{"id": "RHSA-2012:0080", "type": "redhat", "bulletinFamily": "unix", "title": "(RHSA-2012:0080) Critical: thunderbird security update", "description": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nA use-after-free flaw was found in the way Thunderbird removed\nnsDOMAttribute child nodes. In certain circumstances, due to the premature\nnotification of AttributeChildRemoved, a malicious script could possibly\nuse this flaw to cause Thunderbird to crash or, potentially, execute\narbitrary code with the privileges of the user running Thunderbird.\n(CVE-2011-3659)\n\nSeveral flaws were found in the processing of malformed content. An HTML\nmail message containing malicious content could cause Thunderbird to crash\nor, potentially, execute arbitrary code with the privileges of the user\nrunning Thunderbird. (CVE-2012-0442)\n\nA flaw was found in the way Thunderbird parsed certain Scalable Vector\nGraphics (SVG) image files that contained eXtensible Style Sheet Language\nTransformations (XSLT). An HTML mail message containing a malicious SVG\nimage file could cause Thunderbird to crash or, potentially, execute\narbitrary code with the privileges of the user running Thunderbird.\n(CVE-2012-0449)\n\nThe same-origin policy in Thunderbird treated http://example.com and\nhttp://[example.com] as interchangeable. A malicious script could possibly\nuse this flaw to gain access to sensitive information (such as a client's\nIP and user e-mail address, or httpOnly cookies) that may be included in\nHTTP proxy error replies, generated in response to invalid URLs using\nsquare brackets. (CVE-2011-3670)\n\nNote: The CVE-2011-3659 and CVE-2011-3670 issues cannot be exploited by a\nspecially-crafted HTML mail message as JavaScript is disabled by default\nfor mail messages. It could be exploited another way in Thunderbird, for\nexample, when viewing the full remote content of an RSS feed.\n\nFor technical details regarding these flaws, refer to the Mozilla security\nadvisories for Thunderbird 3.1.18. You can find a link to the Mozilla\nadvisories in the References section of this erratum.\n\nAll Thunderbird users should upgrade to these updated packages, which\ncontain Thunderbird version 3.1.18, which corrects these issues. After\ninstalling the update, Thunderbird must be restarted for the changes to\ntake effect.\n", "published": "2012-01-31T05:00:00", "modified": "2018-06-06T20:24:30", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "href": "https://access.redhat.com/errata/RHSA-2012:0080", "reporter": "RedHat", "references": [], "cvelist": ["CVE-2011-3659", "CVE-2011-3670", "CVE-2012-0442", "CVE-2012-0449"], "lastseen": "2020-08-31T00:07:46", "viewCount": 1, "enchantments": {"score": {"value": 9.0, "vector": "NONE", "modified": "2020-08-31T00:07:46", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2012-0442", "CVE-2011-3670", "CVE-2012-0449", "CVE-2011-3659"]}, {"type": "oraclelinux", "idList": ["ELSA-2012-0085", "ELSA-2012-0084", "ELSA-2012-0079", "ELSA-2012-0080"]}, {"type": "nessus", "idList": ["SUSE_11_4_MOZILLA-JS192-120201.NASL", "REDHAT-RHSA-2012-0079.NASL", "MACOSX_THUNDERBIRD_3_1_18.NASL", "SL_20120131_THUNDERBIRD_ON_SL6_X.NASL", "SUSE_11_4_MOZILLATHUNDERBIRD-120201.NASL", "MOZILLA_FIREFOX_3626.NASL", "SL_20120131_FIREFOX_ON_SL4_X.NASL", "CENTOS_RHSA-2012-0080.NASL", "ORACLELINUX_ELSA-2012-0080.NASL", "REDHAT-RHSA-2012-0080.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310881135", "OPENVAS:881236", "OPENVAS:1361412562310123999", "OPENVAS:1361412562310870598", "OPENVAS:1361412562310881150", "OPENVAS:1361412562310881236", "OPENVAS:1361412562310122000", "OPENVAS:881210", "OPENVAS:1361412562310881210", "OPENVAS:870598"]}, {"type": "centos", "idList": ["CESA-2012:0084", "CESA-2012:0085", "CESA-2012:0080", "CESA-2012:0079"]}, {"type": "ubuntu", "idList": ["USN-1353-1", "USN-1350-1"]}, {"type": "suse", "idList": ["SUSE-SU-2012:0198-1", "OPENSUSE-SU-2012:0234-1", "SUSE-SU-2012:0221-1"]}, {"type": "redhat", "idList": ["RHSA-2012:0085", "RHSA-2012:0079", "RHSA-2012:0084"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2402-1:5969D", "DEBIAN:DSA-2400-1:C46D2", "DEBIAN:DSA-2406-1:4971C"]}, {"type": "freebsd", "idList": ["0A9E2B72-4CB7-11E1-9146-14DAE9EBCF89"]}], "modified": "2020-08-31T00:07:46", "rev": 2}, "vulnersScore": 9.0}, "affectedPackage": [{"OS": "RedHat", "OSVersion": "6", "arch": "s390x", "packageName": "thunderbird", "packageVersion": "3.1.18-1.el6_2", "packageFilename": "thunderbird-3.1.18-1.el6_2.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "s390x", "packageName": "thunderbird-debuginfo", "packageVersion": "3.1.18-1.el6_2", "packageFilename": "thunderbird-debuginfo-3.1.18-1.el6_2.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "src", "packageName": "thunderbird", "packageVersion": "3.1.18-1.el6_2", "packageFilename": "thunderbird-3.1.18-1.el6_2.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "ppc64", "packageName": "thunderbird", "packageVersion": "3.1.18-1.el6_2", "packageFilename": "thunderbird-3.1.18-1.el6_2.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "ppc64", "packageName": "thunderbird-debuginfo", "packageVersion": "3.1.18-1.el6_2", "packageFilename": "thunderbird-debuginfo-3.1.18-1.el6_2.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "i686", "packageName": "thunderbird", "packageVersion": "3.1.18-1.el6_2", "packageFilename": "thunderbird-3.1.18-1.el6_2.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "x86_64", "packageName": "thunderbird", "packageVersion": "3.1.18-1.el6_2", "packageFilename": "thunderbird-3.1.18-1.el6_2.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "x86_64", "packageName": "thunderbird-debuginfo", "packageVersion": "3.1.18-1.el6_2", "packageFilename": "thunderbird-debuginfo-3.1.18-1.el6_2.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "i686", "packageName": "thunderbird-debuginfo", "packageVersion": "3.1.18-1.el6_2", "packageFilename": "thunderbird-debuginfo-3.1.18-1.el6_2.i686.rpm", "operator": "lt"}]}

{"cve": [{"lastseen": "2021-02-02T05:51:06", "description": "Mozilla Firefox before 3.6.26 and 4.x through 6.0, Thunderbird before 3.1.18 and 5.0 through 6.0, and SeaMonkey before 2.4 do not properly enforce the IPv6 literal address syntax, which allows remote attackers to obtain sensitive information by making XMLHttpRequest calls through a proxy and reading the error messages.", "edition": 6, "cvss3": {}, "published": "2012-02-01T16:55:00", "title": "CVE-2011-3670", "type": "cve", "cwe": ["CWE-200"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-3670"], "modified": "2017-12-29T02:29:00", "cpe": ["cpe:/a:mozilla:thunderbird:2.0.0.11", "cpe:/a:mozilla:seamonkey:1.0.8", "cpe:/a:mozilla:firefox:2.0.0.9", "cpe:/a:mozilla:thunderbird:1.5.0.10", "cpe:/a:mozilla:thunderbird:3.0.6", "cpe:/a:mozilla:firefox:3.0.2", "cpe:/a:mozilla:firefox:3.5.6", "cpe:/a:mozilla:firefox:1.5.0.3", "cpe:/a:mozilla:thunderbird:3.0.2", "cpe:/a:mozilla:seamonkey:2.0.6", "cpe:/a:mozilla:thunderbird:1.5.0.3", "cpe:/a:mozilla:seamonkey:2.0", "cpe:/a:mozilla:thunderbird:2.0.0.9", "cpe:/a:mozilla:firefox:1.5.0.2", "cpe:/a:mozilla:firefox:2.0.0.14", "cpe:/a:mozilla:firefox:3.5.12", "cpe:/a:mozilla:seamonkey:2.0.7", "cpe:/a:mozilla:firefox:3.5.14", "cpe:/a:mozilla:firefox:3.6.20", "cpe:/a:mozilla:firefox:2.0.0.18", "cpe:/a:mozilla:firefox:2.0.0.8", "cpe:/a:mozilla:thunderbird:0.7", "cpe:/a:mozilla:thunderbird:3.1.11", "cpe:/a:mozilla:thunderbird:3.0", "cpe:/a:mozilla:firefox:3.0.12", "cpe:/a:mozilla:firefox:0.4", "cpe:/a:mozilla:firefox:1.5.1", "cpe:/a:mozilla:firefox:1.5.4", "cpe:/a:mozilla:seamonkey:1.1.17", "cpe:/a:mozilla:seamonkey:1.0.2", "cpe:/a:mozilla:seamonkey:1.1.2", "cpe:/a:mozilla:firefox:2.0.0.13", "cpe:/a:mozilla:seamonkey:1.1.18", "cpe:/a:mozilla:thunderbird:2.0.0.21", "cpe:/a:mozilla:seamonkey:2.0.3", "cpe:/a:mozilla:seamonkey:1.0", "cpe:/a:mozilla:firefox:0.5", "cpe:/a:mozilla:firefox:4.0.1", "cpe:/a:mozilla:firefox:3.5.3", "cpe:/a:mozilla:firefox:2.0.0.3", "cpe:/a:mozilla:thunderbird:1.0.8", "cpe:/a:mozilla:seamonkey:2.0.11", "cpe:/a:mozilla:thunderbird:3.1.6", "cpe:/a:mozilla:firefox:2.0.0.2", "cpe:/a:mozilla:firefox:1.5.0.1", "cpe:/a:mozilla:firefox:3.6.12", "cpe:/a:mozilla:firefox:3.6.7", "cpe:/a:mozilla:firefox:3.6.2", "cpe:/a:mozilla:seamonkey:2.3", "cpe:/a:mozilla:firefox:2.0.0.12", "cpe:/a:mozilla:firefox:3.5.13", "cpe:/a:mozilla:thunderbird:3.0.7", "cpe:/a:mozilla:firefox:3.0.4", "cpe:/a:mozilla:firefox:3.6.17", "cpe:/a:mozilla:firefox:0.8", "cpe:/a:mozilla:firefox:5.0.1", "cpe:/a:mozilla:seamonkey:1.0.9", "cpe:/a:mozilla:firefox:3.0.14", "cpe:/a:mozilla:firefox:3.6.4", "cpe:/a:mozilla:firefox:1.5.7", "cpe:/a:mozilla:thunderbird:1.0.4", "cpe:/a:mozilla:firefox:3.6.19", "cpe:/a:mozilla:thunderbird:2.0.0.22", "cpe:/a:mozilla:firefox:1.0.5", "cpe:/a:mozilla:thunderbird:2.0.0.12", "cpe:/a:mozilla:thunderbird:1.5.0.2", "cpe:/a:mozilla:thunderbird:1.7.1", "cpe:/a:mozilla:firefox:2.0.0.17", "cpe:/a:mozilla:thunderbird:1.5.0.9", "cpe:/a:mozilla:seamonkey:1.1.15", "cpe:/a:mozilla:firefox:0.10.1", "cpe:/a:mozilla:firefox:2.0", "cpe:/a:mozilla:thunderbird:1.5.0.4", "cpe:/a:mozilla:thunderbird:3.0.10", "cpe:/a:mozilla:firefox:1.0", "cpe:/a:mozilla:firefox:2.0.0.20", "cpe:/a:mozilla:thunderbird:3.1", "cpe:/a:mozilla:firefox:1.0.3", "cpe:/a:mozilla:firefox:2.0.0.10", "cpe:/a:mozilla:seamonkey:1.1.9", "cpe:/a:mozilla:thunderbird:1.5.0.6", "cpe:/a:mozilla:thunderbird:1.0", "cpe:/a:mozilla:firefox:1.8", "cpe:/a:mozilla:firefox:1.5.0.5", "cpe:/a:mozilla:firefox:1.5.0.12", "cpe:/a:mozilla:thunderbird:1.0.1", "cpe:/a:mozilla:seamonkey:1.1.10", "cpe:/a:mozilla:firefox:3.5.5", "cpe:/a:mozilla:firefox:3.0.5", "cpe:/a:mozilla:seamonkey:1.1.12", "cpe:/a:mozilla:thunderbird:1.5.2", "cpe:/a:mozilla:firefox:3.6", "cpe:/a:mozilla:thunderbird:3.1.3", "cpe:/a:mozilla:firefox:4.0", "cpe:/a:mozilla:thunderbird:1.5.0.1", "cpe:/a:mozilla:firefox:0.9.2", "cpe:/a:mozilla:firefox:1.5.6", "cpe:/a:mozilla:seamonkey:2.0.8", "cpe:/a:mozilla:firefox:1.0.4", "cpe:/a:mozilla:seamonkey:1.1.6", "cpe:/a:mozilla:thunderbird:3.0.3", "cpe:/a:mozilla:thunderbird:0.4", "cpe:/a:mozilla:firefox:2.0.0.7", "cpe:/a:mozilla:firefox:3.5.1", "cpe:/a:mozilla:firefox:3.5.7", "cpe:/a:mozilla:thunderbird:2.0.0.23", "cpe:/a:mozilla:firefox:1.0.7", "cpe:/a:mozilla:seamonkey:1.1.5", "cpe:/a:mozilla:firefox:1.0.6", "cpe:/a:mozilla:thunderbird:0.7.2", "cpe:/a:mozilla:firefox:3.0.9", "cpe:/a:mozilla:firefox:3.6.8", "cpe:/a:mozilla:firefox:1.0.1", "cpe:/a:mozilla:seamonkey:2.4", "cpe:/a:mozilla:seamonkey:1.1.4", "cpe:/a:mozilla:thunderbird:2.0.0.19", "cpe:/a:mozilla:thunderbird:3.0.8", "cpe:/a:mozilla:thunderbird:0.6", "cpe:/a:mozilla:firefox:2.0.0.15", "cpe:/a:mozilla:seamonkey:2.0.4", "cpe:/a:mozilla:firefox:3.6.3", "cpe:/a:mozilla:firefox:3.6.23", "cpe:/a:mozilla:thunderbird:2.0.0.7", "cpe:/a:mozilla:thunderbird:3.1.1", "cpe:/a:mozilla:firefox:3.6.9", "cpe:/a:mozilla:firefox:3.6.24", "cpe:/a:mozilla:firefox:3.5", "cpe:/a:mozilla:firefox:1.5.0.10", "cpe:/a:mozilla:thunderbird:3.1.2", "cpe:/a:mozilla:thunderbird:2.0.0.2", "cpe:/a:mozilla:seamonkey:2.0.14", "cpe:/a:mozilla:thunderbird:1.5.0.13", "cpe:/a:mozilla:thunderbird:0.8", "cpe:/a:mozilla:firefox:1.0.2", "cpe:/a:mozilla:thunderbird:2.0.0.5", "cpe:/a:mozilla:seamonkey:1.0.6", "cpe:/a:mozilla:seamonkey:2.3.3", "cpe:/a:mozilla:firefox:3.0.16", "cpe:/a:mozilla:firefox:1.5.8", "cpe:/a:mozilla:thunderbird:2.0.0.13", "cpe:/a:mozilla:thunderbird:6.0", "cpe:/a:mozilla:seamonkey:2.0.2", "cpe:/a:mozilla:firefox:3.0.13", "cpe:/a:mozilla:thunderbird:2.0.0.20", "cpe:/a:mozilla:firefox:0.10", "cpe:/a:mozilla:firefox:0.9.1", "cpe:/a:mozilla:seamonkey:1.0.4", "cpe:/a:mozilla:seamonkey:2.0.13", "cpe:/a:mozilla:firefox:0.6", "cpe:/a:mozilla:seamonkey:1.0.5", "cpe:/a:mozilla:thunderbird:0.7.1", "cpe:/a:mozilla:firefox:3.6.22", "cpe:/a:mozilla:firefox:1.5.5", "cpe:/a:mozilla:firefox:3.0.11", "cpe:/a:mozilla:firefox:1.5.0.4", "cpe:/a:mozilla:thunderbird:1.5.0.12", "cpe:/a:mozilla:firefox:2.0.0.1", "cpe:/a:mozilla:firefox:1.5.0.9", "cpe:/a:mozilla:seamonkey:1.0.7", "cpe:/a:mozilla:thunderbird:2.0.0.3", "cpe:/a:mozilla:firefox:1.5.2", "cpe:/a:mozilla:seamonkey:1.1.11", "cpe:/a:mozilla:firefox:3.6.16", "cpe:/a:mozilla:seamonkey:1.1.3", "cpe:/a:mozilla:thunderbird:3.0.4", "cpe:/a:mozilla:firefox:3.6.25", "cpe:/a:mozilla:thunderbird:0.7.3", "cpe:/a:mozilla:firefox:1.5.0.11", "cpe:/a:mozilla:thunderbird:1.0.5", "cpe:/a:mozilla:thunderbird:1.0.6", "cpe:/a:mozilla:thunderbird:1.5.0.8", "cpe:/a:mozilla:firefox:3.0.3", "cpe:/a:mozilla:firefox:1.5.0.6", "cpe:/a:mozilla:thunderbird:2.0", "cpe:/a:mozilla:firefox:2.0.0.6", "cpe:/a:mozilla:thunderbird:2.0.0.1", "cpe:/a:mozilla:firefox:2.0.0.5", "cpe:/a:mozilla:firefox:1.5", "cpe:/a:mozilla:firefox:3.0.6", "cpe:/a:mozilla:seamonkey:1.1.1", "cpe:/a:mozilla:firefox:1.5.0.7", "cpe:/a:mozilla:seamonkey:1.1.7", "cpe:/a:mozilla:thunderbird:1.5.0.14", "cpe:/a:mozilla:thunderbird:2.0.0.4", "cpe:/a:mozilla:seamonkey:2.", "cpe:/a:mozilla:thunderbird:1.5", "cpe:/a:mozilla:firefox:6.0", "cpe:/a:mozilla:seamonkey:2.0.9", "cpe:/a:mozilla:firefox:3.6.21", "cpe:/a:mozilla:thunderbird:3.1.5", "cpe:/a:mozilla:seamonkey:2.0.5", "cpe:/a:mozilla:seamonkey:2.0.12", "cpe:/a:mozilla:firefox:3.5.8", "cpe:/a:mozilla:firefox:5.0", "cpe:/a:mozilla:thunderbird:2.0.0.0", "cpe:/a:mozilla:thunderbird:3.0.5", "cpe:/a:mozilla:firefox:3.0.15", "cpe:/a:mozilla:firefox:3.0.7", "cpe:/a:mozilla:seamonkey:1.1.14", "cpe:/a:mozilla:firefox:0.1", "cpe:/a:mozilla:seamonkey:1.1.16", "cpe:/a:mozilla:firefox:3.0", "cpe:/a:mozilla:firefox:3.6.15", "cpe:/a:mozilla:thunderbird:3.1.4", "cpe:/a:mozilla:firefox:1.5.3", "cpe:/a:mozilla:firefox:3.5.11", "cpe:/a:mozilla:thunderbird:2.0.0.17", "cpe:/a:mozilla:thunderbird:1.0.2", "cpe:/a:mozilla:thunderbird:5.0", "cpe:/a:mozilla:thunderbird:3.1.10", "cpe:/a:mozilla:firefox:3.0.10", "cpe:/a:mozilla:thunderbird:0.5", "cpe:/a:mozilla:firefox:3.6.11", "cpe:/a:mozilla:firefox:3.0.8", "cpe:/a:mozilla:firefox:1.0.8", "cpe:/a:mozilla:thunderbird:3.0.9", "cpe:/a:mozilla:firefox:1.5.0.8", "cpe:/a:mozilla:firefox:3.0.1", "cpe:/a:mozilla:firefox:0.9", "cpe:/a:mozilla:seamonkey:2.2", "cpe:/a:mozilla:seamonkey:1.0.1", "cpe:/a:mozilla:firefox:3.5.15", "cpe:/a:mozilla:firefox:3.6.13", "cpe:/a:mozilla:firefox:3.5.4", "cpe:/a:mozilla:thunderbird:3.0.1", "cpe:/a:mozilla:seamonkey:1.0.3", "cpe:/a:mozilla:thunderbird:1.5.1", "cpe:/a:mozilla:seamonkey:2.0.10", "cpe:/a:mozilla:firefox:3.5.9", "cpe:/a:mozilla:firefox:3.6.10", "cpe:/a:mozilla:seamonkey:1.1", "cpe:/a:mozilla:seamonkey:2.3.1", "cpe:/a:mozilla:thunderbird:1.0.7", "cpe:/a:mozilla:thunderbird:3.0.11", "cpe:/a:mozilla:seamonkey:2.3.2", "cpe:/a:mozilla:firefox:3.5.2", "cpe:/a:mozilla:firefox:2.0.0.16", "cpe:/a:mozilla:thunderbird:0.2", "cpe:/a:mozilla:thunderbird:1.5.0.5", "cpe:/a:mozilla:firefox:3.5.10", "cpe:/a:mozilla:firefox:0.2", "cpe:/a:mozilla:firefox:0.7", "cpe:/a:mozilla:firefox:3.6.6", "cpe:/a:mozilla:seamonkey:1.1.19", "cpe:/a:mozilla:firefox:1.4.1", "cpe:/a:mozilla:thunderbird:2.0.0.16", "cpe:/a:mozilla:firefox:2.0.0.19", "cpe:/a:mozilla:firefox:3.0.17", "cpe:/a:mozilla:thunderbird:3.1.7", "cpe:/a:mozilla:firefox:0.7.1", "cpe:/a:mozilla:thunderbird:1.5.0.11", "cpe:/a:mozilla:thunderbird:0.1", "cpe:/a:mozilla:firefox:2.0.0.11", "cpe:/a:mozilla:thunderbird:2.0.0.14", "cpe:/a:mozilla:firefox:2.0.0.4", "cpe:/a:mozilla:thunderbird:1.5.0.7", "cpe:/a:mozilla:seamonkey:2.0.1", "cpe:/a:mozilla:firefox:0.6.1", "cpe:/a:mozilla:thunderbird:0.9", "cpe:/a:mozilla:firefox:0.9.3", "cpe:/a:mozilla:thunderbird:2.0.0.15", "cpe:/a:mozilla:thunderbird:2.0.0.8", "cpe:/a:mozilla:thunderbird:1.7.3", "cpe:/a:mozilla:firefox:3.6.14", "cpe:/a:mozilla:thunderbird:1.0.3", "cpe:/a:mozilla:firefox:0.3", "cpe:/a:mozilla:thunderbird:2.0.0.18", "cpe:/a:mozilla:seamonkey:1.1.8", "cpe:/a:mozilla:thunderbird:0.3", "cpe:/a:mozilla:thunderbird:2.0.0.6", "cpe:/a:mozilla:firefox:3.6.18", "cpe:/a:mozilla:seamonkey:2.1", "cpe:/a:mozilla:seamonkey:1.1.13"], "id": "CVE-2011-3670", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3670", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:mozilla:firefox:3.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:1.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.18:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:beta_2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.15:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:1.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:2.0.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:beta_1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:1.5:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.11:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:1.5.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:2.0.0.23:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:2.0.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta7:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:2.0.0.19:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.17:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.1.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:1.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:1.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.23:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.2:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:5.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.20:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.1:alpha1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.1:rc2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.17:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:2.0.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:1.5.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.14:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:alpha_3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:0.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:2.0.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:2.0.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1:beta:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.1:alpha3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.25:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:2.0.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:1.0.5:beta:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.1:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:2.0.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:1.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:1.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.18:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.15:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.16:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.15:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1:alpha:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:1.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.12:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.9:rc:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.17:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.19:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:2.0.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.18:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:1.5.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:2.0.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta6:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.14:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.12:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.:beta3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0:beta:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.19:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:0.7.