Mozilla Foundation Security Advisory 2008-17

2008-03-26T00:00:00

Description

Mozilla Foundation Security Advisory 2008-17 Title: Privacy issue with SSL Client Authentication Impact: Low Announced: March 25, 2008 Reporter: Peter Brodersen and Alexander Klink Products: Firefox, SeaMonkey Fixed in: Firefox 2.0.0.13 SeaMonkey 1.1.9 Description Peter Brodersen and Alexander Klink independently reported that the default setting for SSL Client Authentication, automatically selecting a client certificate on behalf of the user, creates a potential privacy issue for users by allowing tracking through client certificates. For users who already have certificates some real-world identity information such as an email address or name may be available to web sites depending on the purpose of the certificate and its issuer. The default preference has been changed to prompt the user each time a website requests a client certificate. Workaround Change the Certificate preference in the Options menu (Windows: Tools|Options, Mac: Firefox|Preferences, Linux: Edit|Preferences). Select the Advanced tab and Encryption sub-tab. Under the Certificates section select the option for "Ask me every time". References * https://bugzilla.mozilla.org/show_bug.cgi?id=295922 * CVE-2007-4879

{"id": "SECURITYVULNS:DOC:19519", "bulletinFamily": "software", "title": "Mozilla Foundation Security Advisory 2008-17", "description": "Mozilla Foundation Security Advisory 2008-17\r\n\r\nTitle: Privacy issue with SSL Client Authentication\r\nImpact: Low\r\nAnnounced: March 25, 2008\r\nReporter: Peter Brodersen and Alexander Klink\r\nProducts: Firefox, SeaMonkey\r\n\r\nFixed in: Firefox 2.0.0.13\r\n SeaMonkey 1.1.9\r\nDescription\r\n\r\nPeter Brodersen and Alexander Klink independently reported that the default setting for SSL Client Authentication, automatically selecting a client certificate on behalf of the user, creates a potential privacy issue for users by allowing tracking through client certificates. For users who already have certificates some real-world identity information such as an email address or name may be available to web sites depending on the purpose of the certificate and its issuer.\r\n\r\nThe default preference has been changed to prompt the user each time a website requests a client certificate.\r\nWorkaround\r\n\r\nChange the Certificate preference in the Options menu (Windows: Tools|Options, Mac: Firefox|Preferences, Linux: Edit|Preferences). Select the Advanced tab and Encryption sub-tab. Under the Certificates section select the option for "Ask me every time".\r\nReferences\r\n\r\n * https://bugzilla.mozilla.org/show_bug.cgi?id=295922\r\n * CVE-2007-4879\r\n", "published": "2008-03-26T00:00:00", "modified": "2008-03-26T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:19519", "reporter": "Securityvulns", "references": [], "cvelist": ["CVE-2007-4879"], "type": "securityvulns", "lastseen": "2018-08-31T11:10:25", "edition": 1, "viewCount": 17, "enchantments": {"score": {"value": 5.8, "vector": "NONE"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2007-4879", "CVE-2008-1580"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1532-1:C8439", "DEBIAN:DSA-1534-1:C0870", "DEBIAN:DSA-1534-2:56C6B", "DEBIAN:DSA-1535-1:5D1F2"]}, {"type": "freebsd", "idList": ["12B336C6-FE36-11DC-B09C-001C2514716C"]}, {"type": "gentoo", "idList": ["GLSA-200805-18"]}, {"type": "mozilla", "idList": ["MFSA2008-17"]}, {"type": "nessus", "idList": ["4446.PRM", "4447.PRM", "4448.PRM", "CENTOS_RHSA-2008-0207.NASL", "DEBIAN_DSA-1532.NASL", "DEBIAN_DSA-1534.NASL", "DEBIAN_DSA-1535.NASL", "FREEBSD_PKG_12B336C6FE3611DCB09C001C2514716C.NASL", "GENTOO_GLSA-200805-18.NASL", "MANDRIVA_MDVSA-2008-080.NASL", "MOZILLA_FIREFOX_20013.NASL", "ORACLELINUX_ELSA-2008-0207.NASL", "REDHAT-RHSA-2008-0207.NASL", "SEAMONKEY_119.NASL", "SUSE_MOZILLA-XULRUNNER-5163.NASL", "SUSE_MOZILLA-XULRUNNER-5164.NASL", "SUSE_MOZILLA-XULRUNNER181-5158.NASL", "SUSE_MOZILLAFIREFOX-5134.NASL", "SUSE_MOZILLAFIREFOX-5135.NASL", "SUSE_SEAMONKEY-5153.NASL", "SUSE_SEAMONKEY-5167.NASL", "UBUNTU_USN-592-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:136141256231065153", "OPENVAS:136141256231065980", "OPENVAS:1361412562310830456", "OPENVAS:136141256231090013", "OPENVAS:136141256231090014", "OPENVAS:60653", "OPENVAS:60655", "OPENVAS:60657", "OPENVAS:60680", "OPENVAS:60862", "OPENVAS:61052", "OPENVAS:65153", "OPENVAS:65980", "OPENVAS:830456", "OPENVAS:840285", "OPENVAS:850011", "OPENVAS:90013", "OPENVAS:90014"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:8838"]}, {"type": "seebug", "idList": ["SSV:3105"]}, {"type": "suse", "idList": ["SUSE-SA:2008:019"]}, {"type": "ubuntu", "idList": ["USN-592-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2007-4879"]}]}, "backreferences": {"references": [{"type": "cve", "idList": ["CVE-2007-4879"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1535-1:5D1F2"]}, {"type": "freebsd", "idList": ["12B336C6-FE36-11DC-B09C-001C2514716C"]}, {"type": "nessus", "idList": ["SUSE_MOZILLAFIREFOX-5135.NASL", "SUSE_SEAMONKEY-5167.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:136141256231065980", "OPENVAS:1361412562310830456"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:8838"]}, {"type": "ubuntu", "idList": ["USN-592-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2007-4879"]}]}, "exploitation": null, "vulnersScore": 5.8}, "affectedSoftware": [], "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1647589307, "score": 0}}

{"ubuntucve": [{"lastseen": "2021-11-22T22:01:59", "description": "Mozilla Firefox before Firefox 2.0.0.13, and SeaMonkey before 1.1.9, can\nautomatically install TLS client certificates with minimal user\ninteraction, and automatically sends these certificates when requested,\nwhich makes it easier for remote web sites to track user activities across\ndomains by requesting the TLS client certificates from other domains.", "cvss3": {}, "published": "2007-09-13T00:00:00", "type": "ubuntucve", "title": "CVE-2007-4879", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-4879"], "modified": "2007-09-13T00:00:00", "id": "UB:CVE-2007-4879", "href": "https://ubuntu.com/security/CVE-2007-4879", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "mozilla": [{"lastseen": "2021-12-29T14:15:11", "description": "Peter Brodersen and Alexander Klink independently reported that the default setting for SSL Client Authentication, automatically selecting a client certificate on behalf of the user, creates a potential privacy issue for users by allowing tracking through client certificates. For users who already have certificates some real-world identity information such as an email address or name may be available to web sites depending on the purpose of the certificate and its issuer.\n", "cvss3": {}, "published": "2008-03-25T00:00:00", "type": "mozilla", "title": "Privacy issue with SSL Client Authentication \u2014 Mozilla", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-4879"], "modified": "2008-03-25T00:00:00", "id": "MFSA2008-17", "href": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-17/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "cve": [{"lastseen": "2022-03-23T13:06:14", "description": "Mozilla Firefox before Firefox 2.0.0.13, and SeaMonkey before 1.1.9, can automatically install TLS client certificates with minimal user interaction, and automatically sends these certificates when requested, which makes it easier for remote web sites to track user activities across domains by requesting the TLS client certificates from other domains.", "cvss3": {}, "published": "2007-09-13T18:17:00", "type": "cve", "title": "CVE-2007-4879", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-4879"], "modified": "2018-10-30T16:25:00", "cpe": ["cpe:/a:mozilla:firefox:2.0.0.2", "cpe:/a:mozilla:firefox:1.0.7", "cpe:/a:mozilla:seamonkey:1.1", "cpe:/a:mozilla:seamonkey:1.0.4", "cpe:/a:mozilla:firefox:1.0.1", "cpe:/a:mozilla:firefox:1.5.0.6", "cpe:/a:mozilla:firefox:0.9.2", "cpe:/a:mozilla:firefox:0.10.1", "cpe:/a:mozilla:seamonkey:1.1.5", "cpe:/a:mozilla:firefox:2.0.0.9", "cpe:/a:mozilla:seamonkey:1.0", "cpe:/a:mozilla:firefox:0.4", "cpe:/a:mozilla:seamonkey:1.1.1", "cpe:/a:mozilla:firefox:1.5.0.12", "cpe:/a:mozilla:firefox:0.7.1", "cpe:/a:mozilla:seamonkey:1.0.1", "cpe:/a:mozilla:firefox:0.5", "cpe:/a:mozilla:seamonkey:1.1.2", "cpe:/a:mozilla:firefox:1.5.0.1", "cpe:/a:mozilla:firefox:2.0.0.3", "cpe:/a:mozilla:firefox:0.2", "cpe:/a:mozilla:firefox:1.5.7", "cpe:/a:mozilla:firefox:1.5.1", "cpe:/a:mozilla:seamonkey:1.1.8", "cpe:/a:mozilla:seamonkey:1.0.5", "cpe:/a:mozilla:firefox:0.6", "cpe:/a:mozilla:firefox:2.0", "cpe:/a:mozilla:firefox:2.0.0.10", "cpe:/a:mozilla:firefox:1.5.4", "cpe:/a:mozilla:seamonkey:1.0.7", "cpe:/a:mozilla:firefox:2.0.0.4", "cpe:/a:mozilla:firefox:0.9.1", "cpe:/a:mozilla:firefox:1.0.5", "cpe:/a:mozilla:firefox:1.8", "cpe:/a:mozilla:firefox:1.5.0.8", "cpe:/a:mozilla:seamonkey:1.0.3", "cpe:/a:mozilla:firefox:1.5.5", "cpe:/a:mozilla:firefox:1.5.0.5", "cpe:/a:mozilla:firefox:1.5.6", "cpe:/a:mozilla:firefox:0.9.3", "cpe:/a:mozilla:firefox:1.5.8", "cpe:/a:mozilla:firefox:2.0.0.8", "cpe:/a:mozilla:seamonkey:1.1.6", "cpe:/a:mozilla:seamonkey:1.0.9", "cpe:/a:mozilla:firefox:1.5.0.2", "cpe:/a:mozilla:seamonkey:1.0.2", "cpe:/a:mozilla:seamonkey:1.0.6", "cpe:/a:mozilla:firefox:0.9", "cpe:/a:mozilla:firefox:2.0.0.1", "cpe:/a:mozilla:seamonkey:1.1.7", "cpe:/a:mozilla:firefox:1.4.1", "cpe:/a:mozilla:firefox:0.3", "cpe:/a:mozilla:firefox:1.0.2", "cpe:/a:mozilla:firefox:1.5", "cpe:/a:mozilla:firefox:1.5.2", "cpe:/a:mozilla:firefox:1.5.0.10", "cpe:/a:mozilla:firefox:1.5.0.11", "cpe:/a:mozilla:firefox:1.0.3", "cpe:/a:mozilla:firefox:0.7", "cpe:/a:mozilla:firefox:1.5.0.4", "cpe:/a:mozilla:firefox:1.0.6", "cpe:/a:mozilla:firefox:2.0.0.11", "cpe:/a:mozilla:firefox:2.0.0.5", "cpe:/a:mozilla:seamonkey:1.0.8", "cpe:/a:mozilla:seamonkey:1.1.3", "cpe:/a:mozilla:firefox:2.0.0.6", "cpe:/a:mozilla:firefox:2.0.0.12", "cpe:/a:mozilla:firefox:1.0.8", "cpe:/a:mozilla:firefox:1.0.4", "cpe:/a:mozilla:firefox:1.5.0.9", "cpe:/a:mozilla:firefox:0.10", "cpe:/a:mozilla:firefox:0.1", "cpe:/a:mozilla:firefox:1.5.0.7", "cpe:/a:mozilla:firefox:1.5.0.3", "cpe:/a:mozilla:firefox:1.5.3", "cpe:/a:mozilla:firefox:0.8", "cpe:/a:mozilla:firefox:1.0", "cpe:/a:mozilla:firefox:0.6.1", "cpe:/a:mozilla:firefox:2.0.0.7", "cpe:/a:mozilla:seamonkey:1.1.4"], "id": "CVE-2007-4879", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-4879", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:mozilla:firefox:1.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.10.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.0:preview_release:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.9:rc:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1:alpha:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0:alpha:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1:beta:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0:beta:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.8:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T11:58:37", "description": "CFNetwork in Safari in Apple Mac OS X before 10.5.3 automatically sends an SSL client certificate in response to a web server's certificate request, which allows remote web sites to obtain sensitive information (Subject data) from personally identifiable certificates, and use arbitrary certificates to track user activities across domains, a related issue to CVE-2007-4879.", "cvss3": {}, "published": "2008-06-02T21:30:00", "type": "cve", "title": "CVE-2008-1580", "cwe": ["CWE-200"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-4879", "CVE-2008-1580"], "modified": "2017-08-08T01:30:00", "cpe": ["cpe:/a:apple:safari:*"], "id": "CVE-2008-1580", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-1580", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*"]}], "nessus": [{"lastseen": "2021-08-19T13:10:53", "description": "The Mozilla Foundation reports of multiple security issues in Firefox, SeaMonkey, and Thunderbird. Several of these issues can probably be used to run arbitrary code with the privilege of the user running the program.\n\n- MFSA 2008-19 XUL popup spoofing variant (cross-tab popups)\n\n- MFSA 2008-18 Java socket connection to any local port via LiveConnect\n\n- MFSA 2008-17 Privacy issue with SSL Client Authentication\n\n- MFSA 2008-16 HTTP Referrer spoofing with malformed URLs\n\n- MFSA 2008-15 Crashes with evidence of memory corruption (rv:1.8.1.13)\n\n- MFSA 2008-14 JavaScript privilege escalation and arbitrary code execution", "cvss3": {"score": null, "vector": null}, "published": "2008-03-31T00:00:00", "type": "nessus", "title": "FreeBSD : mozilla -- multiple vulnerabilities (12b336c6-fe36-11dc-b09c-001c2514716c)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-4879", "CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1236", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1240", "CVE-2008-1241"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:firefox", "p-cpe:/a:freebsd:freebsd:flock", "p-cpe:/a:freebsd:freebsd:linux-firefox", "p-cpe:/a:freebsd:freebsd:linux-firefox-devel", "p-cpe:/a:freebsd:freebsd:linux-flock", "p-cpe:/a:freebsd:freebsd:linux-seamonkey", "p-cpe:/a:freebsd:freebsd:linux-seamonkey-devel", "p-cpe:/a:freebsd:freebsd:linux-thunderbird", "p-cpe:/a:freebsd:freebsd:seamonkey", "p-cpe:/a:freebsd:freebsd:thunderbird", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_12B336C6FE3611DCB09C001C2514716C.NASL", "href": "https://www.tenable.com/plugins/nessus/31714", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(31714);\n script_version(\"1.23\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2007-4879\", \"CVE-2008-1233\", \"CVE-2008-1234\", \"CVE-2008-1235\", \"CVE-2008-1236\", \"CVE-2008-1237\", \"CVE-2008-1238\", \"CVE-2008-1240\", \"CVE-2008-1241\");\n script_bugtraq_id(28448);\n\n script_name(english:\"FreeBSD : mozilla -- multiple vulnerabilities (12b336c6-fe36-11dc-b09c-001c2514716c)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Mozilla Foundation reports of multiple security issues in Firefox,\nSeaMonkey, and Thunderbird. Several of these issues can probably be\nused to run arbitrary code with the privilege of the user running the\nprogram.\n\n- MFSA 2008-19 XUL popup spoofing variant (cross-tab popups)\n\n- MFSA 2008-18 Java socket connection to any local port via\nLiveConnect\n\n- MFSA 2008-17 Privacy issue with SSL Client Authentication\n\n- MFSA 2008-16 HTTP Referrer spoofing with malformed URLs\n\n- MFSA 2008-15 Crashes with evidence of memory corruption\n(rv:1.8.1.13)\n\n- MFSA 2008-14 JavaScript privilege escalation and arbitrary code\nexecution\"\n );\n # https://vuxml.freebsd.org/freebsd/12b336c6-fe36-11dc-b09c-001c2514716c.