": "redhat", "title": "(RHSA-2008:0207) Critical: firefox security update", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-12-11T17:44:53", "bulletinFamily": "unix", "description": "Mozilla Thunderbird is a standalone mail and newsgroup client.\r\n\r\nSeveral flaws were found in the processing of some malformed HTML mail\r\ncontent. An HTML mail message containing such malicious content could cause\r\nThunderbird to crash or, potentially, execute arbitrary code as the user\r\nrunning Thunderbird. (CVE-2008-1233, CVE-2008-1235, CVE-2008-1236,\r\nCVE-2008-1237)\r\n\r\nSeveral flaws were found in the display of malformed web content. An HTML\r\nmail message containing specially-crafted content could, potentially, trick\r\na user into surrendering sensitive information. (CVE-2008-1234,\r\nCVE-2008-1238, CVE-2008-1241)\r\n\r\nNote: JavaScript support is disabled by default in Thunderbird; the above\r\nissues are not exploitable unless JavaScript is enabled.\r\n\r\nAll Thunderbird users should upgrade to these updated packages, which\r\ncontain backported patches to resolve these issues.", "modified": "2017-09-08T11:50:52", "published": "2008-04-03T04:00:00", "id": "RHSA-2008:0209", "href": "https://access.redhat.com/errata/RHSA-2008:0209", "type": "redhat", "title": "(RHSA-2008:0209) Moderate: thunderbird security update", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "freebsd": [{"lastseen": "2018-08-31T01:15:35", "bulletinFamily": "unix", "description": "\nThe Mozilla Foundation reports of multiple security issues\n\t in Firefox, Seamonkey, and Thunderbird. Several of these\n\t issues can probably be used to run arbitrary code with the\n\t privilege of the user running the program.\n\n\nMFSA 2008-19\n\t XUL popup spoofing variant (cross-tab popups)\nMFSA 2008-18\n\t Java socket connection to any local port via LiveConnect\nMFSA 2008-17\n\t Privacy issue with SSL Client Authentication\nMFSA 2008-16\n\t HTTP Referrer spoofing with malformed URLs\nMFSA 2008-15\n\t Crashes with evidence of memory corruption (rv:1.8.1.13)\nMFSA 2008-14\n\t JavaScript privilege escalation and arbitrary code execution\n\n\n", "modified": "2009-12-12T00:00:00", "published": "2008-03-26T00:00:00", "id": "12B336C6-FE36-11DC-B09C-001C2514716C", "href": "https://vuxml.freebsd.org/freebsd/12b336c6-fe36-11dc-b09c-001c2514716c.html", "title": "mozilla -- multiple vulnerabilities", "type": "freebsd", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "seebug": [{"lastseen": "2017-11-19T21:44:43", "bulletinFamily": "exploit", "description": "BUGTRAQ ID: 28448\r\nCVE(CAN) ID: CVE-2008-1241,CVE-2008-1240,CVE-2007-4879,CVE-2008-1238,CVE-2008-1236,CVE-2008-1237,CVE-2008-1233,CVE-2008-1234,CVE-2008-1235\r\n\r\nFirefox/Thunderbird/SeaMonkey\u662fMozilla\u6240\u53d1\u5e03\u7684WEB\u6d4f\u89c8\u5668\u548c\u90ae\u4ef6/\u65b0\u95fb\u7ec4\u5ba2\u6237\u7aef\u3002\r\n\r\nFirefox\u4e2d\u7684\u591a\u4e2a\u5b89\u5168\u6f0f\u6d1e\u5141\u8bb8\u6076\u610f\u7528\u6237\u6cc4\u9732\u654f\u611f\u4fe1\u606f\u3001\u7ed5\u8fc7\u5b89\u5168\u9650\u5236\u3001\u6267\u884c\u6b3a\u9a97\u653b\u51fb\u6216\u5165\u4fb5\u7528\u6237\u7cfb\u7edf\u3002\u7531\u4e8e\u4ee3\u7801\u5171\u4eab\uff0cThunderbird\u548cSeaMonkey\u4e5f\u53d7\u8fd9\u4e9b\u6f0f\u6d1e\u7684\u5f71\u54cd\u3002\r\n\r\n1) XPCNativeWrappers\u8c03\u7528\u4e2d\u7684\u5b89\u5168\u6f0f\u6d1e\u53ef\u80fd\u5141\u8bb8\u901a\u8fc7setTimeout()\u8c03\u7528\u4ee5\u7528\u6237\u6743\u9650\u6267\u884c\u4efb\u610fJavascript\u4ee3\u7801\u3002\r\n\r\n2) Javascript\u5f15\u64ce\u4e2d\u7684\u5404\u79cd\u9519\u8bef\u53ef\u80fd\u5bfc\u81f4\u5185\u5b58\u7834\u574f\uff0c\u5141\u8bb8\u7528\u6237\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\r\n\r\n3) \u5982\u679c\u5411URL\u53d1\u9001\u8bf7\u6c42\u7684HTTP Referer:\u5934\u7684Basic Authentication\u51ed\u636e\u4e2d\u7528\u6237\u540d\u4e3a\u7a7a\u7684\u8bdd\uff0c\u5c31\u53ef\u4ee5\u7ed5\u8fc7\u8de8\u7ad9\u8bf7\u6c42\u4f2a\u9020\u9632\u62a4\u3002\r\n\r\n4) \u5728\u521b\u5efa\u5230\u8bf7\u6c42\u4e86SSL\u5ba2\u6237\u7aef\u8ba4\u8bc1\u7684Web\u670d\u52a1\u5668\u7684\u8fde\u63a5\u65f6\uff0cFirefox\u63d0\u4f9b\u4e86\u4e4b\u524d\u914d\u7f6e\u7684\u79c1\u6709SSL\u8bc1\u4e66\uff0c\u8fd9\u53ef\u80fd\u5bfc\u81f4\u6cc4\u9732\u654f\u611f\u4fe1\u606f\u3002 \r\n\r\n5) jar:\u534f\u8bae\u5904\u7406\u4e2d\u7684\u9519\u8bef\u53ef\u80fd\u5bfc\u81f4\u521b\u5efa\u5230\u672c\u5730\u673a\u5668\u4e0a\u4efb\u610f\u7aef\u53e3\u7684\u8fde\u63a5\u3002\r\n\r\n6) \u5728\u663e\u793aXUL\u5f39\u51fa\u7a97\u53e3\u65f6\u7684\u9519\u8bef\u53ef\u80fd\u88ab\u5229\u7528\u9690\u85cf\u7a97\u53e3\u8fb9\u754c\uff0c\u8fd9\u6709\u52a9\u4e8e\u9493\u9c7c\u653b\u51fb\u3002\r\n\r\n\n\nMozilla Firefox <= 2.0.0.12\r\nMozilla Thunderbird <= 2.0.0.12\r\nMozilla SeaMonkey <= 1.1.8\n Mozilla\r\n-------\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\n<a href=http://www.mozilla.org/ target=_blank>http://www.mozilla.org/</a>\r\n\r\nRedHat\r\n------\r\nRedHat\u5df2\u7ecf\u4e3a\u6b64\u53d1\u5e03\u4e86\u4e00\u4e2a\u5b89\u5168\u516c\u544a\uff08RHSA-2008:0207-01\uff09\u4ee5\u53ca\u76f8\u5e94\u8865\u4e01:\r\nRHSA-2008:0207-01\uff1aCritical: firefox security update\r\n\u94fe\u63a5\uff1a<a href=https://www.redhat.com/support/errata/RHSA-2008-0207.html target=_blank>https://www.redhat.com/support/errata/RHSA-2008-0207.html</a>", "modified": "2008-03-31T00:00:00", "published": "2008-03-31T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-3105", "id": "SSV:3105", "title": "Mozilla Thunderbird/Seamonkey/Firefox 2.0.0.13\u7248\u672c\u4fee\u590d\u591a\u4e2a\u5b89\u5168\u6f0f\u6d1e", "type": "seebug", "sourceData": "\n http://pseudo-flaw.net/r/referer-spoofing-with-at/\r\n\r\nhttps://bugzilla.mozilla.org/attachment.cgi?id=291347 \r\nhttps://bugzilla.mozilla.org/attachment.cgi?id=291348\n ", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://www.seebug.org/vuldb/ssvid-3105"}]}