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.16:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:2.0.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:1.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:5.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:2.0.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:0.7.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:2.0.0.17:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.24:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.11:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.3:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta10:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.4:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.11:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.21:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.1.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.4:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta5:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:2.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.22:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.13:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:1.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.1.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.1.11:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:2.0.0.21:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta12:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:2.0.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta8:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.2:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:1.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:2.0.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.17:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.19:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:1.7.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.1:alpha2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.3:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0:alpha:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:2.0.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:1.5.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:2.0.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:1.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta4:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.20:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.1:rc1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta9:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:1.5.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.3:beta3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.10.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:alpha_1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:1.5.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:alpha_2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:2.0.0.20:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.1:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:2.0.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:1.5.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta11:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:2.0.0.18:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.0:preview_release:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.14:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:1.5.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:2.0.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.13:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:1.5.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:1.5.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:1.5.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:1.5.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.12:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:5.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:1.5.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:1.5.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.1:beta3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.4:beta3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.13:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:1.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.13:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T05:51:06", "description": "Use-after-free vulnerability in Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 might allow remote attackers to execute arbitrary code via vectors related to incorrect AttributeChildRemoved notifications that affect access to removed nsDOMAttribute child nodes.", "edition": 7, "cvss3": {}, "published": "2012-02-01T16:55:00", "title": "CVE-2011-3659", "type": "cve", "cwe": ["CWE-416"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-3659"], "modified": "2020-08-28T13:10:00", "cpe": ["cpe:/o:suse:linux_enterprise_software_development_kit:10", "cpe:/o:suse:linux_enterprise_server:10", "cpe:/o:suse:linux_enterprise_software_development_kit:11", "cpe:/o:suse:linux_enterprise_desktop:10", "cpe:/o:opensuse:opensuse:11.4", "cpe:/o:suse:linux_enterprise_server:11", "cpe:/o:suse:linux_enterprise_desktop:11"], "id": "CVE-2011-3659", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3659", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:*:vmware:*:*", "cpe:2.3:o:suse:linux_enterprise_desktop:10:sp4:*:*:*:*:*:*", "cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:*:*:*:*", "cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp1:*:*:*:*:*:*", "cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*", "cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:*:*:*:*", "cpe:2.3:o:suse:linux_enterprise_software_development_kit:10:sp4:*:*:*:*:*:*", "cpe:2.3:o:suse:linux_enterprise_desktop:11:sp1:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T05:59:44", "description": "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.", "edition": 7, "cvss3": {}, "published": "2012-02-01T16:55:00", "title": "CVE-2012-0442", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-0442"], "modified": "2020-08-28T13:11:00", "cpe": ["cpe:/o:suse:linux_enterprise_software_development_kit:10", "cpe:/o:debian:debian_linux:6.0", "cpe:/o:suse:linux_enterprise_server:10", "cpe:/o:debian:debian_linux:5.0", "cpe:/o:suse:linux_enterprise_software_development_kit:11", "cpe:/o:suse:linux_enterprise_desktop:10", "cpe:/o:opensuse:opensuse:11.4", "cpe:/o:suse:linux_enterprise_server:11", "cpe:/o:suse:linux_enterprise_desktop:11"], "id": "CVE-2012-0442", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0442", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:*:vmware:*:*", "cpe:2.3:o:suse:linux_enterprise_desktop:10:sp4:*:*:*:*:*:*", "cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:*:*:*:*", "cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp1:*:*:*:*:*:*", "cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*", "cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:*:*:*:*", "cpe:2.3:o:suse:linux_enterprise_software_development_kit:10:sp4:*:*:*:*:*:*", "cpe:2.3:o:suse:linux_enterprise_desktop:11:sp1:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T05:59:44", "description": "Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a malformed XSLT stylesheet that is embedded in a document.", "edition": 7, "cvss3": {}, "published": "2012-02-01T16:55:00", "title": "CVE-2012-0449", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-0449"], "modified": "2020-08-28T13:14:00", "cpe": ["cpe:/o:suse:linux_enterprise_software_development_kit:10", "cpe:/o:debian:debian_linux:6.0", "cpe:/o:suse:linux_enterprise_server:10", "cpe:/o:debian:debian_linux:5.0", "cpe:/o:suse:linux_enterprise_software_development_kit:11", "cpe:/o:suse:linux_enterprise_desktop:10", "cpe:/o:opensuse:opensuse:11.4", "cpe:/o:suse:linux_enterprise_server:11", "cpe:/o:suse:linux_enterprise_desktop:11"], "id": "CVE-2012-0449", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0449", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:*:vmware:*:*", "cpe:2.3:o:suse:linux_enterprise_desktop:10:sp4:*:*:*:*:*:*", "cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:*:*:*:*", "cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp1:*:*:*:*:*:*", "cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*", "cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:*:*:*:*", "cpe:2.3:o:suse:linux_enterprise_software_development_kit:10:sp4:*:*:*:*:*:*", "cpe:2.3:o:suse:linux_enterprise_desktop:11:sp1:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*"]}], "oraclelinux": [{"lastseen": "2020-08-31T03:42:30", "bulletinFamily": "unix", "cvelist": ["CVE-2012-0442", "CVE-2011-3659", "CVE-2012-0449", "CVE-2011-3670"], "description": "[3.1.18-1.0.1.el6_2]\n- Replaced thunderbird-redhat-default-prefs.js with\n thunderbird-oracle-default-prefs.js\n- Replace clean.gif in tarball\n[3.1.18-1]\n- Update to 3.1.18", "edition": 5, "modified": "2012-01-31T00:00:00", "published": "2012-01-31T00:00:00", "id": "ELSA-2012-0080", "href": "http://linux.oracle.com/errata/ELSA-2012-0080.html", "title": "thunderbird security update", "type": "oraclelinux", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:38:46", "bulletinFamily": "unix", "cvelist": ["CVE-2012-0442", "CVE-2011-3659", "CVE-2012-0449", "CVE-2012-0444", "CVE-2011-3670"], "description": "firefox:\n[3.6.26-1.0.1.el6_2]\n- Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat ones\n[3.6.26-1]\n- Update to 3.6.26\nxulrunner:\n[1.9.2.26-1.0.1.el6_2]\n- Replace xulrunner-redhat-default-prefs.js with\n xulrunner-oracle-default-prefs.js\n[1.9.2.26-1]\n- Update to 1.9.2.26", "edition": 4, "modified": "2012-01-31T00:00:00", "published": "2012-01-31T00:00:00", "id": "ELSA-2012-0079", "href": "http://linux.oracle.com/errata/ELSA-2012-0079.html", "title": "firefox security update", "type": "oraclelinux", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-08-31T03:43:24", "bulletinFamily": "unix", "cvelist": ["CVE-2012-0442", "CVE-2011-3670"], "description": "[1.0.9-78.0.1.el4]\n- Add mozilla-oracle-default-prefs.js and mozilla-oracle-default-bookmarks.html\n and remove corresponding RedHat ones\n[1.0.9-78.el4]\n- Added fixes from 1.9.2.26", "edition": 5, "modified": "2012-02-01T00:00:00", "published": "2012-02-01T00:00:00", "id": "ELSA-2012-0084", "href": "http://linux.oracle.com/errata/ELSA-2012-0084.html", "title": "seamonkey security update", "type": "oraclelinux", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-08-31T03:43:34", "bulletinFamily": "unix", "cvelist": ["CVE-2012-0442", "CVE-2011-3670"], "description": "[1.5.0.12-46.0.1.el4]\n- Replaced thunderbird-redhat-default-prefs.js with\n thunderbird-oracle-default-prefs.js\n- Replaced clean.gif in tarball\n[1.5.0.12-46]\n- Added fixes from 1.9.2.26", "edition": 5, "modified": "2012-02-01T00:00:00", "published": "2012-02-01T00:00:00", "id": "ELSA-2012-0085", "href": "http://linux.oracle.com/errata/ELSA-2012-0085.html", "title": "thunderbird security update", "type": "oraclelinux", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "centos": [{"lastseen": "2020-08-31T03:44:28", "bulletinFamily": "unix", "cvelist": ["CVE-2012-0442", "CVE-2011-3659", "CVE-2012-0449", "CVE-2011-3670"], "description": "**CentOS Errata and Security Advisory** CESA-2012:0080\n\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nA use-after-free flaw was found in the way Thunderbird removed\nnsDOMAttribute child nodes. In certain circumstances, due to the premature\nnotification of AttributeChildRemoved, a malicious script could possibly\nuse this flaw to cause Thunderbird to crash or, potentially, execute\narbitrary code with the privileges of the user running Thunderbird.\n(CVE-2011-3659)\n\nSeveral flaws were found in the processing of malformed content. An HTML\nmail message containing malicious content could cause Thunderbird to crash\nor, potentially, execute arbitrary code with the privileges of the user\nrunning Thunderbird. (CVE-2012-0442)\n\nA flaw was found in the way Thunderbird parsed certain Scalable Vector\nGraphics (SVG) image files that contained eXtensible Style Sheet Language\nTransformations (XSLT). An HTML mail message containing a malicious SVG\nimage file could cause Thunderbird to crash or, potentially, execute\narbitrary code with the privileges of the user running Thunderbird.\n(CVE-2012-0449)\n\nThe same-origin policy in Thunderbird treated http://example.com and\nhttp://[example.com] as interchangeable. A malicious script could possibly\nuse this flaw to gain access to sensitive information (such as a client's\nIP and user e-mail address, or httpOnly cookies) that may be included in\nHTTP proxy error replies, generated in response to invalid URLs using\nsquare brackets. (CVE-2011-3670)\n\nNote: The CVE-2011-3659 and CVE-2011-3670 issues cannot be exploited by a\nspecially-crafted HTML mail message as JavaScript is disabled by default\nfor mail messages. It could be exploited another way in Thunderbird, for\nexample, when viewing the full remote content of an RSS feed.\n\nFor technical details regarding these flaws, refer to the Mozilla security\nadvisories for Thunderbird 3.1.18. You can find a link to the Mozilla\nadvisories in the References section of this erratum.\n\nAll Thunderbird users should upgrade to these updated packages, which\ncontain Thunderbird version 3.1.18, which corrects these issues. After\ninstalling the update, Thunderbird must be restarted for the changes to\ntake effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2012-February/030444.html\n\n**Affected packages:**\nthunderbird\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2012-0080.html", "edition": 4, "modified": "2012-02-01T11:56:07", "published": "2012-02-01T11:56:07", "href": "http://lists.centos.org/pipermail/centos-announce/2012-February/030444.html", "id": "CESA-2012:0080", "title": "thunderbird security update", "type": "centos", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-08T03:38:00", "bulletinFamily": "unix", "cvelist": ["CVE-2012-0442", "CVE-2011-3659", "CVE-2012-0449", "CVE-2012-0444", "CVE-2011-3670"], "description": "**CentOS Errata and Security Advisory** CESA-2012:0079\n\n\nMozilla Firefox is an open source web browser. XULRunner provides the XUL\nRuntime environment for Mozilla Firefox.\n\nA use-after-free flaw was found in the way Firefox removed nsDOMAttribute\nchild nodes. In certain circumstances, due to the premature notification\nof AttributeChildRemoved, a malicious script could possibly use this flaw\nto cause Firefox to crash or, potentially, execute arbitrary code with the\nprivileges of the user running Firefox. (CVE-2011-3659)\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nFirefox. (CVE-2012-0442)\n\nA flaw was found in the way Firefox parsed Ogg Vorbis media files. A web\npage containing a malicious Ogg Vorbis media file could cause Firefox to\ncrash or, potentially, execute arbitrary code with the privileges of the\nuser running Firefox. (CVE-2012-0444)\n\nA flaw was found in the way Firefox parsed certain Scalable Vector Graphics\n(SVG) image files that contained eXtensible Style Sheet Language\nTransformations (XSLT). A web page containing a malicious SVG image file\ncould cause Firefox to crash or, potentially, execute arbitrary code with\nthe privileges of the user running Firefox. (CVE-2012-0449)\n\nThe same-origin policy in Firefox treated http://example.com and\nhttp://[example.com] as interchangeable. A malicious script could possibly\nuse this flaw to gain access to sensitive information (such as a client's\nIP and user e-mail address, or httpOnly cookies) that may be included in\nHTTP proxy error replies, generated in response to invalid URLs using\nsquare brackets. (CVE-2011-3670)\n\nFor technical details regarding these flaws, refer to the Mozilla security\nadvisories for Firefox 3.6.26. You can find a link to the Mozilla\nadvisories in the References section of this erratum.\n\nAll Firefox users should upgrade to these updated packages, which contain\nFirefox version 3.6.26, which corrects these issues. After installing the\nupdate, Firefox must be restarted for the changes to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2012-February/030442.html\nhttp://lists.centos.org/pipermail/centos-announce/2012-February/030443.html\nhttp://lists.centos.org/pipermail/centos-announce/2012-February/030445.html\nhttp://lists.centos.org/pipermail/centos-announce/2012-January/030442.html\nhttp://lists.centos.org/pipermail/centos-announce/2012-January/030443.html\n\n**Affected packages:**\nfirefox\nxulrunner\nxulrunner-devel\n\n**Upstream details at:**\n\nhttps://rhn.redhat.com/errata/RHSA-2012-0079.html", "edition": 6, "modified": "2012-02-01T11:57:32", "published": "2012-02-01T03:34:27", "href": "http://lists.centos.org/pipermail/centos-announce/2012-February/030442.html", "id": "CESA-2012:0079", "title": "firefox, xulrunner security update", "type": "centos", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-08-31T03:42:13", "bulletinFamily": "unix", "cvelist": ["CVE-2012-0442", "CVE-2011-3670"], "description": "**CentOS Errata and Security Advisory** CESA-2012:0084\n\n\nSeaMonkey is an open source web browser, e-mail and newsgroup client, IRC\nchat client, and HTML editor.\n\nA flaw was found in the processing of malformed web content. A web page\ncontaining malicious content could cause SeaMonkey to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nSeaMonkey. (CVE-2012-0442)\n\nThe same-origin policy in SeaMonkey treated http://example.com and\nhttp://[example.com] as interchangeable. A malicious script could possibly\nuse this flaw to gain access to sensitive information (such as a client's\nIP and user e-mail address, or httpOnly cookies) that may be included in\nHTTP proxy error replies, generated in response to invalid URLs using\nsquare brackets. (CVE-2011-3670)\n\nAll SeaMonkey users should upgrade to these updated packages, which correct\nthese issues. After installing the update, SeaMonkey must be restarted for\nthe changes to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2012-February/030447.html\n\n**Affected packages:**\nseamonkey\nseamonkey-chat\nseamonkey-devel\nseamonkey-dom-inspector\nseamonkey-js-debugger\nseamonkey-mail\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2012-0084.html", "edition": 4, "modified": "2012-02-01T12:34:44", "published": "2012-02-01T12:34:44", "href": "http://lists.centos.org/pipermail/centos-announce/2012-February/030447.html", "id": "CESA-2012:0084", "title": "seamonkey security update", "type": "centos", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-08-31T03:43:23", "bulletinFamily": "unix", "cvelist": ["CVE-2012-0442", "CVE-2011-3670"], "description": "**CentOS Errata and Security Advisory** CESA-2012:0085\n\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nA flaw was found in the processing of malformed content. An HTML mail\nmessage containing malicious content could cause Thunderbird to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nThunderbird. (CVE-2012-0442)\n\nThe same-origin policy in Thunderbird treated http://example.com and\nhttp://[example.com] as interchangeable. A malicious script could possibly\nuse this flaw to gain access to sensitive information (such as a client's\nIP and user e-mail address, or httpOnly cookies) that may be included in\nHTTP proxy error replies, generated in response to invalid URLs using\nsquare brackets. (CVE-2011-3670)\n\nNote: The CVE-2011-3670 issue cannot be exploited by a specially-crafted\nHTML mail message as JavaScript is disabled by default for mail messages.