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?fe5374e1\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(59, 79, 94, 287, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:flock\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-firefox-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-flock\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-seamonkey\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-seamonkey-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:seamonkey\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/03/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/03/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/03/31\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"firefox<2.0.0.13,1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"linux-firefox<2.0.0.13\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"linux-firefox-devel<2.0.0.13\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"seamonkey<1.1.9\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"linux-seamonkey<1.1.9\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"flock<1.1.1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"linux-flock<1.1.1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"linux-seamonkey-devel>0\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"thunderbird<2.0.0.14\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"linux-thunderbird<2.0.0.14\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:10:44", "description": "The installed version of Thunderbird is missing a critical patch. The vendor has released a patch that addresses a number of remote vulnerabilities. ", "cvss3": {"score": 7.3, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}, "published": "2008-03-26T00:00:00", "type": "nessus", "title": "Mozilla Thunderbird < 2.0.0.13 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1236", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1241", "CVE-2007-4879", "CVE-2008-1240"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*"], "id": "4446.PRM", "href": "https://www.tenable.com/plugins/nnm/4446", "sourceData": "Binary data 4446.prm", "cvss": {"score": 7.5, "vector": "CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:54:05", "description": "From Red Hat Security Advisory 2008:0207 :\n\nUpdated firefox packages that fix several security bugs are now available for Red Hat Enterprise Linux 4 and 5.\n\nThis update has been rated as having critical security impact by the Red Hat Security Response Team.\n\nMozilla Firefox is an open source Web browser.\n\nSeveral flaws were found in the processing of some malformed web content. A web page containing such malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the user running Firefox. (CVE-2008-1233, CVE-2008-1235, CVE-2008-1236, CVE-2008-1237)\n\nSeveral flaws were found in the display of malformed web content. A web page containing specially crafted content could, potentially, trick a Firefox user into surrendering sensitive information.\n(CVE-2008-1234, CVE-2008-1238, CVE-2008-1241)\n\nAll Firefox users should upgrade to these updated packages, which contain backported patches that correct these issues.", "cvss3": {"score": null, "vector": null}, "published": "2013-07-12T00:00:00", "type": "nessus", "title": "Oracle Linux 4 / 5 : firefox (ELSA-2008-0207)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-4879", "CVE-2008-1195", "CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1236", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1240", "CVE-2008-1241"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:firefox", "p-cpe:/a:oracle:linux:firefox-devel", "cpe:/o:oracle:linux:4", "cpe:/o:oracle:linux:5"], "id": "ORACLELINUX_ELSA-2008-0207.NASL", "href": "https://www.tenable.com/plugins/nessus/67675", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2008:0207 and \n# Oracle Linux Security Advisory ELSA-2008-0207 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(67675);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2007-4879\", \"CVE-2008-1195\", \"CVE-2008-1233\", \"CVE-2008-1234\", \"CVE-2008-1235\", \"CVE-2008-1236\", \"CVE-2008-1237\", \"CVE-2008-1238\", \"CVE-2008-1240\", \"CVE-2008-1241\");\n script_bugtraq_id(28448);\n script_xref(name:\"RHSA\", value:\"2008:0207\");\n\n script_name(english:\"Oracle Linux 4 / 5 : firefox (ELSA-2008-0207)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2008:0207 :\n\nUpdated firefox packages that fix several security bugs are now\navailable for Red Hat Enterprise Linux 4 and 5.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nMozilla Firefox is an open source Web browser.\n\nSeveral flaws were found in the processing of some malformed web\ncontent. A web page containing such malicious content could cause\nFirefox to crash or, potentially, execute arbitrary code as the user\nrunning Firefox. (CVE-2008-1233, CVE-2008-1235, CVE-2008-1236,\nCVE-2008-1237)\n\nSeveral flaws were found in the display of malformed web content. A\nweb page containing specially crafted content could, potentially,\ntrick a Firefox user into surrendering sensitive information.\n(CVE-2008-1234, CVE-2008-1238, CVE-2008-1241)\n\nAll Firefox users should upgrade to these updated packages, which\ncontain backported patches that correct these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2008-March/000551.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2008-March/000552.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected firefox packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(59, 79, 94, 287, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:firefox-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/09/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/03/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 4 / 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"firefox-1.5.0.12-0.14.el4.0.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"firefox-1.5.0.12-0.14.el4.0.1\")) flag++;\n\nif (rpm_check(release:\"EL5\", reference:\"firefox-1.5.0.12-14.el5_1.0.1\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"firefox-devel-1.5.0.12-14.el5_1.0.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox / firefox-devel\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:10:54", "description": "This update brings Mozilla Firefox to security update version 2.0.0.13\n\nFollowing security problems were fixed :\n\n - MFSA 2008-19/CVE-2008-1241: XUL popup spoofing variant (cross-tab popups)\n\n - MFSA 2008-18/CVE-2008-1195 and CVE-2008-1240: Java socket connection to any local port via LiveConnect\n\n - MFSA 2008-17/CVE-2007-4879: Privacy issue with SSL Client Authentication\n\n - MFSA 2008-16/CVE-2008-1238: HTTP Referrer spoofing with malformed URLs\n\n - MFSA 2008-15/CVE-2008-1236 and CVE-2008-1237: Crashes with evidence of memory corruption (rv:1.8.1.13)\n\n - MFSA 2008-14/CVE-2008-1233, CVE-2008-1234, and CVE-2008-1235: JavaScript privilege escalation and arbitrary code execution.", "cvss3": {"score": null, "vector": null}, "published": "2008-03-31T00:00:00", "type": "nessus", "title": "openSUSE 10 Security Update : MozillaFirefox (MozillaFirefox-5135)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-4879", "CVE-2008-1195", "CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1236", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1240", "CVE-2008-1241"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:MozillaFirefox", "p-cpe:/a:novell:opensuse:MozillaFirefox-translations", "cpe:/o:novell:opensuse:10.1", "cpe:/o:novell:opensuse:10.2", "cpe:/o:novell:opensuse:10.3"], "id": "SUSE_MOZILLAFIREFOX-5135.NASL", "href": "https://www.tenable.com/plugins/nessus/31715", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update MozillaFirefox-5135.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(31715);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2007-4879\", \"CVE-2008-1195\", \"CVE-2008-1233\", \"CVE-2008-1234\", \"CVE-2008-1235\", \"CVE-2008-1236\", \"CVE-2008-1237\", \"CVE-2008-1238\", \"CVE-2008-1240\", \"CVE-2008-1241\");\n\n script_name(english:\"openSUSE 10 Security Update : MozillaFirefox (MozillaFirefox-5135)\");\n script_summary(english:\"Check for the MozillaFirefox-5135 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update brings Mozilla Firefox to security update version 2.0.0.13\n\nFollowing security problems were fixed :\n\n - MFSA 2008-19/CVE-2008-1241: XUL popup spoofing variant\n (cross-tab popups)\n\n - MFSA 2008-18/CVE-2008-1195 and CVE-2008-1240: Java\n socket connection to any local port via LiveConnect\n\n - MFSA 2008-17/CVE-2007-4879: Privacy issue with SSL\n Client Authentication\n\n - MFSA 2008-16/CVE-2008-1238: HTTP Referrer spoofing with\n malformed URLs\n\n - MFSA 2008-15/CVE-2008-1236 and CVE-2008-1237: Crashes\n with evidence of memory corruption (rv:1.8.1.13)\n\n - MFSA 2008-14/CVE-2008-1233, CVE-2008-1234, and\n CVE-2008-1235: JavaScript privilege escalation and\n arbitrary code execution.\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected MozillaFirefox packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(59, 79, 94, 287, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-translations\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/03/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/03/31\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.1|SUSE10\\.2|SUSE10\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.1 / 10.2 / 10.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.1\", reference:\"MozillaFirefox-2.0.0.13-0.2\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"MozillaFirefox-translations-2.0.0.13-0.2\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"MozillaFirefox-2.0.0.13-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"MozillaFirefox-translations-2.0.0.13-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"MozillaFirefox-2.0.0.13-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"MozillaFirefox-translations-2.0.0.13-0.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MozillaFirefox\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:10:55", "description": "This update fixes security issues also fixes in the Mozilla Firefox 2.0.0.13 update round.\n\nFollowing security problems were fixed :\n\n - XUL popup spoofing variant (cross-tab popups). (MFSA 2008-19 / CVE-2008-1241)\n\n - Java socket connection to any local port via LiveConnect. (MFSA 2008-18 / CVE-2008-1195 / CVE-2008-1240)\n\n - Privacy issue with SSL Client Authentication. (MFSA 2008-17 / CVE-2007-4879)\n\n - HTTP Referrer spoofing with malformed URLs. (MFSA 2008-16 / CVE-2008-1238)\n\n - Crashes with evidence of memory corruption (rv:1.8.1.13). (MFSA 2008-15 / CVE-2008-1236 / CVE-2008-1237)\n\n - JavaScript privilege escalation and arbitrary code execution. (MFSA 2008-14 / CVE-2008-1233 / CVE-2008-1234 / CVE-2008-1235)", "cvss3": {"score": null, "vector": null}, "published": "2008-04-18T00:00:00", "type": "nessus", "title": "SuSE 10 Security Update : epiphany (ZYPP Patch Number 5164)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-4879", "CVE-2008-1195", "CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1236", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1240", "CVE-2008-1241"], "modified": "2021-01-14T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_MOZILLA-XULRUNNER-5164.NASL", "href": "https://www.tenable.com/plugins/nessus/31991", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(31991);\n script_version(\"1.21\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2007-4879\", \"CVE-2008-1195\", \"CVE-2008-1233\", \"CVE-2008-1234\", \"CVE-2008-1235\", \"CVE-2008-1236\", \"CVE-2008-1237\", \"CVE-2008-1238\", \"CVE-2008-1240\", \"CVE-2008-1241\");\n\n script_name(english:\"SuSE 10 Security Update : epiphany (ZYPP Patch Number 5164)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes security issues also fixes in the Mozilla Firefox\n2.0.0.13 update round.\n\nFollowing security problems were fixed :\n\n - XUL popup spoofing variant (cross-tab popups). (MFSA\n 2008-19 / CVE-2008-1241)\n\n - Java socket connection to any local port via\n LiveConnect. (MFSA 2008-18 / CVE-2008-1195 /\n CVE-2008-1240)\n\n - Privacy issue with SSL Client Authentication. (MFSA\n 2008-17 / CVE-2007-4879)\n\n - HTTP Referrer spoofing with malformed URLs. (MFSA\n 2008-16 / CVE-2008-1238)\n\n - Crashes with evidence of memory corruption\n (rv:1.8.1.13). (MFSA 2008-15 / CVE-2008-1236 /\n CVE-2008-1237)\n\n - JavaScript privilege escalation and arbitrary code\n execution. (MFSA 2008-14 / CVE-2008-1233 / CVE-2008-1234\n / CVE-2008-1235)\"\n );\n # http://www.mozilla.org/security/announce/2008/mfsa2008-14.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2008-14/\"\n );\n # http://www.mozilla.org/security/announce/2008/mfsa2008-15.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2008-15/\"\n );\n # http://www.mozilla.org/security/announce/2008/mfsa2008-16.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2008-16/\"\n );\n # http://www.mozilla.org/security/announce/2008/mfsa2008-17.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2008-17/\"\n );\n # http://www.mozilla.org/security/announce/2008/mfsa2008-18.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2008-18/\"\n );\n # http://www.mozilla.org/security/announce/2008/mfsa2008-19.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2008-19/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2007-4879.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-1195.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-1233.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-1234.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-1235.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-1236.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-1237.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-1238.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-1240.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-1241.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 5164.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(59, 79, 94, 287, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/09/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/04/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/04/18\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:1, reference:\"epiphany-1.8.5-14.6\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:1, reference:\"epiphany-devel-1.8.5-14.6\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:1, reference:\"epiphany-doc-1.8.5-14.6\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:1, reference:\"gecko-sdk-1.8.0.14eol-0.5\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:1, reference:\"mozilla-xulrunner-1.8.0.14eol-0.5\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:1, cpu:\"x86_64\", reference:\"mozilla-xulrunner-32bit-1.8.0.14eol-0.5\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"mozilla-xulrunner-1.8.0.14eol-0.5\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, cpu:\"x86_64\", reference:\"mozilla-xulrunner-32bit-1.8.0.14eol-0.5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:10:55", "description": "The installed version of SeaMonkey is affected by various security issues :\n\n - A series of vulnerabilities that allow for JavaScript privilege escalation and arbitrary code execution.\n\n - Several stability bugs leading to crashes which, in some cases, show traces of memory corruption.\n\n - An HTTP Referer spoofing issue with malformed URLs.\n\n - A privacy issue with SSL client authentication.\n\n - Web content fetched via the 'jar:' protocol can use Java via LiveConnect to open socket connections to arbitrary ports on the localhost.