\nIt could be exploited another way in Thunderbird, for example, when viewing\nthe full remote content of an RSS feed.\n\nAll Thunderbird users should upgrade to this updated package, which\nresolves these issues. All running instances of Thunderbird must be\nrestarted for the update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2012-February/030446.html\nhttp://lists.centos.org/pipermail/centos-announce/2012-February/030448.html\n\n**Affected packages:**\nthunderbird\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2012-0085.html", "edition": 4, "modified": "2012-02-01T12:48:17", "published": "2012-02-01T12:31:49", "href": "http://lists.centos.org/pipermail/centos-announce/2012-February/030446.html", "id": "CESA-2012:0085", "title": "thunderbird security update", "type": "centos", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2020-09-01T06:26:43", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0442", "CVE-2011-3659", "CVE-2012-0449", "CVE-2011-3670"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2012-07-30T00:00:00", "id": "OPENVAS:1361412562310881210", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881210", "type": "openvas", "title": "CentOS Update for thunderbird CESA-2012:0080 centos6", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for thunderbird CESA-2012:0080 centos6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2012-February/018406.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.881210\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 16:46:02 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2011-3659\", \"CVE-2011-3670\", \"CVE-2012-0442\", \"CVE-2012-0449\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"CESA\", value:\"2012:0080\");\n script_name(\"CentOS Update for thunderbird CESA-2012:0080 centos6\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'thunderbird'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS6\");\n script_tag(name:\"affected\", value:\"thunderbird on CentOS 6\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"insight\", value:\"Mozilla Thunderbird is a standalone mail and newsgroup client.\n\n A use-after-free flaw was found in the way Thunderbird removed\n nsDOMAttribute child nodes. In certain circumstances, due to the premature\n notification of AttributeChildRemoved, a malicious script could possibly\n use this flaw to cause Thunderbird to crash or, potentially, execute\n arbitrary code with the privileges of the user running Thunderbird.\n (CVE-2011-3659)\n\n Several flaws were found in the processing of malformed content. An HTML\n mail message containing malicious content could cause Thunderbird to crash\n or, potentially, execute arbitrary code with the privileges of the user\n running Thunderbird. (CVE-2012-0442)\n\n A flaw was found in the way Thunderbird parsed certain Scalable Vector\n Graphics (SVG) image files that contained eXtensible Style Sheet Language\n Transformations (XSLT). An HTML mail message containing a malicious SVG\n image file could cause Thunderbird to crash or, potentially, execute\n arbitrary code with the privileges of the user running Thunderbird.\n (CVE-2012-0449)\n\n The same-origin policy in Thunderbird treated http://example.com and http://[example.com]\n as interchangeable. A malicious script could possibly\n use this flaw to gain access to sensitive information (such as a client's\n IP and user e-mail address, or httpOnly cookies) that may be included in\n HTTP proxy error replies, generated in response to invalid URLs using\n square brackets. (CVE-2011-3670)\n\n Note: The CVE-2011-3659 and CVE-2011-3670 issues cannot be exploited by a\n specially-crafted HTML mail message as JavaScript is disabled by default\n for mail messages. It could be exploited another way in Thunderbird, for\n example, when viewing the full remote content of an RSS feed.\n\n For technical details regarding these flaws, refer to the Mozilla security\n advisories for Thunderbird 3.1.18. You can find a link to the Mozilla\n advisories in the References section of this erratum.\n\n All Thunderbird users should upgrade to these updated packages, which\n contain Thunderbird version 3.1.18, which corrects these issues. After\n installing the update, Thunderbird must be restarted for the changes to\n take effect.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"thunderbird\", rpm:\"thunderbird~3.1.18~1.el6.centos\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-09-01T06:15:32", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0442", "CVE-2011-3659", "CVE-2012-0449", "CVE-2011-3670"], "description": "Oracle Linux Local Security Checks ELSA-2012-0080", "modified": "2018-09-28T00:00:00", "published": "2015-10-06T00:00:00", "id": "OPENVAS:1361412562310123999", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123999", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2012-0080", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2012-0080.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123999\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:11:29 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2012-0080\");\n script_tag(name:\"insight\", value:\"ELSA-2012-0080 - thunderbird security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2012-0080\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2012-0080.html\");\n script_cve_id(\"CVE-2011-3659\", \"CVE-2011-3670\", \"CVE-2012-0442\", \"CVE-2012-0449\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux6\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"thunderbird\", rpm:\"thunderbird~3.1.18~1.0.1.el6_2\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2018-01-02T10:57:55", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0442", "CVE-2011-3659", "CVE-2012-0449", "CVE-2011-3670"], "description": "Check for the Version of thunderbird", "modified": "2017-12-28T00:00:00", "published": "2012-07-30T00:00:00", "id": "OPENVAS:881210", "href": "http://plugins.openvas.org/nasl.php?oid=881210", "type": "openvas", "title": "CentOS Update for thunderbird CESA-2012:0080 centos6 ", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for thunderbird CESA-2012:0080 centos6 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Mozilla Thunderbird is a standalone mail and newsgroup client.\n\n A use-after-free flaw was found in the way Thunderbird removed\n nsDOMAttribute child nodes. In certain circumstances, due to the premature\n notification of AttributeChildRemoved, a malicious script could possibly\n use this flaw to cause Thunderbird to crash or, potentially, execute\n arbitrary code with the privileges of the user running Thunderbird.\n (CVE-2011-3659)\n \n Several flaws were found in the processing of malformed content. An HTML\n mail message containing malicious content could cause Thunderbird to crash\n or, potentially, execute arbitrary code with the privileges of the user\n running Thunderbird. (CVE-2012-0442)\n \n A flaw was found in the way Thunderbird parsed certain Scalable Vector\n Graphics (SVG) image files that contained eXtensible Style Sheet Language\n Transformations (XSLT). An HTML mail message containing a malicious SVG\n image file could cause Thunderbird to crash or, potentially, execute\n arbitrary code with the privileges of the user running Thunderbird.\n (CVE-2012-0449)\n \n The same-origin policy in Thunderbird treated <a rel= &qt nofollow &qt href= &qt http://example.com &qt >http://example.com</a> and\n <a rel= &qt nofollow &qt href= &qt http://[example.com &qt >http://[example.com</a>] as interchangeable. A malicious script could possibly\n use this flaw to gain access to sensitive information (such as a client's\n IP and user e-mail address, or httpOnly cookies) that may be included in\n HTTP proxy error replies, generated in response to invalid URLs using\n square brackets. (CVE-2011-3670)\n \n Note: The CVE-2011-3659 and CVE-2011-3670 issues cannot be exploited by a\n specially-crafted HTML mail message as JavaScript is disabled by default\n for mail messages. It could be exploited another way in Thunderbird, for\n example, when viewing the full remote content of an RSS feed.\n \n For technical details regarding these flaws, refer to the Mozilla security\n advisories for Thunderbird 3.1.18. You can find a link to the Mozilla\n advisories in the References section of this erratum.\n \n All Thunderbird users should upgrade to these updated packages, which\n contain Thunderbird version 3.1.18, which corrects these issues. After\n installing the update, Thunderbird must be restarted for the changes to\n take effect.\";\n\ntag_affected = \"thunderbird on CentOS 6\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2012-February/018406.html\");\n script_id(881210);\n script_version(\"$Revision: 8253 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-28 07:29:51 +0100 (Thu, 28 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 16:46:02 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2011-3659\", \"CVE-2011-3670\", \"CVE-2012-0442\", \"CVE-2012-0449\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2012:0080\");\n script_name(\"CentOS Update for thunderbird CESA-2012:0080 centos6 \");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of thunderbird\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"thunderbird\", rpm:\"thunderbird~3.1.18~1.el6.centos\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-11T11:07:06", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0442", "CVE-2011-3659", "CVE-2012-0449", "CVE-2011-3670"], "description": "Check for the Version of thunderbird", "modified": "2018-01-10T00:00:00", "published": "2012-07-09T00:00:00", "id": "OPENVAS:870598", "href": "http://plugins.openvas.org/nasl.php?oid=870598", "type": "openvas", "title": "RedHat Update for thunderbird RHSA-2012:0080-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for thunderbird RHSA-2012:0080-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Mozilla Thunderbird is a standalone mail and newsgroup client.\n\n A use-after-free flaw was found in the way Thunderbird removed\n nsDOMAttribute child nodes. In certain circumstances, due to the premature\n notification of AttributeChildRemoved, a malicious script could possibly\n use this flaw to cause Thunderbird to crash or, potentially, execute\n arbitrary code with the privileges of the user running Thunderbird.\n (CVE-2011-3659)\n\n Several flaws were found in the processing of malformed content. An HTML\n mail message containing malicious content could cause Thunderbird to crash\n or, potentially, execute arbitrary code with the privileges of the user\n running Thunderbird. (CVE-2012-0442)\n\n A flaw was found in the way Thunderbird parsed certain Scalable Vector\n Graphics (SVG) image files that contained eXtensible Style Sheet Language\n Transformations (XSLT). An HTML mail message containing a malicious SVG\n image file could cause Thunderbird to crash or, potentially, execute\n arbitrary code with the privileges of the user running Thunderbird.\n (CVE-2012-0449)\n\n The same-origin policy in Thunderbird treated http://example.com and\n http://[example.com] as interchangeable. A malicious script could possibly\n use this flaw to gain access to sensitive information (such as a client's\n IP and user e-mail address, or httpOnly cookies) that may be included in\n HTTP proxy error replies, generated in response to invalid URLs using\n square brackets. (CVE-2011-3670)\n\n Note: The CVE-2011-3659 and CVE-2011-3670 issues cannot be exploited by a\n specially-crafted HTML mail message as JavaScript is disabled by default\n for mail messages. It could be exploited another way in Thunderbird, for\n example, when viewing the full remote content of an RSS feed.\n\n For technical details regarding these flaws, refer to the Mozilla security\n advisories for Thunderbird 3.1.18. You can find a link to the Mozilla\n advisories in the References section of this erratum.\n\n All Thunderbird users should upgrade to these updated packages, which\n contain Thunderbird version 3.1.18, which corrects these issues. After\n installing the update, Thunderbird must be restarted for the changes to\n take effect.\";\n\ntag_affected = \"thunderbird on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2012-February/msg00006.html\");\n script_id(870598);\n script_version(\"$Revision: 8352 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-10 08:01:57 +0100 (Wed, 10 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-09 10:31:29 +0530 (Mon, 09 Jul 2012)\");\n script_cve_id(\"CVE-2011-3659\", \"CVE-2011-3670\", \"CVE-2012-0442\", \"CVE-2012-0449\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"RHSA\", value: \"2012:0080-01\");\n script_name(\"RedHat Update for thunderbird RHSA-2012:0080-01\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of thunderbird\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"thunderbird\", rpm:\"thunderbird~3.1.18~1.el6_2\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"thunderbird-debuginfo\", rpm:\"thunderbird-debuginfo~3.1.18~1.el6_2\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2020-09-01T06:20:04", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0442", "CVE-2011-3659", "CVE-2012-0449", "CVE-2011-3670"], "description": "The remote host is missing an update for the ", "modified": "2018-11-16T00:00:00", "published": "2012-07-09T00:00:00", "id": "OPENVAS:1361412562310870598", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870598", "type": "openvas", "title": "RedHat Update for thunderbird RHSA-2012:0080-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for thunderbird RHSA-2012:0080-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2012-February/msg00006.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870598\");\n script_version(\"$Revision: 12382 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:51:56 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-09 10:31:29 +0530 (Mon, 09 Jul 2012)\");\n script_cve_id(\"CVE-2011-3659\", \"CVE-2011-3670\", \"CVE-2012-0442\", \"CVE-2012-0449\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"RHSA\", value:\"2012:0080-01\");\n script_name(\"RedHat Update for thunderbird RHSA-2012:0080-01\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'thunderbird'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_6\");\n script_tag(name:\"affected\", value:\"thunderbird on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"Mozilla Thunderbird is a standalone mail and newsgroup client.\n\n A use-after-free flaw was found in the way Thunderbird removed\n nsDOMAttribute child nodes. In certain circumstances, due to the premature\n notification of AttributeChildRemoved, a malicious script could possibly\n use this flaw to cause Thunderbird to crash or, potentially, execute\n arbitrary code with the privileges of the user running Thunderbird.\n (CVE-2011-3659)\n\n Several flaws were found in the processing of malformed content. An HTML\n mail message containing malicious content could cause Thunderbird to crash\n or, potentially, execute arbitrary code with the privileges of the user\n running Thunderbird. (CVE-2012-0442)\n\n A flaw was found in the way Thunderbird parsed certain Scalable Vector\n Graphics (SVG) image files that contained eXtensible Style Sheet Language\n Transformations (XSLT). An HTML mail message containing a malicious SVG\n image file could cause Thunderbird to crash or, potentially, execute\n arbitrary code with the privileges of the user running Thunderbird.\n (CVE-2012-0449)\n\n The same-origin policy in Thunderbird treated http://example.com and\n http://[example.com] as interchangeable. A malicious script could possibly\n use this flaw to gain access to sensitive information (such as a client's\n IP and user e-mail address, or httpOnly cookies) that may be included in\n HTTP proxy error replies, generated in response to invalid URLs using\n square brackets. (CVE-2011-3670)\n\n Note: The CVE-2011-3659 and CVE-2011-3670 issues cannot be exploited by a\n specially-crafted HTML mail message as JavaScript is disabled by default\n for mail messages. It could be exploited another way in Thunderbird, for\n example, when viewing the full remote content of an RSS feed.\n\n For technical details regarding these flaws, refer to the Mozilla security\n advisories for Thunderbird 3.1.18. You can find a link to the Mozilla\n advisories in the References section of this erratum.\n\n All Thunderbird users should upgrade to these updated packages, which\n contain Thunderbird version 3.1.18, which corrects these issues. After\n installing the update, Thunderbird must be restarted for the changes to\n take effect.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"thunderbird\", rpm:\"thunderbird~3.1.18~1.el6_2\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"thunderbird-debuginfo\", rpm:\"thunderbird-debuginfo~3.1.18~1.el6_2\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:37:08", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0442", "CVE-2011-3659", "CVE-2012-0449", "CVE-2012-0444", "CVE-2011-3670"], "description": "Oracle Linux Local Security Checks ELSA-2012-0079", "modified": "2018-09-28T00:00:00", "published": "2015-10-06T00:00:00", "id": "OPENVAS:1361412562310122000", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122000", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2012-0079", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2012-0079.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122000\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:11:29 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2012-0079\");\n script_tag(name:\"insight\", value:\"ELSA-2012-0079 - firefox security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2012-0079\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2012-0079.html\");\n script_cve_id(\"CVE-2011-3659\", \"CVE-2011-3670\", \"CVE-2012-0442\", \"CVE-2012-0444\", \"CVE-2012-0449\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux(5|6)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~3.6.26~1.0.1.el5_7\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"xulrunner\", rpm:\"xulrunner~1.9.2.26~1.0.1.el5_7\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"xulrunner-devel\", rpm:\"xulrunner-devel~1.9.2.26~1.0.1.el5_7\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~3.6.26~1.0.1.el6_2\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"xulrunner\", rpm:\"xulrunner~1.9.2.26~1.0.1.el6_2\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"xulrunner-devel\", rpm:\"xulrunner-devel~1.9.2.26~1.0.1.el6_2\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2018-01-02T10:56:49", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0442", "CVE-2011-3659", "CVE-2012-0449", "CVE-2012-0444", "CVE-2011-3670"], "description": "Check for the Version of firefox", "modified": "2017-12-26T00:00:00", "published": "2012-02-01T00:00:00", "id": "OPENVAS:870535", "href": "http://plugins.openvas.org/nasl.php?oid=870535", "type": "openvas", "title": "RedHat Update for firefox RHSA-2012:0079-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for firefox RHSA-2012:0079-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Mozilla Firefox is an open source web browser. XULRunner provides the XUL\n Runtime environment for Mozilla Firefox.