\n\n - It is possible to have a background tab create a border-less XUL pop-up in front of the active tab in the user's browser.", "cvss3": {"score": null, "vector": null}, "published": "2008-03-26T00:00:00", "type": "nessus", "title": "SeaMonkey < 1.1.9 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-4879", "CVE-2008-1195", "CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1236", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1240", "CVE-2008-1241"], "modified": "2018-07-27T00:00:00", "cpe": ["cpe:/a:mozilla:seamonkey"], "id": "SEAMONKEY_119.NASL", "href": "https://www.tenable.com/plugins/nessus/31653", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(31653);\n script_version(\"1.14\");\n\n script_cve_id(\"CVE-2007-4879\", \"CVE-2008-1195\", \"CVE-2008-1233\", \"CVE-2008-1234\",\n \"CVE-2008-1235\", \"CVE-2008-1236\", \"CVE-2008-1237\", \"CVE-2008-1238\",\n \"CVE-2008-1240\", \"CVE-2008-1241\");\n script_bugtraq_id(28448);\n\n script_name(english:\"SeaMonkey < 1.1.9 Multiple Vulnerabilities\");\n script_summary(english:\"Checks version of SeaMonkey\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser on the remote host is affected by multiple\nvulnerabilities.\" );\n script_set_attribute(attribute:\"description\", value:\n\"The installed version of SeaMonkey is affected by various security\nissues :\n\n - A series of vulnerabilities that allow for JavaScript \n privilege escalation and arbitrary code execution.\n\n - Several stability bugs leading to crashes which, in\n some cases, show traces of memory corruption.\n\n - An HTTP Referer spoofing issue with malformed URLs.\n\n - A privacy issue with SSL client authentication.\n\n - Web content fetched via the 'jar:' protocol can use \n Java via LiveConnect to open socket connections to \n arbitrary ports on the localhost.\n\n - It is possible to have a background tab create a \n border-less XUL pop-up in front of the active tab \n in the user's browser.\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2008-14/\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2008-15/\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2008-16/\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2008-17/\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2008-18/\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2008-19/\" );\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to SeaMonkey 1.1.9 or later.\" );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(59, 79, 94, 287, 399);\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2008/03/26\");\n script_set_attribute(attribute:\"vuln_publication_date\", value: \"2007/09/08\");\n script_cvs_date(\"Date: 2018/07/27 18:38:15\");\nscript_set_attribute(attribute:\"plugin_type\", value:\"local\");\nscript_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:seamonkey\");\nscript_end_attributes();\n\n \n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n \n script_copyright(english:\"This script is Copyright (C) 2008-2018 Tenable Network Security, Inc.\");\n \n script_dependencies(\"mozilla_org_installed.nasl\");\n script_require_keys(\"SeaMonkey/Version\");\n\n exit(0);\n}\n\ninclude(\"mozilla_version.inc\");\nport = get_kb_item(\"SMB/transport\");\nif (!port) port = 445;\n\ninstalls = get_kb_list(\"SMB/SeaMonkey/*\");\nif (isnull(installs)) audit(AUDIT_NOT_INST, \"SeaMonkey\");\n\nmozilla_check_version(installs:installs, product:'seamonkey', fix:'1.1.9', severity:SECURITY_HOLE);", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:10:52", "description": "Updated firefox packages that fix several security bugs are now available for Red Hat Enterprise Linux 4 and 5.\n\nThis update has been rated as having critical security impact by the Red Hat Security Response Team.\n\nMozilla Firefox is an open source Web browser.\n\nSeveral flaws were found in the processing of some malformed web content. A web page containing such malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the user running Firefox. (CVE-2008-1233, CVE-2008-1235, CVE-2008-1236, CVE-2008-1237)\n\nSeveral flaws were found in the display of malformed web content. A web page containing specially crafted content could, potentially, trick a Firefox user into surrendering sensitive information.\n(CVE-2008-1234, CVE-2008-1238, CVE-2008-1241)\n\nAll Firefox users should upgrade to these updated packages, which contain backported patches that correct these issues.", "cvss3": {"score": null, "vector": null}, "published": "2008-03-28T00:00:00", "type": "nessus", "title": "CentOS 4 / 5 : firefox (CESA-2008:0207)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-4879", "CVE-2008-1195", "CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1236", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1240", "CVE-2008-1241"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:firefox", "p-cpe:/a:centos:centos:firefox-devel", "cpe:/o:centos:centos:4", "cpe:/o:centos:centos:5"], "id": "CENTOS_RHSA-2008-0207.NASL", "href": "https://www.tenable.com/plugins/nessus/31684", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2008:0207 and \n# CentOS Errata and Security Advisory 2008:0207 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(31684);\n script_version(\"1.22\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2007-4879\", \"CVE-2008-1195\", \"CVE-2008-1233\", \"CVE-2008-1234\", \"CVE-2008-1235\", \"CVE-2008-1236\", \"CVE-2008-1237\", \"CVE-2008-1238\", \"CVE-2008-1240\", \"CVE-2008-1241\");\n script_bugtraq_id(28448);\n script_xref(name:\"RHSA\", value:\"2008:0207\");\n\n script_name(english:\"CentOS 4 / 5 : firefox (CESA-2008:0207)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated firefox packages that fix several security bugs are now\navailable for Red Hat Enterprise Linux 4 and 5.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nMozilla Firefox is an open source Web browser.\n\nSeveral flaws were found in the processing of some malformed web\ncontent. A web page containing such malicious content could cause\nFirefox to crash or, potentially, execute arbitrary code as the user\nrunning Firefox. (CVE-2008-1233, CVE-2008-1235, CVE-2008-1236,\nCVE-2008-1237)\n\nSeveral flaws were found in the display of malformed web content. A\nweb page containing specially crafted content could, potentially,\ntrick a Firefox user into surrendering sensitive information.\n(CVE-2008-1234, CVE-2008-1238, CVE-2008-1241)\n\nAll Firefox users should upgrade to these updated packages, which\ncontain backported patches that correct these issues.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2008-March/014778.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?87724df8\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2008-March/014779.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?91e68892\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2008-March/014782.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3bd21e71\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2008-March/014783.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a6c5c810\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2008-March/014790.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d90b5be6\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected firefox packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(59, 79, 94, 287, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:firefox-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/09/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/03/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/03/28\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 4.x / 5.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-4\", reference:\"firefox-1.5.0.12-0.14.el4.centos\")) flag++;\n\nif (rpm_check(release:\"CentOS-5\", reference:\"firefox-1.5.0.12-14.el5.centos\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"firefox-devel-1.5.0.12-14.el5.centos\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox / firefox-devel\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:10:53", "description": "This update brings the Mozilla XULRunner engine to security update version level 1.1.9\n\nFollowing security problems were fixed :\n\n - MFSA 2008-19/CVE-2008-1241: XUL popup spoofing variant (cross-tab popups)\n\n - MFSA 2008-18/CVE-2008-1195 and CVE-2008-1240: Java socket connection to any local port via LiveConnect\n\n - MFSA 2008-17/CVE-2007-4879: Privacy issue with SSL Client Authentication\n\n - MFSA 2008-16/CVE-2008-1238: HTTP Referrer spoofing with malformed URLs\n\n - MFSA 2008-15/CVE-2008-1236 and CVE-2008-1237: Crashes with evidence of memory corruption (rv:1.8.1.13)\n\n - MFSA 2008-14/CVE-2008-1233, CVE-2008-1234, and CVE-2008-1235: JavaScript privilege escalation and arbitrary code execution.", "cvss3": {"score": null, "vector": null}, "published": "2008-04-22T00:00:00", "type": "nessus", "title": "openSUSE 10 Security Update : mozilla-xulrunner (mozilla-xulrunner-5163)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-4879", "CVE-2008-1195", "CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1236", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1240", "CVE-2008-1241"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:epiphany", "p-cpe:/a:novell:opensuse:epiphany-devel", "p-cpe:/a:novell:opensuse:gecko-sdk", "p-cpe:/a:novell:opensuse:mozilla-xulrunner", "p-cpe:/a:novell:opensuse:mozilla-xulrunner-32bit", "cpe:/o:novell:opensuse:10.1"], "id": "SUSE_MOZILLA-XULRUNNER-5163.NASL", "href": "https://www.tenable.com/plugins/nessus/32025", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update mozilla-xulrunner-5163.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(32025);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2007-4879\", \"CVE-2008-1195\", \"CVE-2008-1233\", \"CVE-2008-1234\", \"CVE-2008-1235\", \"CVE-2008-1236\", \"CVE-2008-1237\", \"CVE-2008-1238\", \"CVE-2008-1240\", \"CVE-2008-1241\");\n\n script_name(english:\"openSUSE 10 Security Update : mozilla-xulrunner (mozilla-xulrunner-5163)\");\n script_summary(english:\"Check for the mozilla-xulrunner-5163 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update brings the Mozilla XULRunner engine to security update\nversion level 1.1.9\n\nFollowing security problems were fixed :\n\n - MFSA 2008-19/CVE-2008-1241: XUL popup spoofing variant\n (cross-tab popups)\n\n - MFSA 2008-18/CVE-2008-1195 and CVE-2008-1240: Java\n socket connection to any local port via LiveConnect\n\n - MFSA 2008-17/CVE-2007-4879: Privacy issue with SSL\n Client Authentication\n\n - MFSA 2008-16/CVE-2008-1238: HTTP Referrer spoofing with\n malformed URLs\n\n - MFSA 2008-15/CVE-2008-1236 and CVE-2008-1237: Crashes\n with evidence of memory corruption (rv:1.8.1.13)\n\n - MFSA 2008-14/CVE-2008-1233, CVE-2008-1234, and\n CVE-2008-1235: JavaScript privilege escalation and\n arbitrary code execution.\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mozilla-xulrunner packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(59, 79, 94, 287, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:epiphany\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:epiphany-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gecko-sdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/04/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/04/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.1\", reference:\"epiphany-1.8.5-14.6\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"epiphany-devel-1.8.5-14.6\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"gecko-sdk-1.8.0.14eol-0.5\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"mozilla-xulrunner-1.8.0.14eol-0.5\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", cpu:\"x86_64\", reference:\"mozilla-xulrunner-32bit-1.8.0.14eol-0.5\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"epiphany / epiphany-devel / gecko-sdk / mozilla-xulrunner / etc\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:08:41", "description": "A number of security vulnerabilities have been discovered and corrected in the latest Mozilla Firefox program, version 2.0.0.13.\n\nThis update provides the latest Firefox to correct these issues.", "cvss3": {"score": null, "vector": null}, "published": "2009-04-23T00:00:00", "type": "nessus", "title": "Mandriva Linux Security Advisory : mozilla-firefox (MDVSA-2008:080)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-4879", "CVE-2008-1195", "CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1236", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1240", "CVE-2008-1241"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:deskbar-applet", "p-cpe:/a:mandriva:linux:devhelp", "p-cpe:/a:mandriva:linux:devhelp-plugins", "p-cpe:/a:mandriva:linux:eclipse-cvs-client", "p-cpe:/a:mandriva:linux:eclipse-ecj", "p-cpe:/a:mandriva:linux:eclipse-jdt", "p-cpe:/a:mandriva:linux:eclipse-jdt-sdk", "p-cpe:/a:mandriva:linux:eclipse-pde", "p-cpe:/a:mandriva:linux:eclipse-pde-runtime", "p-cpe:/a:mandriva:linux:eclipse-pde-sdk", "p-cpe:/a:mandriva:linux:eclipse-platform", "p-cpe:/a:mandriva:linux:eclipse-platform-sdk", "p-cpe:/a:mandriva:linux:eclipse-rcp", "p-cpe:/a:mandriva:linux:eclipse-rcp-sdk", "p-cpe:/a:mandriva:linux:eclipse-sdk", "p-cpe:/a:mandriva:linux:epiphany", "p-cpe:/a:mandriva:linux:epiphany-devel", "p-cpe:/a:mandriva:linux:epiphany-extensions", "p-cpe:/a:mandriva:linux:galeon", "p-cpe:/a:mandriva:linux:gnome-python-extras", "p-cpe:/a:mandriva:linux:gnome-python-gda", "p-cpe:/a:mandriva:linux:gnome-python-gda-devel", "p-cpe:/a:mandriva:linux:gnome-python-gdl", "p-cpe:/a:mandriva:linux:gnome-python-gksu", "p-cpe:/a:mandriva:linux:gnome-python-gtkhtml2", "p-cpe:/a:mandriva:linux:gnome-python-gtkmozembed", "p-cpe:/a:mandriva:linux:gnome-python-gtkspell", "p-cpe:/a:mandriva:linux:lib64devhelp-1-devel", "p-cpe:/a:mandriva:linux:lib64devhelp-1_0", "p-cpe:/a:mandriva:linux:lib64devhelp-1_0-devel", "p-cpe:/a:mandriva:linux:lib64mozilla-firefox-devel", "p-cpe:/a:mandriva:linux:lib64mozilla-firefox2.0.0.13", "p-cpe:/a:mandriva:linux:lib64totem-plparser-devel", "p-cpe:/a:mandriva:linux:lib64totem-plparser1", "p-cpe:/a:mandriva:linux:lib64totem-plparser1-devel", "p-cpe:/a:mandriva:linux:lib64totem-plparser7", "p-cpe:/a:mandriva:linux:libdevhelp-1-devel", "p-cpe:/a:mandriva:linux:libdevhelp-1_0", "p-cpe:/a:mandriva:linux:libdevhelp-1_0-devel", "p-cpe:/a:mandriva:linux:libmozilla-firefox-devel", "p-cpe:/a:mandriva:linux:libmozilla-firefox2.0.0.13", "p-cpe:/a:mandriva:linux:libswt3-gtk2", "p-cpe:/a:mandriva:linux:libtotem-plparser-devel", "p-cpe:/a:mandriva:linux:libtotem-plparser1", "p-cpe:/a:mandriva:linux:libtotem-plparser1-devel", "p-cpe:/a:mandriva:linux:libtotem-plparser7", "p-cpe:/a:mandriva:linux:mozilla-firefox", "p-cpe:/a:mandriva:linux:mozilla-firefox-af", "p-cpe:/a:mandriva:linux:mozilla-firefox-ar", "p-cpe:/a:mandriva:linux:mozilla-firefox-be", "p-cpe:/a:mandriva:linux:mozilla-firefox-bg", "p-cpe:/a:mandriva:linux:mozilla-firefox-br_FR", "p-cpe:/a:mandriva:linux:mozilla-firefox-ca", "p-cpe:/a:mandriva:linux:mozilla-firefox-cs", "p-cpe:/a:mandriva:linux:mozilla-firefox-da", "p-cpe:/a:mandriva:linux:mozilla-firefox-de", "p-cpe:/a:mandriva:linux:mozilla-firefox-el", "p-cpe:/a:mandriva:linux:mozilla-firefox-en_GB", "p-cpe:/a:mandriva:linux:mozilla-firefox-es_AR", "p-cpe:/a:mandriva:linux:mozilla-firefox-es_ES", "p-cpe:/a:mandriva:linux:mozilla-firefox-et_EE", "p-cpe:/a:mandriva:linux:mozilla-firefox-eu", "p-cpe:/a:mandriva:linux:mozilla-firefox-ext-blogrovr", "p-cpe:/a:mandriva:linux:mozilla-firefox-ext-foxmarks", "p-cpe:/a:mandriva:linux:mozilla-firefox-ext-scribefire", "p-cpe:/a:mandriva:linux:mozilla-firefox-fi", "p-cpe:/a:mandriva:linux:mozilla-firefox-fr", "p-cpe:/a:mandriva:linux:mozilla-firefox-fy", "p-cpe:/a:mandriva:linux:mozilla-firefox-ga", "p-cpe:/a:mandriva:linux:mozilla-firefox-gnome-support", "p-cpe:/a:mandriva:linux:mozilla-firefox-gu_IN", "p-cpe:/a:mandriva:linux:mozilla-firefox-he", "p-cpe:/a:mandriva:linux:mozilla-firefox-hu", "p-cpe:/a:mandriva:linux:mozilla-firefox-it", "p-cpe:/a:mandriva:linux:mozilla-firefox-ja", "p-cpe:/a:mandriva:linux:mozilla-firefox-ka", "p-cpe:/a:mandriva:linux:mozilla-firefox-ko", "p-cpe:/a:mandriva:linux:mozilla-firefox-ku", "p-cpe:/a:mandriva:linux:mozilla-firefox-lt", "p-cpe:/a:mandriva:linux:mozilla-firefox-mk", "p-cpe:/a:mandriva:linux:mozilla-firefox-mn", "p-cpe:/a:mandriva:linux:mozilla-firefox-nb_NO", "p-cpe:/a:mandriva:linux:mozilla-firefox-nl", "p-cpe:/a:mandriva:linux:mozilla-firefox-nn_NO", "p-cpe:/a:mandriva:linux:mozilla-firefox-pa_IN", "p-cpe:/a:mandriva:linux:mozilla-firefox-pl", "p-cpe:/a:mandriva:linux:mozilla-firefox-pt_BR", "p-cpe:/a:mandriva:linux:mozilla-firefox-pt_PT", "p-cpe:/a:mandriva:linux:mozilla-firefox-ro", "p-cpe:/a:mandriva:linux:mozilla-firefox-ru", "p-cpe:/a:mandriva:linux:mozilla-firefox-sk", "p-cpe:/a:mandriva:linux:mozilla-firefox-sl", "p-cpe:/a:mandriva:linux:mozilla-firefox-sv_SE", "p-cpe:/a:mandriva:linux:mozilla-firefox-tr", "p-cpe:/a:mandriva:linux:mozilla-firefox-uk", "p-cpe:/a:mandriva:linux:mozilla-firefox-zh_CN", "p-cpe:/a:mandriva:linux:mozilla-firefox-zh_TW", "p-cpe:/a:mandriva:linux:totem", "p-cpe:/a:mandriva:linux:totem-common", "p-cpe:/a:mandriva:linux:totem-gstreamer", "p-cpe:/a:mandriva:linux:totem-mozilla", "p-cpe:/a:mandriva:linux:totem-mozilla-gstreamer", "p-cpe:/a:mandriva:linux:yelp", "cpe:/o:mandriva:linux:2007.1", "cpe:/o:mandriva:linux:2008.0"], "id": "MANDRIVA_MDVSA-2008-080.NASL", "href": "https://www.tenable.com/plugins/nessus/36441", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2008:080. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(36441);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2007-4879\", \"CVE-2008-1195\", \"CVE-2008-1233\", \"CVE-2008-1234\", \"CVE-2008-1235\", \"CVE-2008-1236\", \"CVE-2008-1237\", \"CVE-2008-1238\", \"CVE-2008-1240\", \"CVE-2008-1241\");\n script_xref(name:\"MDVSA\", value:\"2008:080\");\n\n script_name(english:\"Mandriva Linux Security Advisory : mozilla-firefox (MDVSA-2008:080)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A number of security vulnerabilities have been discovered and\ncorrected in the latest Mozilla Firefox program, version 2.0.0.13.\n\nThis update provides the latest Firefox to correct these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2008/mfsa2008-14.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2008/mfsa2008-15.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2008/mfsa2008-16.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2008/mfsa2008-17.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2008/mfsa2008-18.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2008/mfsa2008-19.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(59, 79, 94, 287, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:deskbar-applet\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:devhelp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:devhelp-plugins\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:eclipse-cvs-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:eclipse-ecj\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:eclipse-jdt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:eclipse-jdt-sdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:eclipse-pde\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:eclipse-pde-runtime\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:eclipse-pde-sdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:eclipse-platform\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:eclipse-platform-sdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:eclipse-rcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:eclipse-rcp-sdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:eclipse-sdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:epiphany\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:epiphany-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:epiphany-extensions\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:galeon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:gnome-python-extras\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:gnome-python-gda\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:gnome-python-gda-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:gnome-python-gdl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:gnome-python-gksu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:gnome-python-gtkhtml2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:gnome-python-gtkmozembed\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:gnome-python-gtkspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64devhelp-1-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64devhelp-1_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64devhelp-1_0-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64mozilla-firefox-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64mozilla-firefox2.0.0.13\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64totem-plparser-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64totem-plparser1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64totem-plparser1-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64totem-plparser7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libdevhelp-1-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libdevhelp-1_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libdevhelp-1_0-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libmozilla-firefox-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libmozilla-firefox2.0.0.13\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libswt3-gtk2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libtotem-plparser-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libtotem-plparser1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libtotem-plparser1-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libtotem-plparser7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-af\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-ar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-be\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-bg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-br_FR\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-ca\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-cs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-da\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-de\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-en_GB\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-es_AR\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-es_ES\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-et_EE\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-eu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-ext-blogrovr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-ext-foxmarks\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-ext-scribefire\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-fi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-fr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-fy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-ga\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-gnome-support\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-gu_IN\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-he\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-hu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-it\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-ja\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-ka\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-ko\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-ku\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-lt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-mk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-mn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-nb_NO\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-nl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-nn_NO\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-pa_IN\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-pl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-pt_BR\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-pt_PT\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-ro\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-ru\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-sk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-sl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-sv_SE\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-tr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-uk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-zh_CN\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-zh_TW\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:totem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:totem-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:totem-gstreamer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:totem-mozilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:totem-mozilla-gstreamer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:yelp\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2007.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2008.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/03/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/04/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2007.1\", reference:\"deskbar-applet-2.18.0-3.7mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"devhelp-0.13-3.7mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"devhelp-plugins-0.13-3.7mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"eclipse-ecj-3.2.2-3.4.5mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"eclipse-jdt-3.2.2-3.4.5mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"eclipse-jdt-sdk-3.2.2-3.4.5mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"eclipse-pde-3.2.2-3.4.5mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"eclipse-pde-runtime-3.2.2-3.4.5mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"eclipse-pde-sdk-3.2.2-3.4.5mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"eclipse-platform-3.2.2-3.4.5mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"eclipse-platform-sdk-3.2.2-3.4.5mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"eclipse-rcp-3.2.2-3.4.5mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"eclipse-rcp-sdk-3.2.2-3.4.5mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"eclipse-sdk-3.2.2-3.4.5mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"epiphany-2.18.0-5.7mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"epiphany-devel-2.18.0-5.7mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"epiphany-extensions-2.18.0-2.6mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"galeon-2.0.3-5.7mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"gnome-python-extras-2.14.3-4.7mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"gnome-python-gda-2.14.3-4.7mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"gnome-python-gda-devel-2.14.3-4.7mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"gnome-python-gdl-2.14.3-4.7mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"gnome-python-gksu-2.14.3-4.7mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"gnome-python-gtkhtml2-2.14.3-4.7mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"gnome-python-gtkmozembed-2.14.3-4.7mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"gnome-python-gtkspell-2.14.3-4.7mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"x86_64\", reference:\"lib64devhelp-1_0-0.13-3.7mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"x86_64\", reference:\"lib64devhelp-1_0-devel-0.13-3.7mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"x86_64\", reference:\"lib64mozilla-firefox-devel-2.0.0.13-1.1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"x86_64\", reference:\"lib64mozilla-firefox2.0.0.13-2.0.0.13-1.1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"x86_64\", reference:\"lib64totem-plparser1-2.18.2-1.8mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"x86_64\", reference:\"lib64totem-plparser1-devel-2.18.2-1.8mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"i386\", reference:\"libdevhelp-1_0-0.13-3.7mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"i386\", reference:\"libdevhelp-1_0-devel-0.13-3.7mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"i386\", reference:\"libmozilla-firefox-devel-2.0.0.13-1.1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"i386\", reference:\"libmozilla-firefox2.0.0.13-2.0.0.13-1.1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"libswt3-gtk2-3.2.2-3.4.5mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"i386\", reference:\"libtotem-plparser1-2.18.2-1.8mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"i386\", reference:\"libtotem-plparser1-devel-2.18.2-1.8mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"mozilla-firefox-2.0.0.13-1.1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"mozilla-firefox-af-2.0.0.13-1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"mozilla-firefox-ar-2.0.0.13-1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"mozilla-firefox-be-2.0.0.13-1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"mozilla-firefox-bg-2.0.0.13-1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"mozilla-firefox-br_FR-2.0.0.13-1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"mozilla-firefox-ca-2.0.0.13-1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"mozilla-firefox-cs-2.0.0.13-1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"mozilla-firefox-da-2.0.0.13-1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"mozilla-firefox-de-2.0.0.13-1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"mozilla-firefox-el-2.0.0.13-1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"mozilla-firefox-en_GB-2.0.0.13-1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"mozilla-firefox-es_AR-2.0.0.13-1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"mozilla-firefox-es_ES-2.0.0.13-1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"mozilla-firefox-et_EE-2.0.0.13-1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"mozilla-firefox-eu-2.0.0.13-1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"mozilla-firefox-fi-2.0.0.13-1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"mozilla-firefox-fr-2.0.0.13-1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"mozilla-firefox-fy-2.0.0.13-1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"mozilla-firefox-ga-2.0.0.13-1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"mozilla-firefox-gu_IN-2.0.0.13-1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"mozilla-firefox-he-2.0.0.13-1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"mozilla-firefox-hu-2.0.0.13-1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"mozilla-firefox-it-2.0.0.13-1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"mozilla-firefox-ja-2.0.0.13-1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"mozilla-firefox-ka-2.0.0.13-1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"mozilla-firefox-ko-2.0.0.13-1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"mozilla-firefox-ku-2.0.0.13-1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"mozilla-firefox-lt-2.0.0.13-1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"mozilla-firefox-mk-2.0.0.13-1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"mozilla-firefox-mn-2.0.0.13-1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"mozilla-firefox-nb_NO-2.0.0.13-1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"mozilla-firefox-nl-2.0.0.13-1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"mozilla-firefox-nn_NO-2.0.0.13-1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"mozilla-firefox-pa_IN-2.0.0.13-1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"mozilla-firefox-pl-2.0.0.13-1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"mozilla-firefox-pt_BR-2.0.0.13-1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"mozilla-firefox-pt_PT-2.0.0.13-1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"mozilla-firefox-ro-2.0.0.13-1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"mozilla-firefox-ru-2.0.0.13-1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"mozilla-firefox-sk-2.0.0.13-1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"mozilla-firefox-sl-2.0.0.13-1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"mozilla-firefox-sv_SE-2.0.0.13-1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"mozilla-firefox-tr-2.0.0.13-1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"mozilla-firefox-uk-2.0.0.13-1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"mozilla-firefox-zh_CN-2.0.0.13-1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"mozilla-firefox-zh_TW-2.0.0.13-1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"totem-2.18.2-1.8mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"totem-common-2.18.2-1.8mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"totem-gstreamer-2.18.2-1.8mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"totem-mozilla-2.18.2-1.8mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"totem-mozilla-gstreamer-2.18.2-1.8mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"yelp-2.18.0-3.7mdv2007.1\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2008.0\", reference:\"devhelp-0.16-1.4mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"devhelp-plugins-0.16-1.4mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"eclipse-cvs-client-3.3.0-0.20.8.4mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"eclipse-ecj-3.3.0-0.20.8.4mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"eclipse-jdt-3.3.0-0.20.8.4mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"eclipse-pde-3.3.0-0.20.8.4mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"eclipse-pde-runtime-3.3.0-0.20.8.4mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"eclipse-platform-3.3.0-0.20.8.4mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"eclipse-rcp-3.3.0-0.20.8.4mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"epiphany-2.20.0-1.4mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"epiphany-devel-2.20.0-1.4mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"galeon-2.0.3-7.4mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"gnome-python-extras-2.19.1-4.4mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"gnome-python-gda-2.19.1-4.4mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"gnome-python-gda-devel-2.19.1-4.4mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"gnome-python-gdl-2.19.1-4.4mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"gnome-python-gksu-2.19.1-4.4mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"gnome-python-gtkhtml2-2.19.1-4.4mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"gnome-python-gtkmozembed-2.19.1-4.4mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"gnome-python-gtkspell-2.19.1-4.4mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64devhelp-1-devel-0.16-1.4mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64devhelp-1_0-0.16-1.4mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64mozilla-firefox-devel-2.0.0.13-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64mozilla-firefox2.0.0.13-2.0.0.13-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64totem-plparser-devel-2.20.1-1.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64totem-plparser7-2.20.1-1.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libdevhelp-1-devel-0.16-1.4mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libdevhelp-1_0-0.16-1.4mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libmozilla-firefox-devel-2.0.0.13-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libmozilla-firefox2.0.0.13-2.0.0.13-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"libswt3-gtk2-3.3.0-0.20.8.4mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libtotem-plparser-devel-2.20.1-1.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libtotem-plparser7-2.20.1-1.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-2.0.0.13-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-af-2.0.0.13-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-ar-2.0.0.13-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-be-2.0.0.13-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-bg-2.0.0.13-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-br_FR-2.0.0.13-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-ca-2.0.0.13-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-cs-2.0.0.13-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-da-2.0.0.13-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-de-2.0.0.13-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-el-2.0.0.13-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-en_GB-2.0.0.13-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-es_AR-2.0.0.13-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-es_ES-2.0.0.13-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-et_EE-2.0.0.13-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-eu-2.0.0.13-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-ext-blogrovr-1.1.771-3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-ext-foxmarks-2.0.43-3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-ext-scribefire-1.4.2-6mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-fi-2.0.0.13-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-fr-2.0.0.13-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-fy-2.0.0.13-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-ga-2.0.0.13-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-gnome-support-2.0.0.13-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-gu_IN-2.0.0.13-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-he-2.0.0.13-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-hu-2.0.0.13-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-it-2.0.0.13-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-ja-2.0.0.13-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-ka-2.0.0.13-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-ko-2.0.0.13-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-ku-2.0.0.13-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-lt-2.0.0.13-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-mk-2.0.0.13-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-mn-2.0.0.13-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-nb_NO-2.0.0.13-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-nl-2.0.0.13-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-nn_NO-2.0.0.13-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-pa_IN-2.0.0.13-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-pl-2.0.0.13-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-pt_BR-2.0.0.13-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-pt_PT-2.0.0.13-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-ro-2.0.0.13-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-ru-2.0.0.13-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-sk-2.0.0.13-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-sl-2.0.0.13-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-sv_SE-2.0.0.13-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-tr-2.0.0.13-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-uk-2.0.0.13-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-zh_CN-2.0.0.13-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-zh_TW-2.0.0.13-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"totem-2.20.1-1.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"totem-common-2.20.1-1.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"totem-gstreamer-2.20.1-1.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"totem-mozilla-2.20.1-1.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"totem-mozilla-gstreamer-2.20.1-1.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"yelp-2.20.0-3.3mdv2008.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:10:45", "description": "The installed version of Firefox is affected by various security issues :\n\n - A series of vulnerabilities that allow for JavaScript privilege escalation and arbitrary code execution.\n\n - Several stability bugs leading to crashes which, in some cases, show traces of memory corruption.\n\n - An HTTP Referer spoofing issue with malformed URLs.\n\n - A privacy issue with SSL client authentication.\n\n - Web content fetched via the 'jar:' protocol can use Java via LiveConnect to open socket connections to arbitrary ports on the localhost.\n\n - It is possible to have a background tab create a borderless XUL pop-up in front of the active tab in the user's browser.", "cvss3": {"score": null, "vector": null}, "published": "2008-03-26T00:00:00", "type": "nessus", "title": "Firefox < 2.0.0.13 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-4879", "CVE-2008-1195", "CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1236", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1240", "CVE-2008-1241"], "modified": "2018-07-16T00:00:00", "cpe": ["cpe:/a:mozilla:firefox"], "id": "MOZILLA_FIREFOX_20013.NASL", "href": "https://www.tenable.com/plugins/nessus/31652", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(31652);\n script_version(\"1.16\");\n\n script_cve_id(\n \"CVE-2007-4879\", \n \"CVE-2008-1195\", \n \"CVE-2008-1233\", \n \"CVE-2008-1234\", \n \"CVE-2008-1235\",\n \"CVE-2008-1236\", \n \"CVE-2008-1237\", \n \"CVE-2008-1238\", \n \"CVE-2008-1240\", \n \"CVE-2008-1241\"\n );\n script_bugtraq_id(28448);\n\n script_name(english:\"Firefox < 2.0.0.13 Multiple Vulnerabilities\");\n script_summary(english:\"Checks version of Firefox\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host contains a web browser that is affected by\nmultiple vulnerabilities.\" );\n script_set_attribute(attribute:\"description\", value:\n\"The installed version of Firefox is affected by various security\nissues :\n\n - A series of vulnerabilities that allow for JavaScript \n privilege escalation and arbitrary code execution.\n\n - Several stability bugs leading to crashes which, in\n some cases, show traces of memory corruption.\n\n - An HTTP Referer spoofing issue with malformed URLs.\n\n - A privacy issue with SSL client authentication.\n\n - Web content fetched via the 'jar:' protocol can use \n Java via LiveConnect to open socket connections to \n arbitrary ports on the localhost.\n\n - It is possible to have a background tab create a \n borderless XUL pop-up in front of the active tab \n in the user's browser.\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2008-14/\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2008-15/\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2008-16/\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2008-17/\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2008-18/\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2008-19/\" );\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Firefox 2.0.0.13 or later.\" );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(59, 79, 94, 287, 399);\n\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2008/03/26\");\n script_set_attribute(attribute:\"vuln_publication_date\", value: \"2007/09/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value: \"2008/03/25\");\n script_cvs_date(\"Date: 2018/07/16 14:09:14\");\nscript_set_attribute(attribute:\"plugin_type\", value:\"local\");\nscript_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:firefox\");\nscript_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n script_copyright(english:\"This script is Copyright (C) 2008-2018 Tenable Network Security, Inc.\");\n script_dependencies(\"mozilla_org_installed.nasl\");\n script_require_keys(\"Mozilla/Firefox/Version\");\n exit(0);\n}\n\ninclude(\"mozilla_version.inc\");\nport = get_kb_item_or_exit(\"SMB/transport\"); \n\ninstalls = get_kb_list(\"SMB/Mozilla/Firefox/*\");\nif (isnull(installs)) audit(AUDIT_NOT_INST, \"Firefox\");\n\nmozilla_check_version(installs:installs, product:'firefox', esr:FALSE, fix:'2.0.0.13', severity:SECURITY_HOLE);", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:10:44", "description": "The installed version of Firefox is affected by various security issues :\n\n - A series of vulnerabilities that allow for JavaScript privilege escalation and arbitrary code execution.\n - Several stability bugs leading to crashes that, in some cases, show traces of memory corruption.\n - An HTTP Referer spoofing issue with malformed URLs.\n - A privacy issue with SSL client authentication.\n - Web content fetched via the 'jar:' protocol can use Java via LiveConnect to open socket connections to arbitrary ports on the localhost.