\n\n A use-after-free flaw was found in the way Firefox removed nsDOMAttribute\n child nodes. In certain circumstances, due to the premature notification\n of AttributeChildRemoved, a malicious script could possibly use this flaw\n to cause Firefox to crash or, potentially, execute arbitrary code with the\n privileges of the user running Firefox. (CVE-2011-3659)\n\n Several flaws were found in the processing of malformed web content. A web\n page containing malicious content could cause Firefox to crash or,\n potentially, execute arbitrary code with the privileges of the user running\n Firefox. (CVE-2012-0442)\n\n A flaw was found in the way Firefox parsed Ogg Vorbis media files. A web\n page containing a malicious Ogg Vorbis media file could cause Firefox to\n crash or, potentially, execute arbitrary code with the privileges of the\n user running Firefox. (CVE-2012-0444)\n\n A flaw was found in the way Firefox parsed certain Scalable Vector Graphics\n (SVG) image files that contained eXtensible Style Sheet Language\n Transformations (XSLT). A web page containing a malicious SVG image file\n could cause Firefox to crash or, potentially, execute arbitrary code with\n the privileges of the user running Firefox. (CVE-2012-0449)\n\n For technical details regarding these flaws, refer to the Mozilla security\n advisories for Firefox 3.6.26. You can find a link to the Mozilla\n advisories in the References section of this erratum.\n\n All Firefox users should upgrade to these updated packages, which contain\n Firefox version 3.6.26, which corrects these issues. After installing the\n update, Firefox must be restarted for the changes to take effect.\";\n\ntag_affected = \"firefox on Red Hat Enterprise Linux (v. 5 server),\n Red Hat Enterprise Linux AS version 4,\n Red Hat Enterprise Linux ES version 4,\n Red Hat Enterprise Linux WS version 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2012-February/msg00005.html\");\n script_id(870535);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_version(\"$Revision: 8245 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-26 07:29:59 +0100 (Tue, 26 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-01 11:35:58 +0530 (Wed, 01 Feb 2012)\");\n script_cve_id(\"CVE-2011-3659\", \"CVE-2011-3670\", \"CVE-2012-0442\", \"CVE-2012-0444\",\n \"CVE-2012-0449\");\n script_xref(name: \"RHSA\", value: \"2012:0079-01\");\n script_name(\"RedHat Update for firefox RHSA-2012:0079-01\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of firefox\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~3.6.26~1.el5_7\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-debuginfo\", rpm:\"firefox-debuginfo~3.6.26~1.el5_7\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xulrunner\", rpm:\"xulrunner~1.9.2.26~1.el5_7\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xulrunner-debuginfo\", rpm:\"xulrunner-debuginfo~1.9.2.26~1.el5_7\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xulrunner-devel\", rpm:\"xulrunner-devel~1.9.2.26~1.el5_7\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"RHENT_4\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~3.6.26~2.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-debuginfo\", rpm:\"firefox-debuginfo~3.6.26~2.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-04T11:19:36", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0442", "CVE-2011-3659", "CVE-2012-0449", "CVE-2012-0444", "CVE-2011-3670"], "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1353-1", "modified": "2017-12-01T00:00:00", "published": "2012-02-13T00:00:00", "id": "OPENVAS:840888", "href": "http://plugins.openvas.org/nasl.php?oid=840888", "type": "openvas", "title": "Ubuntu Update for xulrunner-1.9.2 USN-1353-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1353_1.nasl 7960 2017-12-01 06:58:16Z santu $\n#\n# Ubuntu Update for xulrunner-1.9.2 USN-1353-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Jesse Ruderman and Bob Clary discovered memory safety issues affecting the\n Gecko Browser engine. If the user were tricked into opening a specially\n crafted page, an attacker could exploit these to cause a denial of service\n via application crash, or potentially execute code with the privileges of\n the user invoking Xulrunner. (CVE-2012-0442)\n\n It was discovered that the Gecko Browser engine did not properly handle\n node removal in the DOM. If the user were tricked into opening a specially\n crafted page, an attacker could exploit this to cause a denial of service\n via application crash, or potentially execute code with the privileges of\n the user invoking Xulrunner. (CVE-2011-3659)\n\n It was discovered that memory corruption could occur during the decoding of\n Ogg Vorbis files. If the user were tricked into opening a specially crafted\n file, an attacker could exploit this to cause a denial of service via\n application crash, or potentially execute code with the privileges of the\n user invoking Xulrunner. (CVE-2012-0444)\n\n Nicolas Gregoire and Aki Helin discovered that when processing a malformed\n embedded XSLT stylesheet, Xulrunner can crash due to memory corruption. If\n the user were tricked into opening a specially crafted page, an attacker\n could exploit this to cause a denial of service via application crash, or\n potentially execute code with the privileges of the user invoking Xulrunner.\n (CVE-2012-0449)\n\n Gregory Fleischer discovered that requests using IPv6 hostname syntax\n through certain proxies might generate errors. An attacker might be able to\n use this to read sensitive data from the error messages. (CVE-2011-3670)\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1353-1\";\ntag_affected = \"xulrunner-1.9.2 on Ubuntu 10.10 ,\n Ubuntu 10.04 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1353-1/\");\n script_id(840888);\n script_version(\"$Revision: 7960 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 07:58:16 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-13 16:30:21 +0530 (Mon, 13 Feb 2012)\");\n script_cve_id(\"CVE-2012-0442\", \"CVE-2011-3659\", \"CVE-2012-0444\", \"CVE-2012-0449\", \"CVE-2011-3670\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"USN\", value: \"1353-1\");\n script_name(\"Ubuntu Update for xulrunner-1.9.2 USN-1353-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"xulrunner-1.9.2\", ver:\"1.9.2.26+build2+nobinonly-0ubuntu0.10.04.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"xulrunner-1.9.2\", ver:\"1.9.2.26+build2+nobinonly-0ubuntu0.10.10.1\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:38:49", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0442", "CVE-2011-3659", "CVE-2012-0449", "CVE-2012-0444", "CVE-2011-3670"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2012-07-30T00:00:00", "id": "OPENVAS:1361412562310881150", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881150", "type": "openvas", "title": "CentOS Update for firefox CESA-2012:0079 centos4", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for firefox CESA-2012:0079 centos4\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2012-January/018404.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.881150\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 16:23:02 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2011-3659\", \"CVE-2011-3670\", \"CVE-2012-0442\", \"CVE-2012-0444\", \"CVE-2012-0449\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"CESA\", value:\"2012:0079\");\n script_name(\"CentOS Update for firefox CESA-2012:0079 centos4\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'firefox'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS4\");\n script_tag(name:\"affected\", value:\"firefox on CentOS 4\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"insight\", value:\"Mozilla Firefox is an open source web browser. XULRunner provides the XUL\n Runtime environment for Mozilla Firefox.\n\n A use-after-free flaw was found in the way Firefox removed nsDOMAttribute\n child nodes. In certain circumstances, due to the premature notification\n of AttributeChildRemoved, a malicious script could possibly use this flaw\n to cause Firefox to crash or, potentially, execute arbitrary code with the\n privileges of the user running Firefox. (CVE-2011-3659)\n\n Several flaws were found in the processing of malformed web content. A web\n page containing malicious content could cause Firefox to crash or,\n potentially, execute arbitrary code with the privileges of the user running\n Firefox. (CVE-2012-0442)\n\n A flaw was found in the way Firefox parsed Ogg Vorbis media files. A web\n page containing a malicious Ogg Vorbis media file could cause Firefox to\n crash or, potentially, execute arbitrary code with the privileges of the\n user running Firefox. (CVE-2012-0444)\n\n A flaw was found in the way Firefox parsed certain Scalable Vector Graphics\n (SVG) image files that contained eXtensible Style Sheet Language\n Transformations (XSLT). A web page containing a malicious SVG image file\n could cause Firefox to crash or, potentially, execute arbitrary code with\n the privileges of the user running Firefox. (CVE-2012-0449)\n\n The same-origin policy in Firefox treated http://example.com and http://[example.com]\n as interchangeable. A malicious script could possibly\n use this flaw to gain access to sensitive information (such as a client's\n IP and user e-mail address, or httpOnly cookies) that may be included in\n HTTP proxy error replies, generated in response to invalid URLs using\n square brackets. (CVE-2011-3670)\n\n For technical details regarding these flaws, refer to the Mozilla security\n advisories for Firefox 3.6.26. You can find a link to the Mozilla\n advisories in the References section of this erratum.\n\n All Firefox users should upgrade to these updated packages, which contain\n Firefox version 3.6.26, which corrects these issues. After installing the\n update, Firefox must be restarted for the changes to take effect.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~3.6.26~2.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-12-04T11:20:14", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0442", "CVE-2011-3659", "CVE-2012-0449", "CVE-2012-0444", "CVE-2011-3670"], "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1350-1", "modified": "2017-12-01T00:00:00", "published": "2012-02-13T00:00:00", "id": "OPENVAS:840889", "href": "http://plugins.openvas.org/nasl.php?oid=840889", "type": "openvas", "title": "Ubuntu Update for thunderbird USN-1350-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1350_1.nasl 7960 2017-12-01 06:58:16Z santu $\n#\n# Ubuntu Update for thunderbird USN-1350-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Jesse Ruderman and Bob Clary discovered memory safety issues affecting\n Thunderbird. If the user were tricked into opening a specially crafted\n page, an attacker could exploit these to cause a denial of service via\n application crash, or potentially execute code with the privileges of the\n user invoking Thunderbird. (CVE-2012-0442)\n\n It was discovered that Thunderbird did not properly handle node removal in\n the DOM. If the user were tricked into opening a specially crafted page, an\n attacker could exploit this to cause a denial of service via application\n crash, or potentially execute code with the privileges of the user invoking\n Thunderbird. (CVE-2011-3659)\n\n It was discovered that memory corruption could occur during the decoding of\n Ogg Vorbis files. If the user were tricked into opening a specially crafted\n file, an attacker could exploit this to cause a denial of service via\n application crash, or potentially execute code with the privileges of the\n user invoking Thunderbird. (CVE-2012-0444)\n\n Nicolas Gregoire and Aki Helin discovered that when processing a malformed\n embedded XSLT stylesheet, Thunderbird can crash due to memory corruption.\n If the user were tricked into opening a specially crafted page, an attacker\n could exploit this to cause a denial of service via application crash, or\n potentially execute code with the privileges of the user invoking\n Thunderbird. (CVE-2012-0449)\n\n Gregory Fleischer discovered that requests using IPv6 hostname syntax\n through certain proxies might generate errors. An attacker might be able to\n use this to read sensitive data from the error messages. (CVE-2011-3670)\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1350-1\";\ntag_affected = \"thunderbird on Ubuntu 11.04 ,\n Ubuntu 10.10 ,\n Ubuntu 10.04 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1350-1/\");\n script_id(840889);\n script_version(\"$Revision: 7960 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 07:58:16 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-13 16:31:10 +0530 (Mon, 13 Feb 2012)\");\n script_cve_id(\"CVE-2012-0442\", \"CVE-2011-3659\", \"CVE-2012-0444\", \"CVE-2012-0449\", \"CVE-2011-3670\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"USN\", value: \"1350-1\");\n script_name(\"Ubuntu Update for thunderbird USN-1350-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU10.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"thunderbird\", ver:\"3.1.18+build2+nobinonly-0ubuntu0.10.10.1\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"thunderbird\", ver:\"3.1.18+build2+nobinonly-0ubuntu0.10.04.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"thunderbird\", ver:\"3.1.18+build2+nobinonly-0ubuntu0.11.04.1\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2021-01-06T09:27:28", "description": "An updated thunderbird package that fixes multiple security issues is\nnow available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\ncritical security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nA use-after-free flaw was found in the way Thunderbird removed\nnsDOMAttribute child nodes. In certain circumstances, due to the\npremature notification of AttributeChildRemoved, a malicious script\ncould possibly use this flaw to cause Thunderbird to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning Thunderbird. (CVE-2011-3659)\n\nSeveral flaws were found in the processing of malformed content. An\nHTML mail message containing malicious content could cause Thunderbird\nto crash or, potentially, execute arbitrary code with the privileges\nof the user running Thunderbird. (CVE-2012-0442)\n\nA flaw was found in the way Thunderbird parsed certain Scalable Vector\nGraphics (SVG) image files that contained eXtensible Style Sheet\nLanguage Transformations (XSLT). An HTML mail message containing a\nmalicious SVG image file could cause Thunderbird to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning Thunderbird. (CVE-2012-0449)\n\nThe same-origin policy in Thunderbird treated http://example.com and\nhttp://[example.com] as interchangeable. A malicious script could\npossibly use this flaw to gain access to sensitive information (such\nas a client's IP and user e-mail address, or httpOnly cookies) that\nmay be included in HTTP proxy error replies, generated in response to\ninvalid URLs using square brackets. (CVE-2011-3670)\n\nNote: The CVE-2011-3659 and CVE-2011-3670 issues cannot be exploited\nby a specially crafted HTML mail message as JavaScript is disabled by\ndefault for mail messages. It could be exploited another way in\nThunderbird, for example, when viewing the full remote content of an\nRSS feed.\n\nFor technical details regarding these flaws, refer to the Mozilla\nsecurity advisories for Thunderbird 3.1.18. You can find a link to the\nMozilla advisories in the References section of this erratum.\n\nAll Thunderbird users should upgrade to these updated packages, which\ncontain Thunderbird version 3.1.18, which corrects these issues. After\ninstalling the update, Thunderbird must be restarted for the changes\nto take effect.", "edition": 23, "published": "2012-02-02T00:00:00", "title": "CentOS 6 : thunderbird (CESA-2012:0080)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0442", "CVE-2011-3659", "CVE-2012-0449", "CVE-2011-3670"], "modified": "2012-02-02T00:00:00", "cpe": ["cpe:/o:centos:centos:6", "p-cpe:/a:centos:centos:thunderbird"], "id": "CENTOS_RHSA-2012-0080.NASL", "href": "https://www.tenable.com/plugins/nessus/57778", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2012:0080 and \n# CentOS Errata and Security Advisory 2012:0080 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(57778);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2011-3659\", \"CVE-2011-3670\", \"CVE-2012-0442\", \"CVE-2012-0449\");\n script_bugtraq_id(51754, 51755, 51756);\n script_xref(name:\"RHSA\", value:\"2012:0080\");\n\n script_name(english:\"CentOS 6 : thunderbird (CESA-2012:0080)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote CentOS host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"An updated thunderbird package that fixes multiple security issues is\nnow available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\ncritical security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nA use-after-free flaw was found in the way Thunderbird removed\nnsDOMAttribute child nodes. In certain circumstances, due to the\npremature notification of AttributeChildRemoved, a malicious script\ncould possibly use this flaw to cause Thunderbird to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning Thunderbird. (CVE-2011-3659)\n\nSeveral flaws were found in the processing of malformed content. An\nHTML mail message containing malicious content could cause Thunderbird\nto crash or, potentially, execute arbitrary code with the privileges\nof the user running Thunderbird. (CVE-2012-0442)\n\nA flaw was found in the way Thunderbird parsed certain Scalable Vector\nGraphics (SVG) image files that contained eXtensible Style Sheet\nLanguage Transformations (XSLT). An HTML mail message containing a\nmalicious SVG image file could cause Thunderbird to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning Thunderbird. (CVE-2012-0449)\n\nThe same-origin policy in Thunderbird treated http://example.com and\nhttp://[example.com] as interchangeable. A malicious script could\npossibly use this flaw to gain access to sensitive information (such\nas a client's IP and user e-mail address, or httpOnly cookies) that\nmay be included in HTTP proxy error replies, generated in response to\ninvalid URLs using square brackets. (CVE-2011-3670)\n\nNote: The CVE-2011-3659 and CVE-2011-3670 issues cannot be exploited\nby a specially crafted HTML mail message as JavaScript is disabled by\ndefault for mail messages. It could be exploited another way in\nThunderbird, for example, when viewing the full remote content of an\nRSS feed.\n\nFor technical details regarding these flaws, refer to the Mozilla\nsecurity advisories for Thunderbird 3.1.18. You can find a link to the\nMozilla advisories in the References section of this erratum.\n\nAll Thunderbird users should upgrade to these updated packages, which\ncontain Thunderbird version 3.1.18, which corrects these issues. After\ninstalling the update, Thunderbird must be restarted for the changes\nto take effect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2012-February/018406.