\n - It is possible to have a background tab create a borderless XUL pop-up in front of the active tab in the user's browser.", "cvss3": {"score": 7.3, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}, "published": "2008-03-26T00:00:00", "type": "nessus", "title": "Mozilla Firefox < 2.0.0.13 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1236", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1241", "CVE-2007-4879", "CVE-2008-1195", "CVE-2008-1240"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*"], "id": "4447.PRM", "href": "https://www.tenable.com/plugins/nnm/4447", "sourceData": "Binary data 4447.prm", "cvss": {"score": 7.5, "vector": "CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T13:10:47", "description": "This update brings Mozilla Firefox to security update version 2.0.0.13\n\nFollowing security problems were fixed :\n\n - XUL popup spoofing variant (cross-tab popups). (MFSA 2008-19 / CVE-2008-1241)\n\n - Java socket connection to any local port via LiveConnect. (MFSA 2008-18 / CVE-2008-1195 / CVE-2008-1240)\n\n - Privacy issue with SSL Client Authentication. (MFSA 2008-17 / CVE-2007-4879)\n\n - HTTP Referrer spoofing with malformed URLs. (MFSA 2008-16 / CVE-2008-1238)\n\n - Crashes with evidence of memory corruption (rv:1.8.1.13). (MFSA 2008-15 / CVE-2008-1236 / CVE-2008-1237)\n\n - JavaScript privilege escalation and arbitrary code execution. (MFSA 2008-14 / CVE-2008-1233 / CVE-2008-1234 / CVE-2008-1235)", "cvss3": {"score": null, "vector": null}, "published": "2008-04-01T00:00:00", "type": "nessus", "title": "SuSE 10 Security Update : Security update for (ZYPP Patch Number 5134)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-4879", "CVE-2008-1195", "CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1236", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1240", "CVE-2008-1241"], "modified": "2021-01-14T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_MOZILLAFIREFOX-5134.NASL", "href": "https://www.tenable.com/plugins/nessus/31722", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(31722);\n script_version(\"1.21\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2007-4879\", \"CVE-2008-1195\", \"CVE-2008-1233\", \"CVE-2008-1234\", \"CVE-2008-1235\", \"CVE-2008-1236\", \"CVE-2008-1237\", \"CVE-2008-1238\", \"CVE-2008-1240\", \"CVE-2008-1241\");\n\n script_name(english:\"SuSE 10 Security Update : Security update for (ZYPP Patch Number 5134)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update brings Mozilla Firefox to security update version 2.0.0.13\n\nFollowing security problems were fixed :\n\n - XUL popup spoofing variant (cross-tab popups). (MFSA\n 2008-19 / CVE-2008-1241)\n\n - Java socket connection to any local port via\n LiveConnect. (MFSA 2008-18 / CVE-2008-1195 /\n CVE-2008-1240)\n\n - Privacy issue with SSL Client Authentication. (MFSA\n 2008-17 / CVE-2007-4879)\n\n - HTTP Referrer spoofing with malformed URLs. (MFSA\n 2008-16 / CVE-2008-1238)\n\n - Crashes with evidence of memory corruption\n (rv:1.8.1.13). (MFSA 2008-15 / CVE-2008-1236 /\n CVE-2008-1237)\n\n - JavaScript privilege escalation and arbitrary code\n execution. (MFSA 2008-14 / CVE-2008-1233 / CVE-2008-1234\n / CVE-2008-1235)\"\n );\n # http://www.mozilla.org/security/announce/2008/mfsa2008-14.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2008-14/\"\n );\n # http://www.mozilla.org/security/announce/2008/mfsa2008-15.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2008-15/\"\n );\n # http://www.mozilla.org/security/announce/2008/mfsa2008-16.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2008-16/\"\n );\n # http://www.mozilla.org/security/announce/2008/mfsa2008-17.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2008-17/\"\n );\n # http://www.mozilla.org/security/announce/2008/mfsa2008-18.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2008-18/\"\n );\n # http://www.mozilla.org/security/announce/2008/mfsa2008-19.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2008-19/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2007-4879.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-1195.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-1233.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-1234.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-1235.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-1236.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-1237.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-1238.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-1240.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-1241.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 5134.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(59, 79, 94, 287, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/09/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/03/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/04/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:1, reference:\"MozillaFirefox-2.0.0.13-0.2\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:1, reference:\"MozillaFirefox-translations-2.0.0.13-0.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"MozillaFirefox-2.0.0.13-0.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"MozillaFirefox-translations-2.0.0.13-0.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:10:53", "description": "This update brings the Mozilla XULRunner engine to security update version 1.8.1.13\n\nFollowing security problems were fixed :\n\n - MFSA 2008-19/CVE-2008-1241: XUL popup spoofing variant (cross-tab popups)\n\n - MFSA 2008-18/CVE-2008-1195 and CVE-2008-1240: Java socket connection to any local port via LiveConnect\n\n - MFSA 2008-17/CVE-2007-4879: Privacy issue with SSL Client Authentication\n\n - MFSA 2008-16/CVE-2008-1238: HTTP Referrer spoofing with malformed URLs\n\n - MFSA 2008-15/CVE-2008-1236 and CVE-2008-1237: Crashes with evidence of memory corruption (rv:1.8.1.13)\n\n - MFSA 2008-14/CVE-2008-1233, CVE-2008-1234, and CVE-2008-1235: JavaScript privilege escalation and arbitrary code execution.", "cvss3": {"score": null, "vector": null}, "published": "2008-04-22T00:00:00", "type": "nessus", "title": "openSUSE 10 Security Update : mozilla-xulrunner181 (mozilla-xulrunner181-5158)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-4879", "CVE-2008-1195", "CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1236", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1240", "CVE-2008-1241"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:epiphany", "p-cpe:/a:novell:opensuse:epiphany-devel", "p-cpe:/a:novell:opensuse:epiphany-extensions", "p-cpe:/a:novell:opensuse:mozilla-xulrunner181", "p-cpe:/a:novell:opensuse:mozilla-xulrunner181-32bit", "p-cpe:/a:novell:opensuse:mozilla-xulrunner181-devel", "p-cpe:/a:novell:opensuse:mozilla-xulrunner181-l10n", "cpe:/o:novell:opensuse:10.2", "cpe:/o:novell:opensuse:10.3"], "id": "SUSE_MOZILLA-XULRUNNER181-5158.NASL", "href": "https://www.tenable.com/plugins/nessus/32026", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update mozilla-xulrunner181-5158.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(32026);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2007-4879\", \"CVE-2008-1195\", \"CVE-2008-1233\", \"CVE-2008-1234\", \"CVE-2008-1235\", \"CVE-2008-1236\", \"CVE-2008-1237\", \"CVE-2008-1238\", \"CVE-2008-1240\", \"CVE-2008-1241\");\n\n script_name(english:\"openSUSE 10 Security Update : mozilla-xulrunner181 (mozilla-xulrunner181-5158)\");\n script_summary(english:\"Check for the mozilla-xulrunner181-5158 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update brings the Mozilla XULRunner engine to security update\nversion 1.8.1.13\n\nFollowing security problems were fixed :\n\n - MFSA 2008-19/CVE-2008-1241: XUL popup spoofing variant\n (cross-tab popups)\n\n - MFSA 2008-18/CVE-2008-1195 and CVE-2008-1240: Java\n socket connection to any local port via LiveConnect\n\n - MFSA 2008-17/CVE-2007-4879: Privacy issue with SSL\n Client Authentication\n\n - MFSA 2008-16/CVE-2008-1238: HTTP Referrer spoofing with\n malformed URLs\n\n - MFSA 2008-15/CVE-2008-1236 and CVE-2008-1237: Crashes\n with evidence of memory corruption (rv:1.8.1.13)\n\n - MFSA 2008-14/CVE-2008-1233, CVE-2008-1234, and\n CVE-2008-1235: JavaScript privilege escalation and\n arbitrary code execution.\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mozilla-xulrunner181 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(59, 79, 94, 287, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:epiphany\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:epiphany-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:epiphany-extensions\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner181\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner181-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner181-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner181-l10n\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/04/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/04/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.2|SUSE10\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.2 / 10.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.2\", reference:\"epiphany-2.16.1-32\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"epiphany-devel-2.16.1-32\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"epiphany-extensions-2.16.1-32\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"mozilla-xulrunner181-1.8.1.13-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"mozilla-xulrunner181-devel-1.8.1.13-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"mozilla-xulrunner181-l10n-1.8.1.13-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", cpu:\"x86_64\", reference:\"mozilla-xulrunner181-32bit-1.8.1.13-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"epiphany-2.20.0-8.3\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"epiphany-devel-2.20.0-8.3\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"epiphany-extensions-2.20.0-8.3\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"mozilla-xulrunner181-1.8.1.13-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"mozilla-xulrunner181-devel-1.8.1.13-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"mozilla-xulrunner181-l10n-1.8.1.13-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", cpu:\"x86_64\", reference:\"mozilla-xulrunner181-32bit-1.8.1.13-0.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"epiphany / epiphany-devel / epiphany-extensions / etc\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:10:53", "description": "This update brings Mozilla SeaMonkey to security update version 1.1.9\n\nFollowing security problems were fixed :\n\n - MFSA 2008-19/CVE-2008-1241: XUL popup spoofing variant (cross-tab popups)\n\n - MFSA 2008-18/CVE-2008-1195 and CVE-2008-1240: Java socket connection to any local port via LiveConnect\n\n - MFSA 2008-17/CVE-2007-4879: Privacy issue with SSL Client Authentication\n\n - MFSA 2008-16/CVE-2008-1238: HTTP Referrer spoofing with malformed URLs\n\n - MFSA 2008-15/CVE-2008-1236 and CVE-2008-1237: Crashes with evidence of memory corruption (rv:1.8.1.13)\n\n - MFSA 2008-14/CVE-2008-1233, CVE-2008-1234, and CVE-2008-1235: JavaScript privilege escalation and arbitrary code execution.", "cvss3": {"score": null, "vector": null}, "published": "2008-04-11T00:00:00", "type": "nessus", "title": "openSUSE 10 Security Update : seamonkey (seamonkey-5153)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-4879", "CVE-2008-1195", "CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1236", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1240", "CVE-2008-1241"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:seamonkey", "p-cpe:/a:novell:opensuse:seamonkey-dom-inspector", "p-cpe:/a:novell:opensuse:seamonkey-irc", "p-cpe:/a:novell:opensuse:seamonkey-mail", "p-cpe:/a:novell:opensuse:seamonkey-spellchecker", "p-cpe:/a:novell:opensuse:seamonkey-venkman", "cpe:/o:novell:opensuse:10.2", "cpe:/o:novell:opensuse:10.3"], "id": "SUSE_SEAMONKEY-5153.NASL", "href": "https://www.tenable.com/plugins/nessus/31845", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update seamonkey-5153.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(31845);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2007-4879\", \"CVE-2008-1195\", \"CVE-2008-1233\", \"CVE-2008-1234\", \"CVE-2008-1235\", \"CVE-2008-1236\", \"CVE-2008-1237\", \"CVE-2008-1238\", \"CVE-2008-1240\", \"CVE-2008-1241\");\n\n script_name(english:\"openSUSE 10 Security Update : seamonkey (seamonkey-5153)\");\n script_summary(english:\"Check for the seamonkey-5153 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update brings Mozilla SeaMonkey to security update version 1.1.9\n\nFollowing security problems were fixed :\n\n - MFSA 2008-19/CVE-2008-1241: XUL popup spoofing variant\n (cross-tab popups)\n\n - MFSA 2008-18/CVE-2008-1195 and CVE-2008-1240: Java\n socket connection to any local port via LiveConnect\n\n - MFSA 2008-17/CVE-2007-4879: Privacy issue with SSL\n Client Authentication\n\n - MFSA 2008-16/CVE-2008-1238: HTTP Referrer spoofing with\n malformed URLs\n\n - MFSA 2008-15/CVE-2008-1236 and CVE-2008-1237: Crashes\n with evidence of memory corruption (rv:1.8.1.13)\n\n - MFSA 2008-14/CVE-2008-1233, CVE-2008-1234, and\n CVE-2008-1235: JavaScript privilege escalation and\n arbitrary code execution.\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected seamonkey packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(59, 79, 94, 287, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-dom-inspector\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-irc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-mail\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-spellchecker\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-venkman\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/04/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/04/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.2|SUSE10\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.2 / 10.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.2\", reference:\"seamonkey-1.1.9-1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"seamonkey-dom-inspector-1.1.9-1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"seamonkey-irc-1.1.9-1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"seamonkey-mail-1.1.9-1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"seamonkey-spellchecker-1.1.9-1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"seamonkey-venkman-1.1.9-1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"seamonkey-1.1.9-1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"seamonkey-dom-inspector-1.1.9-1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"seamonkey-irc-1.1.9-1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"seamonkey-mail-1.1.9-1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"seamonkey-spellchecker-1.1.9-1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"seamonkey-venkman-1.1.9-1.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"seamonkey\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:10:47", "description": "This update brings Mozilla SeaMonkey to the level of seamonkey security update version 1.1.9\n\nFollowing security problems were fixed :\n\n - MFSA 2008-19/CVE-2008-1241: XUL popup spoofing variant (cross-tab popups)\n\n - MFSA 2008-18/CVE-2008-1195 and CVE-2008-1240: Java socket connection to any local port via LiveConnect\n\n - MFSA 2008-17/CVE-2007-4879: Privacy issue with SSL Client Authentication\n\n - MFSA 2008-16/CVE-2008-1238: HTTP Referrer spoofing with malformed URLs\n\n - MFSA 2008-15/CVE-2008-1236 and CVE-2008-1237: Crashes with evidence of memory corruption (rv:1.8.1.13)\n\n - MFSA 2008-14/CVE-2008-1233, CVE-2008-1234, and CVE-2008-1235: JavaScript privilege escalation and arbitrary code execution.", "cvss3": {"score": null, "vector": null}, "published": "2008-04-22T00:00:00", "type": "nessus", "title": "openSUSE 10 Security Update : seamonkey (seamonkey-5167)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-4879", "CVE-2008-1195", "CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1236", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1240", "CVE-2008-1241"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:seamonkey", "p-cpe:/a:novell:opensuse:seamonkey-calendar", "p-cpe:/a:novell:opensuse:seamonkey-dom-inspector", "p-cpe:/a:novell:opensuse:seamonkey-irc", "p-cpe:/a:novell:opensuse:seamonkey-mail", "p-cpe:/a:novell:opensuse:seamonkey-spellchecker", "p-cpe:/a:novell:opensuse:seamonkey-venkman", "cpe:/o:novell:opensuse:10.1"], "id": "SUSE_SEAMONKEY-5167.NASL", "href": "https://www.tenable.com/plugins/nessus/32027", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update seamonkey-5167.