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?074acdc7\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected thunderbird package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2011-3659\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Firefox 8/9 AttributeChildRemoved() Use-After-Free');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'White_Phosphorus');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/02/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/02/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 6.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-6\", reference:\"thunderbird-3.1.18-1.el6.centos\", allowmaj:TRUE)) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"thunderbird\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T13:46:20", "description": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nA use-after-free flaw was found in the way Thunderbird removed\nnsDOMAttribute child nodes. In certain circumstances, due to the\npremature notification of AttributeChildRemoved, a malicious script\ncould possibly use this flaw to cause Thunderbird to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning Thunderbird. (CVE-2011-3659)\n\nSeveral flaws were found in the processing of malformed content. An\nHTML mail message containing malicious content could cause Thunderbird\nto crash or, potentially, execute arbitrary code with the privileges\nof the user running Thunderbird. (CVE-2012-0442)\n\nA flaw was found in the way Thunderbird parsed certain Scalable Vector\nGraphics (SVG) image files that contained eXtensible Style Sheet\nLanguage Transformations (XSLT). An HTML mail message containing a\nmalicious SVG image file could cause Thunderbird to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning Thunderbird. (CVE-2012-0449)\n\nThe same-origin policy in Thunderbird treated http://example.com and\nhttp://[example.com] as interchangeable. A malicious script could\npossibly use this flaw to gain access to sensitive information (such\nas a client's IP and user e-mail address, or httpOnly cookies) that\nmay be included in HTTP proxy error replies, generated in response to\ninvalid URLs using square brackets. (CVE-2011-3670)\n\nNote: The CVE-2011-3659 and CVE-2011-3670 issues cannot be exploited\nby a specially crafted HTML mail message as JavaScript is disabled by\ndefault for mail messages. It could be exploited another way in\nThunderbird, for example, when viewing the full remote content of an\nRSS feed.\n\nFor technical details regarding these flaws, refer to the Mozilla\nsecurity advisories for Thunderbird 3.1.18.\n\nAll Thunderbird users should upgrade to these updated packages, which\ncontain Thunderbird version 3.1.18, which corrects these issues. After\ninstalling the update, Thunderbird must be restarted for the changes\nto take effect.", "edition": 18, "published": "2012-08-01T00:00:00", "title": "Scientific Linux Security Update : thunderbird on SL6.x i386/x86_64 (20120131)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0442", "CVE-2011-3659", "CVE-2012-0449", "CVE-2011-3670"], "modified": "2012-08-01T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:thunderbird", "p-cpe:/a:fermilab:scientific_linux:thunderbird-debuginfo", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20120131_THUNDERBIRD_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/nessus/61231", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(61231);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-3659\", \"CVE-2011-3670\", \"CVE-2012-0442\", \"CVE-2012-0449\");\n\n script_name(english:\"Scientific Linux Security Update : thunderbird on SL6.x i386/x86_64 (20120131)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nA use-after-free flaw was found in the way Thunderbird removed\nnsDOMAttribute child nodes. In certain circumstances, due to the\npremature notification of AttributeChildRemoved, a malicious script\ncould possibly use this flaw to cause Thunderbird to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning Thunderbird. (CVE-2011-3659)\n\nSeveral flaws were found in the processing of malformed content. An\nHTML mail message containing malicious content could cause Thunderbird\nto crash or, potentially, execute arbitrary code with the privileges\nof the user running Thunderbird. (CVE-2012-0442)\n\nA flaw was found in the way Thunderbird parsed certain Scalable Vector\nGraphics (SVG) image files that contained eXtensible Style Sheet\nLanguage Transformations (XSLT). An HTML mail message containing a\nmalicious SVG image file could cause Thunderbird to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning Thunderbird. (CVE-2012-0449)\n\nThe same-origin policy in Thunderbird treated http://example.com and\nhttp://[example.com] as interchangeable. A malicious script could\npossibly use this flaw to gain access to sensitive information (such\nas a client's IP and user e-mail address, or httpOnly cookies) that\nmay be included in HTTP proxy error replies, generated in response to\ninvalid URLs using square brackets. (CVE-2011-3670)\n\nNote: The CVE-2011-3659 and CVE-2011-3670 issues cannot be exploited\nby a specially crafted HTML mail message as JavaScript is disabled by\ndefault for mail messages. It could be exploited another way in\nThunderbird, for example, when viewing the full remote content of an\nRSS feed.\n\nFor technical details regarding these flaws, refer to the Mozilla\nsecurity advisories for Thunderbird 3.1.18.\n\nAll Thunderbird users should upgrade to these updated packages, which\ncontain Thunderbird version 3.1.18, which corrects these issues. After\ninstalling the update, Thunderbird must be restarted for the changes\nto take effect.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1202&L=scientific-linux-errata&T=0&P=192\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f00640af\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Update the affected thunderbird and / or thunderbird-debuginfo\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Firefox 8/9 AttributeChildRemoved() Use-After-Free');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'White_Phosphorus');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:thunderbird-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/02/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/01/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 6.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"thunderbird-3.1.18-1.el6_2\", allowmaj:TRUE)) flag++;\nif (rpm_check(release:\"SL6\", reference:\"thunderbird-debuginfo-3.1.18-1.el6_2\", allowmaj:TRUE)) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"thunderbird / thunderbird-debuginfo\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T12:46:39", "description": "From Red Hat Security Advisory 2012:0080 :\n\nAn updated thunderbird package that fixes multiple security issues is\nnow available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\ncritical security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nA use-after-free flaw was found in the way Thunderbird removed\nnsDOMAttribute child nodes. In certain circumstances, due to the\npremature notification of AttributeChildRemoved, a malicious script\ncould possibly use this flaw to cause Thunderbird to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning Thunderbird. (CVE-2011-3659)\n\nSeveral flaws were found in the processing of malformed content. An\nHTML mail message containing malicious content could cause Thunderbird\nto crash or, potentially, execute arbitrary code with the privileges\nof the user running Thunderbird. (CVE-2012-0442)\n\nA flaw was found in the way Thunderbird parsed certain Scalable Vector\nGraphics (SVG) image files that contained eXtensible Style Sheet\nLanguage Transformations (XSLT). An HTML mail message containing a\nmalicious SVG image file could cause Thunderbird to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning Thunderbird. (CVE-2012-0449)\n\nThe same-origin policy in Thunderbird treated http://example.com and\nhttp://[example.com] as interchangeable. A malicious script could\npossibly use this flaw to gain access to sensitive information (such\nas a client's IP and user e-mail address, or httpOnly cookies) that\nmay be included in HTTP proxy error replies, generated in response to\ninvalid URLs using square brackets. (CVE-2011-3670)\n\nNote: The CVE-2011-3659 and CVE-2011-3670 issues cannot be exploited\nby a specially crafted HTML mail message as JavaScript is disabled by\ndefault for mail messages. It could be exploited another way in\nThunderbird, for example, when viewing the full remote content of an\nRSS feed.\n\nFor technical details regarding these flaws, refer to the Mozilla\nsecurity advisories for Thunderbird 3.1.18. You can find a link to the\nMozilla advisories in the References section of this erratum.\n\nAll Thunderbird users should upgrade to these updated packages, which\ncontain Thunderbird version 3.1.18, which corrects these issues. After\ninstalling the update, Thunderbird must be restarted for the changes\nto take effect.", "edition": 20, "published": "2013-07-12T00:00:00", "title": "Oracle Linux 6 : thunderbird (ELSA-2012-0080)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0442", "CVE-2011-3659", "CVE-2012-0449", "CVE-2011-3670"], "modified": "2013-07-12T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:thunderbird"], "id": "ORACLELINUX_ELSA-2012-0080.NASL", "href": "https://www.tenable.com/plugins/nessus/68444", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2012:0080 and \n# Oracle Linux Security Advisory ELSA-2012-0080 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(68444);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-3659\", \"CVE-2011-3670\", \"CVE-2012-0442\", \"CVE-2012-0449\");\n script_bugtraq_id(51754, 51755, 51756, 51786);\n script_xref(name:\"RHSA\", value:\"2012:0080\");\n\n script_name(english:\"Oracle Linux 6 : thunderbird (ELSA-2012-0080)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Oracle Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"From Red Hat Security Advisory 2012:0080 :\n\nAn updated thunderbird package that fixes multiple security issues is\nnow available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\ncritical security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nA use-after-free flaw was found in the way Thunderbird removed\nnsDOMAttribute child nodes. In certain circumstances, due to the\npremature notification of AttributeChildRemoved, a malicious script\ncould possibly use this flaw to cause Thunderbird to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning Thunderbird. (CVE-2011-3659)\n\nSeveral flaws were found in the processing of malformed content. An\nHTML mail message containing malicious content could cause Thunderbird\nto crash or, potentially, execute arbitrary code with the privileges\nof the user running Thunderbird. (CVE-2012-0442)\n\nA flaw was found in the way Thunderbird parsed certain Scalable Vector\nGraphics (SVG) image files that contained eXtensible Style Sheet\nLanguage Transformations (XSLT). An HTML mail message containing a\nmalicious SVG image file could cause Thunderbird to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning Thunderbird. (CVE-2012-0449)\n\nThe same-origin policy in Thunderbird treated http://example.com and\nhttp://[example.com] as interchangeable. A malicious script could\npossibly use this flaw to gain access to sensitive information (such\nas a client's IP and user e-mail address, or httpOnly cookies) that\nmay be included in HTTP proxy error replies, generated in response to\ninvalid URLs using square brackets. (CVE-2011-3670)\n\nNote: The CVE-2011-3659 and CVE-2011-3670 issues cannot be exploited\nby a specially crafted HTML mail message as JavaScript is disabled by\ndefault for mail messages. It could be exploited another way in\nThunderbird, for example, when viewing the full remote content of an\nRSS feed.\n\nFor technical details regarding these flaws, refer to the Mozilla\nsecurity advisories for Thunderbird 3.1.18. You can find a link to the\nMozilla advisories in the References section of this erratum.\n\nAll Thunderbird users should upgrade to these updated packages, which\ncontain Thunderbird version 3.1.18, which corrects these issues. After\ninstalling the update, Thunderbird must be restarted for the changes\nto take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2012-February/002584.html\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected thunderbird package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Firefox 8/9 AttributeChildRemoved() Use-After-Free');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'White_Phosphorus');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/02/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", reference:\"thunderbird-3.1.18-1.0.1.el6_2\", allowmaj:TRUE)) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"thunderbird\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T13:10:19", "description": "An updated thunderbird package that fixes multiple security issues is\nnow available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\ncritical security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nA use-after-free flaw was found in the way Thunderbird removed\nnsDOMAttribute child nodes. In certain circumstances, due to the\npremature notification of AttributeChildRemoved, a malicious script\ncould possibly use this flaw to cause Thunderbird to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning Thunderbird. (CVE-2011-3659)\n\nSeveral flaws were found in the processing of malformed content. An\nHTML mail message containing malicious content could cause Thunderbird\nto crash or, potentially, execute arbitrary code with the privileges\nof the user running Thunderbird. (CVE-2012-0442)\n\nA flaw was found in the way Thunderbird parsed certain Scalable Vector\nGraphics (SVG) image files that contained eXtensible Style Sheet\nLanguage Transformations (XSLT). An HTML mail message containing a\nmalicious SVG image file could cause Thunderbird to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning Thunderbird. (CVE-2012-0449)\n\nThe same-origin policy in Thunderbird treated http://example.com and\nhttp://[example.com] as interchangeable. A malicious script could\npossibly use this flaw to gain access to sensitive information (such\nas a client's IP and user e-mail address, or httpOnly cookies) that\nmay be included in HTTP proxy error replies, generated in response to\ninvalid URLs using square brackets. (CVE-2011-3670)\n\nNote: The CVE-2011-3659 and CVE-2011-3670 issues cannot be exploited\nby a specially crafted HTML mail message as JavaScript is disabled by\ndefault for mail messages. It could be exploited another way in\nThunderbird, for example, when viewing the full remote content of an\nRSS feed.\n\nFor technical details regarding these flaws, refer to the Mozilla\nsecurity advisories for Thunderbird 3.1.18. You can find a link to the\nMozilla advisories in the References section of this erratum.\n\nAll Thunderbird users should upgrade to these updated packages, which\ncontain Thunderbird version 3.1.18, which corrects these issues. After\ninstalling the update, Thunderbird must be restarted for the changes\nto take effect.", "edition": 23, "published": "2012-02-01T00:00:00", "title": "RHEL 6 : thunderbird (RHSA-2012:0080)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0442", "CVE-2011-3659", "CVE-2012-0449", "CVE-2011-3670"], "modified": "2012-02-01T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:thunderbird", "p-cpe:/a:redhat:enterprise_linux:thunderbird-debuginfo", "cpe:/o:redhat:enterprise_linux:6.2", "cpe:/o:redhat:enterprise_linux:6"], "id": "REDHAT-RHSA-2012-0080.NASL", "href": "https://www.tenable.com/plugins/nessus/57761", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2012:0080. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(57761);\n script_version(\"1.31\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-3659\", \"CVE-2011-3670\", \"CVE-2012-0442\", \"CVE-2012-0449\");\n script_bugtraq_id(51754, 51755, 51756);\n script_xref(name:\"RHSA\", value:\"2012:0080\");\n\n script_name(english:\"RHEL 6 : thunderbird (RHSA-2012:0080)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"An updated thunderbird package that fixes multiple security issues is\nnow available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\ncritical security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nA use-after-free flaw was found in the way Thunderbird removed\nnsDOMAttribute child nodes. In certain circumstances, due to the\npremature notification of AttributeChildRemoved, a malicious script\ncould possibly use this flaw to cause Thunderbird to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning Thunderbird. (CVE-2011-3659)\n\nSeveral flaws were found in the processing of malformed content. An\nHTML mail message containing malicious content could cause Thunderbird\nto crash or, potentially, execute arbitrary code with the privileges\nof the user running Thunderbird. (CVE-2012-0442)\n\nA flaw was found in the way Thunderbird parsed certain Scalable Vector\nGraphics (SVG) image files that contained eXtensible Style Sheet\nLanguage Transformations (XSLT). An HTML mail message containing a\nmalicious SVG image file could cause Thunderbird to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning Thunderbird. (CVE-2012-0449)\n\nThe same-origin policy in Thunderbird treated http://example.com and\nhttp://[example.com] as interchangeable. A malicious script could\npossibly use this flaw to gain access to sensitive information (such\nas a client's IP and user e-mail address, or httpOnly cookies) that\nmay be included in HTTP proxy error replies, generated in response to\ninvalid URLs using square brackets. (CVE-2011-3670)\n\nNote: The CVE-2011-3659 and CVE-2011-3670 issues cannot be exploited\nby a specially crafted HTML mail message as JavaScript is disabled by\ndefault for mail messages. It could be exploited another way in\nThunderbird, for example, when viewing the full remote content of an\nRSS feed.\n\nFor technical details regarding these flaws, refer to the Mozilla\nsecurity advisories for Thunderbird 3.1.18. You can find a link to the\nMozilla advisories in the References section of this erratum.\n\nAll Thunderbird users should upgrade to these updated packages, which\ncontain Thunderbird version 3.1.18, which corrects these issues. After\ninstalling the update, Thunderbird must be restarted for the changes\nto take effect.\"\n );\n # http://www.mozilla.org/security/known-vulnerabilities/thunderbird31.html#\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?343a160a\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2012:0080\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-0442\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-3670\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-0449\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-3659\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Update the affected thunderbird and / or thunderbird-debuginfo\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Firefox 8/9 AttributeChildRemoved() Use-After-Free');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'White_Phosphorus');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:thunderbird-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/02/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/01/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/02/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2012:0080\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"thunderbird-3.1.18-1.el6_2\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"thunderbird-3.1.18-1.el6_2\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"thunderbird-3.1.18-1.el6_2\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"thunderbird-debuginfo-3.1.18-1.el6_2\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"thunderbird-debuginfo-3.1.18-1.el6_2\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"thunderbird-debuginfo-3.1.18-1.el6_2\", allowmaj:TRUE)) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"thunderbird / thunderbird-debuginfo\");\n }\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-02-01T03:58:46", "description": "The installed version of Thunderbird 3.1 is earlier than 3.1.18. \nSuch versions are potentially affected by multiple vulnerabilities :\n\n - A use-after-free error exists related to removed\n nsDOMAttribute child nodes.