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(32027);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2007-4879\", \"CVE-2008-1195\", \"CVE-2008-1233\", \"CVE-2008-1234\", \"CVE-2008-1235\", \"CVE-2008-1236\", \"CVE-2008-1237\", \"CVE-2008-1238\", \"CVE-2008-1240\", \"CVE-2008-1241\");\n\n script_name(english:\"openSUSE 10 Security Update : seamonkey (seamonkey-5167)\");\n script_summary(english:\"Check for the seamonkey-5167 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update brings Mozilla SeaMonkey to the level of seamonkey\nsecurity update version 1.1.9\n\nFollowing security problems were fixed :\n\n - MFSA 2008-19/CVE-2008-1241: XUL popup spoofing variant\n (cross-tab popups)\n\n - MFSA 2008-18/CVE-2008-1195 and CVE-2008-1240: Java\n socket connection to any local port via LiveConnect\n\n - MFSA 2008-17/CVE-2007-4879: Privacy issue with SSL\n Client Authentication\n\n - MFSA 2008-16/CVE-2008-1238: HTTP Referrer spoofing with\n malformed URLs\n\n - MFSA 2008-15/CVE-2008-1236 and CVE-2008-1237: Crashes\n with evidence of memory corruption (rv:1.8.1.13)\n\n - MFSA 2008-14/CVE-2008-1233, CVE-2008-1234, and\n CVE-2008-1235: JavaScript privilege escalation and\n arbitrary code execution.\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected seamonkey packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(59, 79, 94, 287, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-calendar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-dom-inspector\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-irc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-mail\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-spellchecker\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-venkman\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/04/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/04/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.1\", reference:\"seamonkey-1.0.9-1.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"seamonkey-calendar-1.0.9-1.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"seamonkey-dom-inspector-1.0.9-1.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"seamonkey-irc-1.0.9-1.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"seamonkey-mail-1.0.9-1.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"seamonkey-spellchecker-1.0.9-1.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"seamonkey-venkman-1.0.9-1.12\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"seamonkey\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:10:48", "description": "Updated firefox packages that fix several security bugs are now available for Red Hat Enterprise Linux 4 and 5.\n\nThis update has been rated as having critical security impact by the Red Hat Security Response Team.\n\nMozilla Firefox is an open source Web browser.\n\nSeveral flaws were found in the processing of some malformed web content. A web page containing such malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the user running Firefox. (CVE-2008-1233, CVE-2008-1235, CVE-2008-1236, CVE-2008-1237)\n\nSeveral flaws were found in the display of malformed web content. A web page containing specially crafted content could, potentially, trick a Firefox user into surrendering sensitive information.\n(CVE-2008-1234, CVE-2008-1238, CVE-2008-1241)\n\nAll Firefox users should upgrade to these updated packages, which contain backported patches that correct these issues.", "cvss3": {"score": null, "vector": null}, "published": "2008-03-28T00:00:00", "type": "nessus", "title": "RHEL 4 / 5 : firefox (RHSA-2008:0207)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-4879", "CVE-2008-1195", "CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1236", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1240", "CVE-2008-1241"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:firefox", "p-cpe:/a:redhat:enterprise_linux:firefox-devel", "cpe:/o:redhat:enterprise_linux:4", "cpe:/o:redhat:enterprise_linux:4.6", "cpe:/o:redhat:enterprise_linux:5", "cpe:/o:redhat:enterprise_linux:5.1"], "id": "REDHAT-RHSA-2008-0207.NASL", "href": "https://www.tenable.com/plugins/nessus/31694", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2008:0207. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(31694);\n script_version(\"1.28\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2007-4879\", \"CVE-2008-1195\", \"CVE-2008-1233\", \"CVE-2008-1234\", \"CVE-2008-1235\", \"CVE-2008-1236\", \"CVE-2008-1237\", \"CVE-2008-1238\", \"CVE-2008-1240\", \"CVE-2008-1241\");\n script_bugtraq_id(28448);\n script_xref(name:\"RHSA\", value:\"2008:0207\");\n\n script_name(english:\"RHEL 4 / 5 : firefox (RHSA-2008:0207)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated firefox packages that fix several security bugs are now\navailable for Red Hat Enterprise Linux 4 and 5.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nMozilla Firefox is an open source Web browser.\n\nSeveral flaws were found in the processing of some malformed web\ncontent. A web page containing such malicious content could cause\nFirefox to crash or, potentially, execute arbitrary code as the user\nrunning Firefox. (CVE-2008-1233, CVE-2008-1235, CVE-2008-1236,\nCVE-2008-1237)\n\nSeveral flaws were found in the display of malformed web content. A\nweb page containing specially crafted content could, potentially,\ntrick a Firefox user into surrendering sensitive information.\n(CVE-2008-1234, CVE-2008-1238, CVE-2008-1241)\n\nAll Firefox users should upgrade to these updated packages, which\ncontain backported patches that correct these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-1233\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-1234\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-1235\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-1236\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-1237\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-1238\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-1241\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2008:0207\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected firefox and / or firefox-devel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(59, 79, 94, 287, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:firefox-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/09/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/03/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/03/28\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x / 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2008:0207\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL4\", reference:\"firefox-1.5.0.12-0.14.el4\")) flag++;\n\n\n if (rpm_check(release:\"RHEL5\", reference:\"firefox-1.5.0.12-14.el5_1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"firefox-devel-1.5.0.12-14.el5_1\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox / firefox-devel\");\n }\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:10:44", "description": "The installed version of SeaMonkey is affected by various security issues :\n - A series of vulnerabilities that allow for JavaScript privilege escalation and arbitrary code execution.\n - Several stability bugs leading to crashes that, in some cases, show traces of memory corruption.\n - An HTTP Referer spoofing issue with malformed URLs.\n - A privacy issue with SSL client authentication.\n - Web content fetched via the 'jar:' protocol can use Java via LiveConnect to open socket connections to arbitrary ports on the localhost.\n - It is possible to have a background tab create a borderless XUL pop-up in front of the active tab in the user's browser.", "cvss3": {"score": 4.8, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"}, "published": "2008-03-26T00:00:00", "type": "nessus", "title": "SeaMonkey < 1.1.9 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-0416", "CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1236", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1241", "CVE-2007-4879", "CVE-2008-1195", "CVE-2008-1240"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*"], "id": "4448.PRM", "href": "https://www.tenable.com/plugins/nnm/4448", "sourceData": "Binary data 4448.prm", "cvss": {"score": 5.8, "vector": "CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2021-08-19T13:10:48", "description": "Alexey Proskuryakov, Yosuke Hasegawa and Simon Montagu discovered flaws in Firefox's character encoding handling. If a user were tricked into opening a malicious web page, an attacker could perform cross-site scripting attacks. (CVE-2008-0416)\n\nVarious flaws were discovered in the JavaScript engine. By tricking a user into opening a malicious web page, an attacker could escalate privileges within the browser, perform cross-site scripting attacks and/or execute arbitrary code with the user's privileges.\n(CVE-2008-1233, CVE-2008-1234, CVE-2008-1235)\n\nSeveral problems were discovered in Firefox which could lead to crashes and memory corruption. If a user were tricked into opening a malicious web page, an attacker may be able to execute arbitrary code with the user's privileges. (CVE-2008-1236, CVE-2008-1237)\n\nGregory Fleischer discovered Firefox did not properly process HTTP Referrer headers when they were sent with with requests to URLs containing Basic Authentication credentials with empty usernames. An attacker could exploit this vulnerability to perform cross-site request forgery attacks. (CVE-2008-1238)\n\nPeter Brodersen and Alexander Klink reported that default the setting in Firefox for SSL Client Authentication allowed for users to be tracked via their client certificate. The default has been changed to prompt the user each time a website requests a client certificate.\n(CVE-2007-4879)\n\nGregory Fleischer discovered that web content fetched via the jar protocol could use Java LiveConnect to connect to arbitrary ports on the user's machine due to improper parsing in the Java plugin. If a user were tricked into opening malicious web content, an attacker may be able to access services running on the user's machine.\n(CVE-2008-1195, CVE-2008-1240)\n\nChris Thomas discovered that Firefox would allow an XUL popup from an unselected tab to display in front of the selected tab. An attacker could exploit this behavior to spoof a login prompt and steal the user's credentials. (CVE-2008-1241).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2008-03-28T00:00:00", "type": "nessus", "title": "Ubuntu 6.06 LTS / 6.10 / 7.04 / 7.10 : firefox vulnerabilities (USN-592-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-4879", "CVE-2008-0416", "CVE-2008-1195", "CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1236", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1240", "CVE-2008-1241"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:firefox", "p-cpe:/a:canonical:ubuntu_linux:firefox-dbg", "p-cpe:/a:canonical:ubuntu_linux:firefox-dev", "p-cpe:/a:canonical:ubuntu_linux:firefox-dom-inspector", "p-cpe:/a:canonical:ubuntu_linux:firefox-gnome-support", "p-cpe:/a:canonical:ubuntu_linux:firefox-libthai", "p-cpe:/a:canonical:ubuntu_linux:libnspr-dev", "p-cpe:/a:canonical:ubuntu_linux:libnspr4", "p-cpe:/a:canonical:ubuntu_linux:libnss-dev", "p-cpe:/a:canonical:ubuntu_linux:libnss3", "p-cpe:/a:canonical:ubuntu_linux:mozilla-firefox", "p-cpe:/a:canonical:ubuntu_linux:mozilla-firefox-dev", "p-cpe:/a:canonical:ubuntu_linux:mozilla-firefox-dom-inspector", "p-cpe:/a:canonical:ubuntu_linux:mozilla-firefox-gnome-support", "cpe:/o:canonical:ubuntu_linux:6.06:-:lts", "cpe:/o:canonical:ubuntu_linux:6.10", "cpe:/o:canonical:ubuntu_linux:7.04", "cpe:/o:canonical:ubuntu_linux:7.10"], "id": "UBUNTU_USN-592-1.NASL", "href": "https://www.tenable.com/plugins/nessus/31700", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-592-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(31700);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2007-4879\", \"CVE-2008-0416\", \"CVE-2008-1195\", \"CVE-2008-1233\", \"CVE-2008-1234\", \"CVE-2008-1235\", \"CVE-2008-1236\", \"CVE-2008-1237\", \"CVE-2008-1238\", \"CVE-2008-1240\", \"CVE-2008-1241\");\n script_bugtraq_id(28448);\n script_xref(name:\"USN\", value:\"592-1\");\n\n script_name(english:\"Ubuntu 6.06 LTS / 6.10 / 7.04 / 7.10 : firefox vulnerabilities (USN-592-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Alexey Proskuryakov, Yosuke Hasegawa and Simon Montagu discovered\nflaws in Firefox's character encoding handling. If a user were tricked\ninto opening a malicious web page, an attacker could perform\ncross-site scripting attacks. (CVE-2008-0416)\n\nVarious flaws were discovered in the JavaScript engine. By tricking a\nuser into opening a malicious web page, an attacker could escalate\nprivileges within the browser, perform cross-site scripting attacks\nand/or execute arbitrary code with the user's privileges.\n(CVE-2008-1233, CVE-2008-1234, CVE-2008-1235)\n\nSeveral problems were discovered in Firefox which could lead to\ncrashes and memory corruption. If a user were tricked into opening a\nmalicious web page, an attacker may be able to execute arbitrary code\nwith the user's privileges. (CVE-2008-1236, CVE-2008-1237)\n\nGregory Fleischer discovered Firefox did not properly process HTTP\nReferrer headers when they were sent with with requests to URLs\ncontaining Basic Authentication credentials with empty usernames. An\nattacker could exploit this vulnerability to perform cross-site\nrequest forgery attacks. (CVE-2008-1238)\n\nPeter Brodersen and Alexander Klink reported that default the setting\nin Firefox for SSL Client Authentication allowed for users to be\ntracked via their client certificate. The default has been changed to\nprompt the user each time a website requests a client certificate.\n(CVE-2007-4879)\n\nGregory Fleischer discovered that web content fetched via the jar\nprotocol could use Java LiveConnect to connect to arbitrary ports on\nthe user's machine due to improper parsing in the Java plugin. If a\nuser were tricked into opening malicious web content, an attacker may\nbe able to access services running on the user's machine.\n(CVE-2008-1195, CVE-2008-1240)\n\nChris Thomas discovered that Firefox would allow an XUL popup from an\nunselected tab to display in front of the selected tab. An attacker\ncould exploit this behavior to spoof a login prompt and steal the\nuser's credentials. (CVE-2008-1241).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/592-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(59, 79, 94, 287, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-dom-inspector\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-gnome-support\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-libthai\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libnspr-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libnspr4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libnss-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libnss3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mozilla-firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mozilla-firefox-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mozilla-firefox-dom-inspector\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mozilla-firefox-gnome-support\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:6.06:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:6.