(CVE-2011-3659)\n\n - The IPv6 literal syntax in web addresses is not being\n properly enforced. (CVE-2011-3670)\n\n - Various memory safety issues exist. (CVE-2012-0442)\n\n - Memory corruption errors exist related to the\n decoding of Ogg Vorbis files and processing of\n malformed XSLT stylesheets. (CVE-2012-0444,\n CVE-2012-0449)", "edition": 26, "published": "2012-02-01T00:00:00", "title": "Thunderbird 3.1 < 3.1.18 Multiple Vulnerabilities (Mac OS X)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0442", "CVE-2011-3659", "CVE-2012-0449", "CVE-2012-0444", "CVE-2011-3670"], "modified": "2021-02-02T00:00:00", "cpe": ["cpe:/a:mozilla:thunderbird"], "id": "MACOSX_THUNDERBIRD_3_1_18.NASL", "href": "https://www.tenable.com/plugins/nessus/57776", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(57776);\n script_version(\"1.19\");\n script_cvs_date(\"Date: 2018/07/14 1:59:36\");\n\n script_cve_id(\n \"CVE-2011-3659\",\n \"CVE-2011-3670\",\n \"CVE-2012-0442\",\n \"CVE-2012-0444\",\n \"CVE-2012-0449\"\n );\n script_bugtraq_id(\n 51753,\n 51754,\n 51755,\n 51756,\n 51786\n );\n\n script_name(english:\"Thunderbird 3.1 < 3.1.18 Multiple Vulnerabilities (Mac OS X)\");\n script_summary(english:\"Checks version of Thunderbird\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Mac OS X host contains an email client that is potentially\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The installed version of Thunderbird 3.1 is earlier than 3.1.18. \nSuch versions are potentially affected by multiple vulnerabilities :\n\n - A use-after-free error exists related to removed\n nsDOMAttribute child nodes.(CVE-2011-3659)\n\n - The IPv6 literal syntax in web addresses is not being\n properly enforced. (CVE-2011-3670)\n\n - Various memory safety issues exist. (CVE-2012-0442)\n\n - Memory corruption errors exist related to the\n decoding of Ogg Vorbis files and processing of\n malformed XSLT stylesheets. (CVE-2012-0444,\n CVE-2012-0449)\"\n );\n script_set_attribute(attribute:\"see_also\", value:\"http://www.ietf.org/rfc/rfc3986.txt\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-01/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-02/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-04/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-07/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-08/\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Thunderbird 3.1.18 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Firefox 8/9 AttributeChildRemoved() Use-After-Free');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'White_Phosphorus');\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/01/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/01/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/02/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:thunderbird\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"macosx_thunderbird_installed.nasl\");\n script_require_keys(\"MacOSX/Thunderbird/Installed\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\n\nkb_base = \"MacOSX/Thunderbird\";\nget_kb_item_or_exit(kb_base+\"/Installed\");\nversion = get_kb_item_or_exit(kb_base+\"/Version\", exit_code:1);\n\nver = split(version, sep:\".\", keep:FALSE);\nfor (i=0; i<max_index(ver); i++)\n ver[i] = int(ver[i]);\n# nb: make sure we have at least 3 parts for the check.\nfor (i=max_index(ver); i<3; i++)\n ver[i] = 0;\n\nif (ver[0] == 3 && ver[1] == 1 && ver[2] < 18)\n{\n if (report_verbosity > 0)\n {\n info +=\n '\\n Installed version : ' + version +\n '\\n Fixed version : 3.1.18' + '\\n';\n security_hole(port:0, extra:info);\n }\n else security_hole(0);\n exit(0);\n}\nelse \n{\n if (ver[0] == 3 && ver[1] == 1) exit(0, \"The Thunderbird \"+version+\" install is not affected.\");\n else exit(0, \"Thunderbird 3.1.x is not installed.\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-02-01T04:08:06", "description": "The installed version of Firefox 3.6.x is earlier than 3.6.26 and is,\ntherefore, potentially affected by the following security issues :\n\n - A use-after-free error exists related to removed \n nsDOMAttribute child nodes.(CVE-2011-3659)\n\n - The IPv6 literal syntax in web addresses is not being\n properly enforced. (CVE-2011-3670)\n\n - Various memory safety issues exist. (CVE-2012-0442)\n\n - Memory corruption errors exist related to the\n decoding of Ogg Vorbis files and processing of \n malformed XSLT stylesheets. (CVE-2012-0444, \n CVE-2012-0449)", "edition": 27, "published": "2012-02-01T00:00:00", "title": "Firefox 3.6.x < 3.6.26 Multiple Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0442", "CVE-2011-3659", "CVE-2012-0449", "CVE-2012-0444", "CVE-2011-3670"], "modified": "2021-02-02T00:00:00", "cpe": ["cpe:/a:mozilla:firefox"], "id": "MOZILLA_FIREFOX_3626.NASL", "href": "https://www.tenable.com/plugins/nessus/57769", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\n\nif (description)\n{\n script_id(57769);\n script_version(\"1.22\");\n script_cvs_date(\"Date: 2018/11/15 20:50:27\");\n\n script_cve_id(\n \"CVE-2011-3659\",\n \"CVE-2011-3670\",\n \"CVE-2012-0442\",\n \"CVE-2012-0444\",\n \"CVE-2012-0449\"\n );\n script_bugtraq_id(\n 51753,\n 51754,\n 51755,\n 51756,\n 51786\n );\n\n script_name(english:\"Firefox 3.6.x < 3.6.26 Multiple Vulnerabilities\");\n script_summary(english:\"Checks version of Firefox\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Windows host contains a web browser that is potentially\naffected by several vulnerabilities.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The installed version of Firefox 3.6.x is earlier than 3.6.26 and is,\ntherefore, potentially affected by the following security issues :\n\n - A use-after-free error exists related to removed \n nsDOMAttribute child nodes.(CVE-2011-3659)\n\n - The IPv6 literal syntax in web addresses is not being\n properly enforced. (CVE-2011-3670)\n\n - Various memory safety issues exist. (CVE-2012-0442)\n\n - Memory corruption errors exist related to the\n decoding of Ogg Vorbis files and processing of \n malformed XSLT stylesheets. (CVE-2012-0444, \n CVE-2012-0449)\"\n );\n script_set_attribute(attribute:\"see_also\", value:\"https://www.zerodayinitiative.com/advisories/ZDI-12-059/\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.zerodayinitiative.com/advisories/ZDI-12-110/\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.ietf.org/rfc/rfc3986.txt\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-01/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-02/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-04/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-07/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-08/\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Firefox 3.6.26 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Firefox 8/9 AttributeChildRemoved() Use-After-Free');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'White_Phosphorus');\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/01/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/01/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/02/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:firefox\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"mozilla_org_installed.nasl\");\n script_require_keys(\"Mozilla/Firefox/Version\");\n\n exit(0);\n}\n\ninclude(\"mozilla_version.inc\");\nport = get_kb_item_or_exit(\"SMB/transport\"); \n\ninstalls = get_kb_list(\"SMB/Mozilla/Firefox/*\");\nif (isnull(installs)) audit(AUDIT_NOT_INST, \"Firefox\");\n\nmozilla_check_version(installs:installs, product:'firefox', esr:FALSE, fix:'3.6.26', min:'3.6', severity:SECURITY_HOLE);", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T12:46:39", "description": "From Red Hat Security Advisory 2012:0079 :\n\nUpdated firefox packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 4, 5, and 6.\n\nThe Red Hat Security Response Team has rated this update as having\ncritical security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nMozilla Firefox is an open source web browser. XULRunner provides the\nXUL Runtime environment for Mozilla Firefox.\n\nA use-after-free flaw was found in the way Firefox removed\nnsDOMAttribute child nodes. In certain circumstances, due to the\npremature notification of AttributeChildRemoved, a malicious script\ncould possibly use this flaw to cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning Firefox. (CVE-2011-3659)\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning Firefox. (CVE-2012-0442)\n\nA flaw was found in the way Firefox parsed Ogg Vorbis media files. A\nweb page containing a malicious Ogg Vorbis media file could cause\nFirefox to crash or, potentially, execute arbitrary code with the\nprivileges of the user running Firefox. (CVE-2012-0444)\n\nA flaw was found in the way Firefox parsed certain Scalable Vector\nGraphics (SVG) image files that contained eXtensible Style Sheet\nLanguage Transformations (XSLT). A web page containing a malicious SVG\nimage file could cause Firefox to crash or, potentially, execute\narbitrary code with the privileges of the user running Firefox.\n(CVE-2012-0449)\n\nThe same-origin policy in Firefox treated http://example.com and\nhttp://[example.com] as interchangeable. A malicious script could\npossibly use this flaw to gain access to sensitive information (such\nas a client's IP and user e-mail address, or httpOnly cookies) that\nmay be included in HTTP proxy error replies, generated in response to\ninvalid URLs using square brackets. (CVE-2011-3670)\n\nFor technical details regarding these flaws, refer to the Mozilla\nsecurity advisories for Firefox 3.6.26. You can find a link to the\nMozilla advisories in the References section of this erratum.\n\nAll Firefox users should upgrade to these updated packages, which\ncontain Firefox version 3.6.26, which corrects these issues. After\ninstalling the update, Firefox must be restarted for the changes to\ntake effect.", "edition": 19, "published": "2013-07-12T00:00:00", "title": "Oracle Linux 4 / 5 / 6 : firefox (ELSA-2012-0079)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0442", "CVE-2011-3659", "CVE-2012-0449", "CVE-2012-0444", "CVE-2011-3670"], "modified": "2013-07-12T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:xulrunner", "p-cpe:/a:oracle:linux:firefox", "cpe:/o:oracle:linux:5", "cpe:/o:oracle:linux:4", "p-cpe:/a:oracle:linux:xulrunner-devel"], "id": "ORACLELINUX_ELSA-2012-0079.NASL", "href": "https://www.tenable.com/plugins/nessus/68443", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2012:0079 and \n# Oracle Linux Security Advisory ELSA-2012-0079 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(68443);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-3659\", \"CVE-2011-3670\", \"CVE-2012-0442\", \"CVE-2012-0444\", \"CVE-2012-0449\");\n script_bugtraq_id(51753, 51754, 51755, 51756, 51786);\n script_xref(name:\"RHSA\", value:\"2012:0079\");\n\n script_name(english:\"Oracle Linux 4 / 5 / 6 : firefox (ELSA-2012-0079)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"From Red Hat Security Advisory 2012:0079 :\n\nUpdated firefox packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 4, 5, and 6.\n\nThe Red Hat Security Response Team has rated this update as having\ncritical security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nMozilla Firefox is an open source web browser. XULRunner provides the\nXUL Runtime environment for Mozilla Firefox.\n\nA use-after-free flaw was found in the way Firefox removed\nnsDOMAttribute child nodes. In certain circumstances, due to the\npremature notification of AttributeChildRemoved, a malicious script\ncould possibly use this flaw to cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning Firefox. (CVE-2011-3659)\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning Firefox. (CVE-2012-0442)\n\nA flaw was found in the way Firefox parsed Ogg Vorbis media files. A\nweb page containing a malicious Ogg Vorbis media file could cause\nFirefox to crash or, potentially, execute arbitrary code with the\nprivileges of the user running Firefox. (CVE-2012-0444)\n\nA flaw was found in the way Firefox parsed certain Scalable Vector\nGraphics (SVG) image files that contained eXtensible Style Sheet\nLanguage Transformations (XSLT). A web page containing a malicious SVG\nimage file could cause Firefox to crash or, potentially, execute\narbitrary code with the privileges of the user running Firefox.\n(CVE-2012-0449)\n\nThe same-origin policy in Firefox treated http://example.com and\nhttp://[example.com] as interchangeable. A malicious script could\npossibly use this flaw to gain access to sensitive information (such\nas a client's IP and user e-mail address, or httpOnly cookies) that\nmay be included in HTTP proxy error replies, generated in response to\ninvalid URLs using square brackets. (CVE-2011-3670)\n\nFor technical details regarding these flaws, refer to the Mozilla\nsecurity advisories for Firefox 3.6.26. You can find a link to the\nMozilla advisories in the References section of this erratum.\n\nAll Firefox users should upgrade to these updated packages, which\ncontain Firefox version 3.6.26, which corrects these issues. After\ninstalling the update, Firefox must be restarted for the changes to\ntake effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2012-February/002581.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2012-February/002582.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2012-February/002583.html\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected firefox packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Firefox 8/9 AttributeChildRemoved() Use-After-Free');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'White_Phosphorus');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:xulrunner\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:xulrunner-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/02/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(4|5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 4 / 5 / 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL4\", reference:\"firefox-3.6.26-2.0.1.el4\", allowmaj:TRUE)) flag++;\n\nif (rpm_check(release:\"EL5\", reference:\"firefox-3.6.26-1.0.1.el5_7\", allowmaj:TRUE)) flag++;\nif (rpm_check(release:\"EL5\", reference:\"xulrunner-1.9.2.26-1.0.1.el5_7\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"xulrunner-devel-1.9.2.26-1.0.1.el5_7\")) flag++;\n\nif (rpm_check(release:\"EL6\", reference:\"firefox-3.6.26-1.0.1.el6_2\", allowmaj:TRUE)) flag++;\nif (rpm_check(release:\"EL6\", reference:\"xulrunner-1.9.2.26-1.0.1.el6_2\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"xulrunner-devel-1.9.2.26-1.0.1.el6_2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox / xulrunner / xulrunner-devel\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-06T09:27:28", "description": "Updated firefox packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 4, 5, and 6.\n\nThe Red Hat Security Response Team has rated this update as having\ncritical security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nMozilla Firefox is an open source web browser. XULRunner provides the\nXUL Runtime environment for Mozilla Firefox.\n\nA use-after-free flaw was found in the way Firefox removed\nnsDOMAttribute child nodes. In certain circumstances, due to the\npremature notification of AttributeChildRemoved, a malicious script\ncould possibly use this flaw to cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning Firefox. (CVE-2011-3659)\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning Firefox. (CVE-2012-0442)\n\nA flaw was found in the way Firefox parsed Ogg Vorbis media files. A\nweb page containing a malicious Ogg Vorbis media file could cause\nFirefox to crash or, potentially, execute arbitrary code with the\nprivileges of the user running Firefox. (CVE-2012-0444)\n\nA flaw was found in the way Firefox parsed certain Scalable Vector\nGraphics (SVG) image files that contained eXtensible Style Sheet\nLanguage Transformations (XSLT). A web page containing a malicious SVG\nimage file could cause Firefox to crash or, potentially, execute\narbitrary code with the privileges of the user running Firefox.\n(CVE-2012-0449)\n\nThe same-origin policy in Firefox treated http://example.com and\nhttp://[example.com] as interchangeable. A malicious script could\npossibly use this flaw to gain access to sensitive information (such\nas a client's IP and user e-mail address, or httpOnly cookies) that\nmay be included in HTTP proxy error replies, generated in response to\ninvalid URLs using square brackets. (CVE-2011-3670)\n\nFor technical details regarding these flaws, refer to the Mozilla\nsecurity advisories for Firefox 3.6.26. You can find a link to the\nMozilla advisories in the References section of this erratum.\n\nAll Firefox users should upgrade to these updated packages, which\ncontain Firefox version 3.6.26, which corrects these issues. After\ninstalling the update, Firefox must be restarted for the changes to\ntake effect.", "edition": 26, "published": "2012-02-02T00:00:00", "title": "CentOS 4 / 5 / 6 : firefox (CESA-2012:0079)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0442", "CVE-2011-3659", "CVE-2012-0449", "CVE-2012-0444", "CVE-2011-3670"], "modified": "2012-02-02T00:00:00", "cpe": ["cpe:/o:centos:centos:6", "p-cpe:/a:centos:centos:xulrunner-devel", "cpe:/o:centos:centos:4", "p-cpe:/a:centos:centos:xulrunner", "p-cpe:/a:centos:centos:firefox", "cpe:/o:centos:centos:5"], "id": "CENTOS_RHSA-2012-0079.NASL", "href": "https://www.tenable.com/plugins/nessus/57777", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2012:0079 and \n# CentOS Errata and Security Advisory 2012:0079 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(57777);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2011-3659\", \"CVE-2011-3670\", \"CVE-2012-0442\", \"CVE-2012-0444\", \"CVE-2012-0449\");\n script_bugtraq_id(51753, 51754, 51755, 51756);\n script_xref(name:\"RHSA\", value:\"2012:0079\");\n\n script_name(english:\"CentOS 4 / 5 / 6 : firefox (CESA-2012:0079)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated firefox packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 4, 5, and 6.\n\nThe Red Hat Security Response Team has rated this update as having\ncritical security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nMozilla Firefox is an open source web browser. XULRunner provides the\nXUL Runtime environment for Mozilla Firefox.\n\nA use-after-free flaw was found in the way Firefox removed\nnsDOMAttribute child nodes. In certain circumstances, due to the\npremature notification of AttributeChildRemoved, a malicious script\ncould possibly use this flaw to cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning Firefox. (CVE-2011-3659)\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning Firefox. (CVE-2012-0442)\n\nA flaw was found in the way Firefox parsed Ogg Vorbis media files. A\nweb page containing a malicious Ogg Vorbis media file could cause\nFirefox to crash or, potentially, execute arbitrary code with the\nprivileges of the user running Firefox. (CVE-2012-0444)\n\nA flaw was found in the way Firefox parsed certain Scalable Vector\nGraphics (SVG) image files that contained eXtensible Style Sheet\nLanguage Transformations (XSLT). A web page containing a malicious SVG\nimage file could cause Firefox to crash or, potentially, execute\narbitrary code with the privileges of the user running Firefox.\n(CVE-2012-0449)\n\nThe same-origin policy in Firefox treated http://example.com and\nhttp://[example.com] as interchangeable. A malicious script could\npossibly use this flaw to gain access to sensitive information (such\nas a client's IP and user e-mail address, or httpOnly cookies) that\nmay be included in HTTP proxy error replies, generated in response to\ninvalid URLs using square brackets. (CVE-2011-3670)\n\nFor technical details regarding these flaws, refer to the Mozilla\nsecurity advisories for Firefox 3.6.26. You can find a link to the\nMozilla advisories in the References section of this erratum.\n\nAll Firefox users should upgrade to these updated packages, which\ncontain Firefox version 3.6.26, which corrects these issues. After\ninstalling the update, Firefox must be restarted for the changes to\ntake effect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2012-February/018407.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7fa2cbb6\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2012-January/018404.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?99054853\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2012-January/018405.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?902b2dfa\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected firefox packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2011-3659\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Firefox 8/9 AttributeChildRemoved() Use-After-Free');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'White_Phosphorus');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:xulrunner\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:xulrunner-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/02/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/02/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(4|5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 4.x / 5.x / 6.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"firefox-3.6.26-2.el4.centos\", allowmaj:TRUE)) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"firefox-3.6.26-2.el4.centos\", allowmaj:TRUE)) flag++;\n\nif (rpm_check(release:\"CentOS-5\", reference:\"firefox-3.6.26-1.el5.centos\", allowmaj:TRUE)) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"xulrunner-1.9.2.26-1.el5_7\", allowmaj:TRUE)) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"xulrunner-devel-1.9.2.26-1.el5_7\", allowmaj:TRUE)) flag++;\n\nif (rpm_check(release:\"CentOS-6\", reference:\"firefox-3.6.26-1.el6.centos\", allowmaj:TRUE)) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"xulrunner-1.9.2.26-1.el6.centos\", allowmaj:TRUE)) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"xulrunner-devel-1.9.2.26-1.el6.centos\", allowmaj:TRUE)) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox / xulrunner / xulrunner-devel\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-02-01T04:11:37", "description": "The installed version of Thunderbird 3.1.x is earlier than 3.1.18 and\nis, therefore, potentially affected by the following vulnerabilities:\n\n - A use-after-free error exists related to removed\n nsDOMAttribute child nodes.(CVE-2011-3659)\n\n - The IPv6 literal syntax in web addresses is not being\n properly enforced. (CVE-2011-3670)\n\n - Various memory safety issues exist. (CVE-2012-0442)\n\n - Memory corruption errors exist related to the\n decoding of Ogg Vorbis files and processing of\n malformed XSLT stylesheets. (CVE-2012-0444,\n CVE-2012-0449)", "edition": 27, "published": "2012-02-01T00:00:00", "title": "Mozilla Thunderbird 3.1.x < 3.1.18 Multiple Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0442", "CVE-2011-3659", "CVE-2012-0449", "CVE-2012-0444", "CVE-2011-3670"], "modified": "2021-02-02T00:00:00", "cpe": ["cpe:/a:mozilla:thunderbird"], "id": "MOZILLA_THUNDERBIRD_3118.NASL", "href": "https://www.tenable.com/plugins/nessus/57771", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(57771);\n script_version(\"1.21\");\n script_cvs_date(\"Date: 2018/11/15 20:50:27\");\n\n script_cve_id(\n \"CVE-2011-3659\",\n \"CVE-2011-3670\",\n \"CVE-2012-0442\",\n \"CVE-2012-0444\",\n \"CVE-2012-0449\"\n );\n script_bugtraq_id(\n 51753,\n 51754,\n 51755,\n 51756,\n 51786\n );\n\n script_name(english:\"Mozilla Thunderbird 3.1.x < 3.1.18 Multiple Vulnerabilities\");\n script_summary(english:\"Checks version of Thunderbird\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host contains a mail client that is potentially\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The installed version of Thunderbird 3.1.x is earlier than 3.1.18 and\nis, therefore, potentially affected by the following vulnerabilities:\n\n - A use-after-free error exists related to removed\n nsDOMAttribute child nodes.(CVE-2011-3659)\n\n - The IPv6 literal syntax in web addresses is not being\n properly enforced. (CVE-2011-3670)\n\n - Various memory safety issues exist. (CVE-2012-0442)\n\n - Memory corruption errors exist related to the\n decoding of Ogg Vorbis files and processing of\n malformed XSLT stylesheets. (CVE-2012-0444,\n CVE-2012-0449)\"\n );\n script_set_attribute(attribute:\"see_also\", value:\"https://www.zerodayinitiative.com/advisories/ZDI-12-059/\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.ietf.org/rfc/rfc3986.txt\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-01/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-02/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-04/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-07/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-08/\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Thunderbird 3.1.18 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Firefox 8/9 AttributeChildRemoved() Use-After-Free');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'White_Phosphorus');\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/01/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/01/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/02/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:thunderbird\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"mozilla_org_installed.nasl\");\n script_require_keys(\"Mozilla/Thunderbird/Version\");\n exit(0);\n}\n\ninclude(\"mozilla_version.inc\");\nport = get_kb_item_or_exit(\"SMB/transport\");\n\ninstalls = get_kb_list(\"SMB/Mozilla/Thunderbird/*\");\nif (isnull(installs)) audit(AUDIT_NOT_INST, \"Thunderbird\");\n\nmozilla_check_version(installs:installs, product:'thunderbird', esr:FALSE, fix:'3.1.18', min:'3.1.0', severity:SECURITY_HOLE);", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T13:10:18", "description": "Updated firefox packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 4, 5, and 6.\n\nThe Red Hat Security Response Team has rated this update as having\ncritical security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nMozilla Firefox is an open source web browser. XULRunner provides the\nXUL Runtime environment for Mozilla Firefox.\n\nA use-after-free flaw was found in the way Firefox removed\nnsDOMAttribute child nodes. In certain circumstances, due to the\npremature notification of AttributeChildRemoved, a malicious script\ncould possibly use this flaw to cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning Firefox. (CVE-2011-3659)\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning Firefox. (CVE-2012-0442)\n\nA flaw was found in the way Firefox parsed Ogg Vorbis media files. A\nweb page containing a malicious Ogg Vorbis media file could cause\nFirefox to crash or, potentially, execute arbitrary code with the\nprivileges of the user running Firefox. (CVE-2012-0444)\n\nA flaw was found in the way Firefox parsed certain Scalable Vector\nGraphics (SVG) image files that contained eXtensible Style Sheet\nLanguage Transformations (XSLT). A web page containing a malicious SVG\nimage file could cause Firefox to crash or, potentially, execute\narbitrary code with the privileges of the user running Firefox.\n(CVE-2012-0449)\n\nThe same-origin policy in Firefox treated http://example.com and\nhttp://[example.com] as interchangeable. A malicious script could\npossibly use this flaw to gain access to sensitive information (such\nas a client's IP and user e-mail address, or httpOnly cookies) that\nmay be included in HTTP proxy error replies, generated in response to\ninvalid URLs using square brackets. (CVE-2011-3670)\n\nFor technical details regarding these flaws, refer to the Mozilla\nsecurity advisories for Firefox 3.6.26. You can find a link to the\nMozilla advisories in the References section of this erratum.\n\nAll Firefox users should upgrade to these updated packages, which\ncontain Firefox version 3.6.26, which corrects these issues. After\ninstalling the update, Firefox must be restarted for the changes to\ntake effect.", "edition": 23, "published": "2012-02-01T00:00:00", "title": "RHEL 4 / 5 / 6 : firefox (RHSA-2012:0079)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0442", "CVE-2011-3659", "CVE-2012-0449", "CVE-2012-0444", "CVE-2011-3670"], "modified": "2012-02-01T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:4", "cpe:/o:redhat:enterprise_linux:5", "p-cpe:/a:redhat:enterprise_linux:xulrunner-debuginfo", "p-cpe:/a:redhat:enterprise_linux:xulrunner", "p-cpe:/a:redhat:enterprise_linux:firefox", "p-cpe:/a:redhat:enterprise_linux:firefox-debuginfo", "p-cpe:/a:redhat:enterprise_linux:xulrunner-devel", "cpe:/o:redhat:enterprise_linux:6.2", "cpe:/o:redhat:enterprise_linux:6"], "id": "REDHAT-RHSA-2012-0079.NASL", "href": "https://www.tenable.com/plugins/nessus/57760", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2012:0079. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(57760);\n script_version(\"1.31\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-3659\", \"CVE-2011-3670\", \"CVE-2012-0442\", \"CVE-2012-0444\", \"CVE-2012-0449\");\n script_bugtraq_id(51753, 51754, 51755, 51756);\n script_xref(name:\"RHSA\", value:\"2012:0079\");\n\n script_name(english:\"RHEL 4 / 5 / 6 : firefox (RHSA-2012:0079)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Updated firefox packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 4, 5, and 6.\n\nThe Red Hat Security Response Team has rated this update as having\ncritical security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nMozilla Firefox is an open source web browser. XULRunner provides the\nXUL Runtime environment for Mozilla Firefox.\n\nA use-after-free flaw was found in the way Firefox removed\nnsDOMAttribute child nodes. In certain circumstances, due to the\npremature notification of AttributeChildRemoved, a malicious script\ncould possibly use this flaw to cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning Firefox. (CVE-2011-3659)\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning Firefox. (CVE-2012-0442)\n\nA flaw was found in the way Firefox parsed Ogg Vorbis media files. A\nweb page containing a malicious Ogg Vorbis media file could cause\nFirefox to crash or, potentially, execute arbitrary code with the\nprivileges of the user running Firefox. (CVE-2012-0444)\n\nA flaw was found in the way Firefox parsed certain Scalable Vector\nGraphics (SVG) image files that contained eXtensible Style Sheet\nLanguage Transformations (XSLT). A web page containing a malicious SVG\nimage file could cause Firefox to crash or, potentially, execute\narbitrary code with the privileges of the user running Firefox.\n(CVE-2012-0449)\n\nThe same-origin policy in Firefox treated http://example.com and\nhttp://[example.com] as interchangeable. A malicious script could\npossibly use this flaw to gain access to sensitive information (such\nas a client's IP and user e-mail address, or httpOnly cookies) that\nmay be included in HTTP proxy error replies, generated in response to\ninvalid URLs using square brackets. (CVE-2011-3670)\n\nFor technical details regarding these flaws, refer to the Mozilla\nsecurity advisories for Firefox 3.6.26. You can find a link to the\nMozilla advisories in the References section of this erratum.\n\nAll Firefox users should upgrade to these updated packages, which\ncontain Firefox version 3.6.26, which corrects these issues. After\ninstalling the update, Firefox must be restarted for the changes to\ntake effect.\"\n );\n # http://www.mozilla.org/security/known-vulnerabilities/firefox36.html#\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ab0bbddd\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2012:0079\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-0442\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-3670\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-0449\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-3659\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-0444\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Firefox 8/9 AttributeChildRemoved() Use-After-Free');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'White_Phosphorus');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:firefox-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xulrunner\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xulrunner-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xulrunner-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/02/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/01/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/02/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(4|5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x / 5.x / 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2012:0079\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL4\", reference:\"firefox-3.6.26-2.el4\", allowmaj:TRUE)) flag++;\n\n\n if (rpm_check(release:\"RHEL5\", reference:\"firefox-3.6.26-1.el5_7\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"xulrunner-1.9.2.26-1.el5_7\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"xulrunner-devel-1.9.2.26-1.el5_7\")) flag++;\n\n\n if (rpm_check(release:\"RHEL6\", reference:\"firefox-3.6.26-1.el6_2\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"firefox-debuginfo-3.6.26-1.el6_2\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"xulrunner-1.9.2.26-1.el6_2\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"xulrunner-debuginfo-1.9.2.26-1.el6_2\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"xulrunner-devel-1.9.2.26-1.el6_2\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox / firefox-debuginfo / xulrunner / xulrunner-debuginfo / etc\");\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "ubuntu": [{"lastseen": "2020-07-09T19:37:49", "bulletinFamily": "unix", "cvelist": ["CVE-2012-0442", "CVE-2011-3659", "CVE-2012-0449", "CVE-2012-0444", "CVE-2011-3670"], "description": "Jesse Ruderman and Bob Clary discovered memory safety issues affecting \nThunderbird. If the user were tricked into opening a specially crafted \npage, an attacker could exploit these to cause a denial of service via \napplication crash, or potentially execute code with the privileges of the \nuser invoking Thunderbird. (CVE-2012-0442)\n\nIt was discovered that Thunderbird did not properly handle node removal in \nthe DOM. If the user were tricked into opening a specially crafted page, an \nattacker could exploit this to cause a denial of service via application \ncrash, or potentially execute code with the privileges of the user invoking \nThunderbird. (CVE-2011-3659)\n\nIt was discovered that memory corruption could occur during the decoding of \nOgg Vorbis files. If the user were tricked into opening a specially crafted \nfile, an attacker could exploit this to cause a denial of service via \napplication crash, or potentially execute code with the privileges of the \nuser invoking Thunderbird. (CVE-2012-0444)\n\nNicolas Gregoire and Aki Helin discovered that when processing a malformed \nembedded XSLT stylesheet, Thunderbird can crash due to memory corruption. \nIf the user were tricked into opening a specially crafted page, an attacker \ncould exploit this to cause a denial of service via application crash, or \npotentially execute code with the privileges of the user invoking \nThunderbird. (CVE-2012-0449)\n\nGregory Fleischer discovered that requests using IPv6 hostname syntax \nthrough certain proxies might generate errors. An attacker might be able to \nuse this to read sensitive data from the error messages. (CVE-2011-3670)", "edition": 5, "modified": "2012-02-08T00:00:00", "published": "2012-02-08T00:00:00", "id": "USN-1350-1", "href": "https://ubuntu.com/security/notices/USN-1350-1", "title": "Thunderbird vulnerabilities", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-09T19:46:52", "bulletinFamily": "unix", "cvelist": ["CVE-2012-0442", "CVE-2011-3659", "CVE-2012-0449", "CVE-2012-0444", "CVE-2011-3670"], "description": "Jesse Ruderman and Bob Clary discovered memory safety issues affecting the \nGecko Browser engine. If the user were tricked into opening a specially \ncrafted page, an attacker could exploit these to cause a denial of service \nvia application crash, or potentially execute code with the privileges of \nthe user invoking Xulrunner. (CVE-2012-0442)\n\nIt was discovered that the Gecko Browser engine did not properly handle \nnode removal in the DOM. If the user were tricked into opening a specially \ncrafted page, an attacker could exploit this to cause a denial of service \nvia application crash, or potentially execute code with the privileges of \nthe user invoking Xulrunner. (CVE-2011-3659)\n\nIt was discovered that memory corruption could occur during the decoding of \nOgg Vorbis files. If the user were tricked into opening a specially crafted \nfile, an attacker could exploit this to cause a denial of service via \napplication crash, or potentially execute code with the privileges of the \nuser invoking Xulrunner. (CVE-2012-0444)\n\nNicolas Gregoire and Aki Helin discovered that when processing a malformed \nembedded XSLT stylesheet, Xulrunner can crash due to memory corruption. If \nthe user were tricked into opening a specially crafted page, an attacker \ncould exploit this to cause a denial of service via application crash, or \npotentially execute code with the privileges of the user invoking Xulrunner. \n(CVE-2012-0449)\n\nGregory Fleischer discovered that requests using IPv6 hostname syntax \nthrough certain proxies might generate errors. An attacker might be able to \nuse this to read sensitive data from the error messages. (CVE-2011-3670)", "edition": 5, "modified": "2012-02-08T00:00:00", "published": "2012-02-08T00:00:00", "id": "USN-1353-1", "href": "https://ubuntu.com/security/notices/USN-1353-1", "title": "Xulrunnner vulnerabilities", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "suse": [{"lastseen": "2016-09-04T12:09:51", "bulletinFamily": "unix", "cvelist": ["CVE-2012-0442", "CVE-2011-3659", "CVE-2012-0449", "CVE-2012-0444", "CVE-2011-3670"], "description": "Mozilla Firefox was updated to 3.6.26 fixing bugs and\n security issues.\n\n The following security issues have been fixed by this\n update:\n\n *\n\n MFSA 2012-01: Mozilla developers identified and fixed\n several memory safety bugs in the browser engine used in\n Firefox and other Mozilla-based products. Some of these\n bugs showed evidence of memory corruption under certain\n circumstances, and we presume that with enough effort at\n least some of these could be exploited to run arbitrary\n code.\n\n In general these flaws cannot be exploited through\n email in the Thunderbird and SeaMonkey products because\n scripting is disabled, but are potentially a risk in\n browser or browser-like contexts in those products.\n References\n\n *\n\n CVE-2012-0442: Jesse Ruderman and Bob Clary reported\n memory safety problems that were fixed in both Firefox 10\n and Firefox 3.6.26.\n\n *\n\n MFSA 2012-02/CVE-2011-3670: For historical reasons\n Firefox has been generous in its interpretation of web\n addresses containing square brackets around the host. If\n this host was not a valid IPv6 literal address, Firefox\n attempted to interpret the host as a regular domain name.\n Gregory Fleischer reported that requests made using IPv6\n syntax using XMLHttpRequest objects through a proxy may\n generate errors depending on proxy configuration for IPv6.\n The resulting error messages from the proxy may disclose\n sensitive data because Same-Origin Policy (SOP) will allow\n the XMLHttpRequest object to read these error messages,\n allowing user privacy to be eroded. Firefox now enforces\n RFC 3986 IPv6 literal syntax and that may break links\n written using the non-standard Firefox-only forms that were\n previously accepted.\n\n This was fixed previously for Firefox 7.0,\n Thunderbird 7.0, and SeaMonkey 2.4 but only fixed in\n Firefox 3.6.26 and Thunderbird 3.1.18 during 2012.\n\n *\n\n MFSA 2012-04/CVE-2011-3659: Security researcher\n regenrecht reported via TippingPoint's Zero Day Initiative\n that removed child nodes of nsDOMAttribute can be accessed\n under certain circumstances because of a premature\n notification of AttributeChildRemoved. This use-after-free\n of the child nodes could possibly allow for for remote code\n execution.\n\n *\n\n MFSA 2012-07/CVE-2012-0444: Security researcher\n regenrecht reported via TippingPoint's Zero Day Initiative\n the possibility of memory corruption during the decoding of\n Ogg Vorbis files. This can cause a crash during decoding\n and has the potential for remote code execution.\n\n *\n\n MFSA 2012-08/CVE-2012-0449: Security researchers\n Nicolas Gregoire and Aki Helin independently reported that\n when processing a malformed embedded XSLT stylesheet,\n Firefox can crash due to a memory corruption. While there\n is no evidence that this is directly exploitable, there is\n a possibility of remote code execution.\n", "edition": 1, "modified": "2012-02-09T19:10:22", "published": "2012-02-09T19:10:22", "id": "SUSE-SU-2012:0221-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00007.html", "title": "Security update for Mozilla Firefox (important)", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:23:07", "bulletinFamily": "unix", "cvelist": ["CVE-2012-0442", "CVE-2011-3659", "CVE-2012-0449", "CVE-2012-0444", "CVE-2011-3670"], "description": "Mozilla XULrunner was updated to 1.9.2.26 security update,\n fixing security issues and bugs. The following security\n bugs have been fixed:\n\n *\n\n MFSA 2012-01: Mozilla developers identified and fixed\n several memory safety bugs in the browser engine used in\n Firefox and other Mozilla-based products. Some of these\n bugs showed evidence of memory corruption under certain\n circumstances, and we presume that with enough effort at\n least some of these could be exploited to run arbitrary\n code.\n\n In general these flaws cannot be exploited through\n email in the Thunderbird and SeaMonkey products because\n scripting is disabled, but are potentially a risk in\n browser or browser-like contexts in those products.\n References\n\n *\n\n CVE-2012-0442: Jesse Ruderman and Bob Clary reported\n memory safety problems that were fixed in both Firefox 10\n and Firefox 3.6.26.\n\n *\n\n MFSA 2012-02/CVE-2011-3670: For historical reasons\n Firefox has been generous in its interpretation of web\n addresses containing square brackets around the host. If\n this host was not a valid IPv6 literal address, Firefox\n attempted to interpret the host as a regular domain name.\n Gregory Fleischer reported that requests made using IPv6\n syntax using XMLHttpRequest objects through a proxy may\n generate errors depending on proxy configuration for IPv6.\n The resulting error messages from the proxy may disclose\n sensitive data because Same-Origin Policy (SOP) will allow\n the XMLHttpRequest object to read these error messages,\n allowing user privacy to be eroded. Firefox now enforces\n RFC 3986 IPv6 literal syntax and that may break links\n written using the non-standard Firefox-only forms that were\n previously accepted.\n\n This was fixed previously for Firefox 7.0,\n Thunderbird 7.0, and SeaMonkey 2.4 but only fixed in\n Firefox 3.6.26 and Thunderbird 3.1.18 during 2012.\n\n *\n\n MFSA 2012-04/CVE-2011-3659: Security researcher\n regenrecht reported via TippingPoint's Zero Day Initiative\n that removed child nodes of nsDOMAttribute can be accessed\n under certain circumstances because of a premature\n notification of AttributeChildRemoved. This use-after-free\n of the child nodes could possibly allow for for remote code\n execution.\n\n *\n\n MFSA 2012-07/CVE-2012-0444: Security researcher\n regenrecht reported via TippingPoint's Zero Day Initiative\n the possibility of memory corruption during the decoding of\n Ogg Vorbis files. This can cause a crash during decoding\n and has the potential for remote code execution.\n\n *\n\n MFSA 2012-08/CVE-2012-0449: Security researchers\n Nicolas Gregoire and Aki Helin independently reported that\n when processing a malformed embedded XSLT stylesheet,\n Firefox can crash due to a memory corruption. While there\n is no evidence that this is directly exploitable, there is\n a possibility of remote code execution.\n", "edition": 1, "modified": "2012-02-09T19:07:25", "published": "2012-02-09T19:07:25", "id": "SUSE-SU-2012:0198-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00003.html", "type": "suse", "title": "Security update for Mozilla XULrunner (important)", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "redhat": [{"lastseen": "2019-08-13T18:45:46", "bulletinFamily": "unix", "cvelist": ["CVE-2011-3659", "CVE-2011-3670", "CVE-2012-0442", "CVE-2012-0444", "CVE-2012-0449"], "description": "Mozilla Firefox is an open source web browser. XULRunner provides the XUL\nRuntime environment for Mozilla Firefox.\n\nA use-after-free flaw was found in the way Firefox removed nsDOMAttribute\nchild nodes. In certain circumstances, due to the premature notification\nof AttributeChildRemoved, a malicious script could possibly use this flaw\nto cause Firefox to crash or, potentially, execute arbitrary code with the\nprivileges of the user running Firefox. (CVE-2011-3659)\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nFirefox. (CVE-2012-0442)\n\nA flaw was found in the way Firefox parsed Ogg Vorbis media files. A web\npage containing a malicious Ogg Vorbis media file could cause Firefox to\ncrash or, potentially, execute arbitrary code with the privileges of the\nuser running Firefox. (CVE-2012-0444)\n\nA flaw was found in the way Firefox parsed certain Scalable Vector Graphics\n(SVG) image files that contained eXtensible Style Sheet Language\nTransformations (XSLT). A web page containing a malicious SVG image file\ncould cause Firefox to crash or, potentially, execute arbitrary code with\nthe privileges of the user running Firefox. (CVE-2012-0449)\n\nThe same-origin policy in Firefox treated http://example.com and\nhttp://[example.com] as interchangeable. A malicious script could possibly\nuse this flaw to gain access to sensitive information (such as a client's\nIP and user e-mail address, or httpOnly cookies) that may be included in\nHTTP proxy error replies, generated in response to invalid URLs using\nsquare brackets. (CVE-2011-3670)\n\nFor technical details regarding these flaws, refer to the Mozilla security\nadvisories for Firefox 3.6.26. You can find a link to the Mozilla\nadvisories in the References section of this erratum.\n\nAll Firefox users should upgrade to these updated packages, which contain\nFirefox version 3.6.26, which corrects these issues. After installing the\nupdate, Firefox must be restarted for the changes to take effect.\n", "modified": "2018-06-06T20:24:24", "published": "2012-01-31T05:00:00", "id": "RHSA-2012:0079", "href": "https://access.redhat.com/errata/RHSA-2012:0079", "type": "redhat", "title": "(RHSA-2012:0079) Critical: firefox security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-08-31T00:07:10", "bulletinFamily": "unix", "cvelist": ["CVE-2011-3670", "CVE-2012-0442"], "description": "SeaMonkey is an open source web browser, e-mail and newsgroup client, IRC\nchat client, and HTML editor.\n\nA flaw was found in the processing of malformed web content. A web page\ncontaining malicious content could cause SeaMonkey to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nSeaMonkey. (CVE-2012-0442)\n\nThe same-origin policy in SeaMonkey treated http://example.com and\nhttp://[example.com] as interchangeable. A malicious script could possibly\nuse this flaw to gain access to sensitive information (such as a client's\nIP and user e-mail address, or httpOnly cookies) that may be included in\nHTTP proxy error replies, generated in response to invalid URLs using\nsquare brackets. (CVE-2011-3670)\n\nAll SeaMonkey users should upgrade to these updated packages, which correct\nthese issues. After installing the update, SeaMonkey must be restarted for\nthe changes to take effect.\n", "modified": "2017-09-08T11:57:47", "published": "2012-02-01T05:00:00", "id": "RHSA-2012:0084", "href": "https://access.redhat.com/errata/RHSA-2012:0084", "type": "redhat", "title": "(RHSA-2012:0084) Critical: seamonkey security update", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-08-31T00:07:29", "bulletinFamily": "unix", "cvelist": ["CVE-2011-3670", "CVE-2012-0442"], "description": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nA flaw was found in the processing of malformed content. An HTML mail\nmessage containing malicious content could cause Thunderbird to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nThunderbird. (CVE-2012-0442)\n\nThe same-origin policy in Thunderbird treated http://example.com and\nhttp://[example.com] as interchangeable. A malicious script could possibly\nuse this flaw to gain access to sensitive information (such as a client's\nIP and user e-mail address, or httpOnly cookies) that may be included in\nHTTP proxy error replies, generated in response to invalid URLs using\nsquare brackets. (CVE-2011-3670)\n\nNote: The CVE-2011-3670 issue cannot be exploited by a specially-crafted\nHTML mail message as JavaScript is disabled by default for mail messages.\nIt could be exploited another way in Thunderbird, for example, when viewing\nthe full remote content of an RSS feed.\n\nAll Thunderbird users should upgrade to this updated package, which\nresolves these issues. All running instances of Thunderbird must be\nrestarted for the update to take effect.\n", "modified": "2017-09-08T11:54:18", "published": "2012-02-01T05:00:00", "id": "RHSA-2012:0085", "href": "https://access.redhat.com/errata/RHSA-2012:0085", "type": "redhat", "title": "(RHSA-2012:0085) Critical: thunderbird security update", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "debian": [{"lastseen": "2020-11-11T13:20:26", "bulletinFamily": "unix", "cvelist": ["CVE-2012-0442", "CVE-2012-0449", "CVE-2012-0444", "CVE-2011-3670"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2400-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nFebruary 02, 2012 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : iceweasel\nVulnerability : several\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2011-3670 CVE-2012-0442 CVE-2012-0444 CVE-2012-0449 \n\nSeveral vulnerabilities have been discovered in Iceweasel, a web browser\nbased on Firefox. The included XULRunner library provides rendering \nservices for several other applications included in Debian.\n\nCVE-2011-3670\n\n Gregory Fleischer discovered that IPv6 URLs were incorrectly parsed, \n resulting in potential information disclosure.\n\nCVE-2012-0442\n\n Jesse Ruderman and Bob Clary discovered memory corruption bugs, which\n may lead to the execution of arbitrary code.\n\nCVE-2012-0444\n\n &quot;regenrecht&quot; discovered that missing input sanisiting in the Ogg Vorbis\n parser may lead to the execution of arbitrary code.\n\nCVE-2012-0449 \n\n Nicolas Gregoire and Aki Helin discovered that missing input \n sanisiting in XSLT processing may lead to the execution of arbitrary\n code.\n\nFor the oldstable distribution (lenny), this problem has been fixed in \nversion 1.9.0.19-13 of the xulrunner source package.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 3.5.16-12.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 10.0-1.\n\nWe recommend that you upgrade your iceweasel packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 11, "modified": "2012-02-02T20:09:11", "published": "2012-02-02T20:09:11", "id": "DEBIAN:DSA-2400-1:C46D2", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2012/msg00026.html", "title": "[SECURITY] [DSA 2400-1] iceweasel security update", "type": "debian", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-30T02:22:37", "bulletinFamily": "unix", "cvelist": ["CVE-2012-0442", "CVE-2012-0449", "CVE-2012-0444", "CVE-2011-3670"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2402-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nFebruary 02, 2012 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : iceape\nVulnerability : several\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2011-3670 CVE-2012-0442 CVE-2012-0444 CVE-2012-0449 \n\nSeveral vulnerabilities have been found in the Iceape internet suite, an \nunbranded version of Seamonkey:\n\nCVE-2011-3670\n\n Gregory Fleischer discovered that IPv6 URLs were incorrectly parsed, \n resulting in potential information disclosure.\n\nCVE-2012-0442\n\n Jesse Ruderman and Bob Clary discovered memory corruption bugs, which\n may lead to the execution of arbitrary code.\n\nCVE-2012-0444\n\n &quot;regenrecht&quot; discovered that missing input sanisiting in the Ogg Vorbis\n parser may lead to the execution of arbitrary code.\n\nCVE-2012-0449 \n\n Nicolas Gregoire and Aki Helin discovered that missing input \n sanisiting in XSLT processing may lead to the execution of arbitrary\n code.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 2.0.11-10.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2.0.14-10.\n\nWe recommend that you upgrade your iceape packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 2, "modified": "2012-02-02T20:12:08", "published": "2012-02-02T20:12:08", "id": "DEBIAN:DSA-2402-1:5969D", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2012/msg00027.html", "title": "[SECURITY] [DSA 2402-1] iceape security update", "type": "debian", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-11-11T13:16:04", "bulletinFamily": "unix", "cvelist": ["CVE-2012-0442", "CVE-2012-0449", "CVE-2012-0444", "CVE-2011-3670"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2406-1 security@debian.org\nhttp://www.debian.org/security/ Florian Weimer\nFebruary 09, 2012 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : icedove\nVulnerability : several\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2011-3670 CVE-2012-0442 CVE-2012-0444 CVE-2012-0449\n\nSeveral vulnerabilities have been discovered in Icedove, Debian&#x27;s\nvariant of the Mozilla Thunderbird code base.\n\nCVE-2011-3670\n\tIcedove does not not properly enforce the IPv6 literal address\n\tsyntax, which allows remote attackers to obtain sensitive\n\tinformation by making XMLHttpRequest calls through a proxy and\n\treading the error messages.\n\nCVE-2012-0442\n\tMemory corruption bugs could cause Icedove to crash or\n \tpossibly execute arbitrary code.\n\nCVE-2012-0444\n\tIcedove does not properly initialize nsChildView data\n\tstructures, which allows remote attackers to cause a denial of\n\tservice (memory corruption and application crash) or possibly\n\texecute arbitrary code via a crafted Ogg Vorbis file.\n\nCVE-2012-0449\n\tIcedove allows remote attackers to cause a denial of service\n\t(memory corruption and application crash) or possibly execute\n\tarbitrary code via a malformed XSLT stylesheet that is\n\tembedded in a document\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 3.0.11-1+squeeze7.\n\nWe recommend that you upgrade your icedove packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 3, "modified": "2012-02-09T12:08:16", "published": "2012-02-09T12:08:16", "id": "DEBIAN:DSA-2406-1:4971C", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2012/msg00033.html", "title": "[SECURITY] [DSA 2406-1] icedove security update", "type": "debian", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "freebsd": [{"lastseen": "2019-05-29T18:33:53", "bulletinFamily": "unix", "cvelist": ["CVE-2012-0442", "CVE-2012-0443", "CVE-2012-0450", "CVE-2011-3659", "CVE-2012-0446", "CVE-2012-0449", "CVE-2012-0447", "CVE-2012-0445", "CVE-2011-3670"], "description": "\nThe Mozilla Project reports:\n\nMFSA 2012-01 Miscellaneous memory safety hazards (rv:10.0/\n\t rv:1.9.2.26)\nMFSA 2012-02 Overly permissive IPv6 literal syntax\nMFSA 2012-03 iframe element exposed across domains via name\n\t attribute\nMFSA 2012-04 Child nodes from nsDOMAttribute still accessible\n\t after removal of nodes\nMFSA 2012-05 Frame scripts calling into untrusted objects bypass\n\t security checks\nMFSA 2012-06 Uninitialized memory appended when encoding icon\n\t images may cause information disclosure\nMFSA 2012-07 Potential Memory Corruption When Decoding Ogg Vorbis\n\t files\nMFSA 2012-08 Crash with malformed embedded XSLT stylesheets\nMFSA 2012-09 Firefox Recovery Key.html is saved with unsafe\n\t permission\n\n", "edition": 4, "modified": "2012-03-18T00:00:00", "published": "2012-01-31T00:00:00", "id": "0A9E2B72-4CB7-11E1-9146-14DAE9EBCF89", "href": "https://vuxml.freebsd.org/freebsd/0a9e2b72-4cb7-11e1-9146-14dae9ebcf89.html", "title": "mozilla -- multiple vulnerabilities", "type": "freebsd", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:46", "bulletinFamily": "software", "cvelist": ["CVE-2012-0442", "CVE-2012-0443", "CVE-2012-0450", "CVE-2011-3659", "CVE-2012-0446", "CVE-2012-0449", "CVE-2012-0444", "CVE-2012-0447", "CVE-2012-0445", "CVE-2011-3670"], "description": "Multiple memory corruptions, crossite access, crossite scripting, information leakage, weak permissions.", "edition": 1, "modified": "2012-02-03T00:00:00", "published": "2012-02-03T00:00:00", "id": "SECURITYVULNS:VULN:12165", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:12165", "title": "Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}