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:7.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:7.10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/03/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/03/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2008-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(6\\.06|6\\.10|7\\.04|7\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 6.06 / 6.10 / 7.04 / 7.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"6.06\", pkgname:\"firefox\", pkgver:\"1.5.dfsg+1.5.0.15~prepatch080323a-0ubuntu1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"firefox-dbg\", pkgver:\"1.5.dfsg+1.5.0.15~prepatch080323a-0ubuntu1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"firefox-dev\", pkgver:\"1.5.dfsg+1.5.0.15~prepatch080323a-0ubuntu1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"firefox-dom-inspector\", pkgver:\"1.5.dfsg+1.5.0.15~prepatch080323a-0ubuntu1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"firefox-gnome-support\", pkgver:\"1.5.dfsg+1.5.0.15~prepatch080323a-0ubuntu1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libnspr-dev\", pkgver:\"1.firefox1.5.dfsg+1.5.0.15~prepatch080323a-0ubuntu1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libnspr4\", pkgver:\"1.firefox1.5.dfsg+1.5.0.15~prepatch080323a-0ubuntu1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libnss-dev\", pkgver:\"1.firefox1.5.dfsg+1.5.0.15~prepatch080323a-0ubuntu1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libnss3\", pkgver:\"1.firefox1.5.dfsg+1.5.0.15~prepatch080323a-0ubuntu1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"mozilla-firefox\", pkgver:\"1.5.dfsg+1.5.0.15~prepatch080323a-0ubuntu1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"mozilla-firefox-dev\", pkgver:\"1.5.dfsg+1.5.0.15~prepatch080323a-0ubuntu1\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"firefox\", pkgver:\"2.0.0.13+0nobinonly-0ubuntu0.6.10\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"firefox-dbg\", pkgver:\"2.0.0.13+0nobinonly-0ubuntu0.6.10\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"firefox-dev\", pkgver:\"2.0.0.13+0nobinonly-0ubuntu0.6.10\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"firefox-dom-inspector\", pkgver:\"2.0.0.13+0nobinonly-0ubuntu0.6.10\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"firefox-gnome-support\", pkgver:\"2.0.0.13+0nobinonly-0ubuntu0.6.10\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"libnspr-dev\", pkgver:\"1.firefox2.0.0.13+0nobinonly-0ubuntu0.6.10\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"libnspr4\", pkgver:\"1.firefox2.0.0.13+0nobinonly-0ubuntu0.6.10\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"libnss-dev\", pkgver:\"1.firefox2.0.0.13+0nobinonly-0ubuntu0.6.10\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"libnss3\", pkgver:\"1.firefox2.0.0.13+0nobinonly-0ubuntu0.6.10\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"mozilla-firefox\", pkgver:\"2.0.0.13+0nobinonly-0ubuntu0.6.10\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"mozilla-firefox-dev\", pkgver:\"2.0.0.13+0nobinonly-0ubuntu0.6.10\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"mozilla-firefox-dom-inspector\", pkgver:\"2.0.0.13+0nobinonly-0ubuntu0.6.10\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"mozilla-firefox-gnome-support\", pkgver:\"2.0.0.13+0nobinonly-0ubuntu0.6.10\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"firefox\", pkgver:\"2.0.0.13+0nobinonly-0ubuntu0.7.4\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"firefox-dbg\", pkgver:\"2.0.0.13+0nobinonly-0ubuntu0.7.4\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"firefox-dev\", pkgver:\"2.0.0.13+0nobinonly-0ubuntu0.7.4\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"firefox-dom-inspector\", pkgver:\"2.0.0.13+0nobinonly-0ubuntu0.7.4\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"firefox-gnome-support\", pkgver:\"2.0.0.13+0nobinonly-0ubuntu0.7.4\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"firefox-libthai\", pkgver:\"2.0.0.13+0nobinonly-0ubuntu0.7.4\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"libnspr-dev\", pkgver:\"1.firefox2.0.0.13+0nobinonly-0ubuntu0.7.4\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"libnspr4\", pkgver:\"1.firefox2.0.0.13+0nobinonly-0ubuntu0.7.4\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"libnss-dev\", pkgver:\"1.firefox2.0.0.13+0nobinonly-0ubuntu0.7.4\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"libnss3\", pkgver:\"1.firefox2.0.0.13+0nobinonly-0ubuntu0.7.4\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"mozilla-firefox\", pkgver:\"2.0.0.13+0nobinonly-0ubuntu0.7.4\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"mozilla-firefox-dev\", pkgver:\"2.0.0.13+0nobinonly-0ubuntu0.7.4\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"mozilla-firefox-dom-inspector\", pkgver:\"2.0.0.13+0nobinonly-0ubuntu0.7.4\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"mozilla-firefox-gnome-support\", pkgver:\"2.0.0.13+0nobinonly-0ubuntu0.7.4\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"firefox\", pkgver:\"2.0.0.13+1nobinonly-0ubuntu0.7.10\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"firefox-dbg\", pkgver:\"2.0.0.13+1nobinonly-0ubuntu0.7.10\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"firefox-dev\", pkgver:\"2.0.0.13+1nobinonly-0ubuntu0.7.10\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"firefox-dom-inspector\", pkgver:\"2.0.0.13+1nobinonly-0ubuntu0.7.10\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"firefox-gnome-support\", pkgver:\"2.0.0.13+1nobinonly-0ubuntu0.7.10\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"firefox-libthai\", pkgver:\"2.0.0.13+1nobinonly-0ubuntu0.7.10\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox / firefox-dbg / firefox-dev / firefox-dom-inspector / etc\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-03-27T14:51:52", "description": "# This shares a lot of text with dsa-1534.wml, dsa-1535.wml, dsa-1574.wml\n\nSeveral remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications. The Common Vulnerabilities and Exposures project identifies the following problems :\n\n - CVE-2007-4879 Peter Brodersen and Alexander Klink discovered that the autoselection of SSL client certificates could lead to users being tracked, resulting in a loss of privacy.\n\n - CVE-2008-1233 'moz_bug_r_a4' discovered that variants of CVE-2007-3738 and CVE-2007-5338 allow the execution of arbitrary code through XPCNativeWrapper.\n\n - CVE-2008-1234 'moz_bug_r_a4' discovered that insecure handling of event handlers could lead to cross-site scripting.\n\n - CVE-2008-1235 Boris Zbarsky, Johnny Stenback and 'moz_bug_r_a4' discovered that incorrect principal handling could lead to cross-site scripting and the execution of arbitrary code.\n\n - CVE-2008-1236 Tom Ferris, Seth Spitzer, Martin Wargers, John Daggett and Mats Palmgren discovered crashes in the layout engine, which might allow the execution of arbitrary code.\n\n - CVE-2008-1237 'georgi', 'tgirmann' and Igor Bukanov discovered crashes in the JavaScript engine, which might allow the execution of arbitrary code.\n\n - CVE-2008-1238 Gregory Fleischer discovered that HTTP Referrer headers were handled incorrectly in combination with URLs containing Basic Authentication credentials with empty usernames, resulting in potential Cross-Site Request Forgery attacks.\n\n - CVE-2008-1240 Gregory Fleischer discovered that web content fetched through the jar: protocol can use Java to connect to arbitrary ports. This is only an issue in combination with the non-free Java plugin.\n\n - CVE-2008-1241 Chris Thomas discovered that background tabs could generate XUL popups overlaying the current tab, resulting in potential spoofing attacks.\n\nThe Mozilla products from the old stable distribution (sarge) are no longer supported.", "cvss3": {"score": null, "vector": null}, "published": "2008-03-31T00:00:00", "type": "nessus", "title": "Debian DSA-1532-1 : xulrunner - several vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-3738", "CVE-2007-4879", "CVE-2007-5338", "CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1236", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1240", "CVE-2008-1241"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:xulrunner", "cpe:/o:debian:debian_linux:4.0"], "id": "DEBIAN_DSA-1532.NASL", "href": "https://www.tenable.com/plugins/nessus/31709", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1532. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(31709);\n script_version(\"1.22\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2007-4879\", \"CVE-2008-1233\", \"CVE-2008-1234\", \"CVE-2008-1235\", \"CVE-2008-1236\", \"CVE-2008-1237\", \"CVE-2008-1238\", \"CVE-2008-1240\", \"CVE-2008-1241\");\n script_bugtraq_id(28448);\n script_xref(name:\"DSA\", value:\"1532\");\n\n script_name(english:\"Debian DSA-1532-1 : xulrunner - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"# This shares a lot of text with dsa-1534.wml, dsa-1535.wml,\ndsa-1574.wml\n\nSeveral remote vulnerabilities have been discovered in Xulrunner, a\nruntime environment for XUL applications. The Common Vulnerabilities\nand Exposures project identifies the following problems :\n\n - CVE-2007-4879\n Peter Brodersen and Alexander Klink discovered that the\n autoselection of SSL client certificates could lead to\n users being tracked, resulting in a loss of privacy.\n\n - CVE-2008-1233\n 'moz_bug_r_a4' discovered that variants of CVE-2007-3738\n and CVE-2007-5338 allow the execution of arbitrary code\n through XPCNativeWrapper.\n\n - CVE-2008-1234\n 'moz_bug_r_a4' discovered that insecure handling of\n event handlers could lead to cross-site scripting.\n\n - CVE-2008-1235\n Boris Zbarsky, Johnny Stenback and 'moz_bug_r_a4'\n discovered that incorrect principal handling could lead\n to cross-site scripting and the execution of arbitrary\n code.\n\n - CVE-2008-1236\n Tom Ferris, Seth Spitzer, Martin Wargers, John Daggett\n and Mats Palmgren discovered crashes in the layout\n engine, which might allow the execution of arbitrary\n code.\n\n - CVE-2008-1237\n 'georgi', 'tgirmann' and Igor Bukanov discovered crashes\n in the JavaScript engine, which might allow the\n execution of arbitrary code.\n\n - CVE-2008-1238\n Gregory Fleischer discovered that HTTP Referrer headers\n were handled incorrectly in combination with URLs\n containing Basic Authentication credentials with empty\n usernames, resulting in potential Cross-Site Request\n Forgery attacks.\n\n - CVE-2008-1240\n Gregory Fleischer discovered that web content fetched\n through the jar: protocol can use Java to connect to\n arbitrary ports. This is only an issue in combination\n with the non-free Java plugin.\n\n - CVE-2008-1241\n Chris Thomas discovered that background tabs could\n generate XUL popups overlaying the current tab,\n resulting in potential spoofing attacks.\n\nThe Mozilla products from the old stable distribution (sarge) are no\nlonger supported.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2007-4879\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-1233\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2007-3738\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2007-5338\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-1234\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-1235\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-1236\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-1237\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-1238\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-1240\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-1241\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2008/dsa-1532\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the xulrunner packages.\n\nFor the stable distribution (etch), these problems have been fixed in\nversion 1.8.0.15~pre080323b-0etch1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(59, 79, 94, 287, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:xulrunner\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:4.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/03/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/03/31\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"4.0\", prefix:\"libmozillainterfaces-java\", reference:\"1.8.0.15~pre080323b-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libmozjs-dev\", reference:\"1.8.0.15~pre080323b-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libmozjs0d\", reference:\"1.8.0.15~pre080323b-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libmozjs0d-dbg\", reference:\"1.8.0.15~pre080323b-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libnspr4-0d\", reference:\"1.8.0.15~pre080323b-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libnspr4-0d-dbg\", reference:\"1.8.0.15~pre080323b-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libnspr4-dev\", reference:\"1.8.0.15~pre080323b-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libnss3-0d\", reference:\"1.8.0.15~pre080323b-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libnss3-0d-dbg\", reference:\"1.8.0.15~pre080323b-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libnss3-dev\", reference:\"1.8.0.15~pre080323b-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libnss3-tools\", reference:\"1.8.0.15~pre080323b-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libsmjs-dev\", reference:\"1.8.0.15~pre080323b-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libsmjs1\", reference:\"1.8.0.15~pre080323b-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libxul-common\", reference:\"1.8.0.15~pre080323b-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libxul-dev\", reference:\"1.8.0.15~pre080323b-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libxul0d\", reference:\"1.8.0.15~pre080323b-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libxul0d-dbg\", reference:\"1.8.0.15~pre080323b-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"python-xpcom\", reference:\"1.8.0.15~pre080323b-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"spidermonkey-bin\", reference:\"1.8.0.15~pre080323b-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"xulrunner\", reference:\"1.8.0.15~pre080323b-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"xulrunner-gnome-support\", reference:\"1.8.0.15~pre080323b-0etch1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-03-27T14:51:07", "description": "# This shares a lot of text with dsa-1532.wml, dsa-1535.wml, dsa-1574.wml\n\nSeveral remote vulnerabilities have been discovered in the Iceape internet suite, an unbranded version of the SeaMonkey Internet Suite.\nThe Common Vulnerabilities and Exposures project identifies the following problems :\n\n - CVE-2007-4879 Peter Brodersen and Alexander Klink discovered that the autoselection of SSL client certificates could lead to users being tracked, resulting in a loss of privacy.\n\n - CVE-2008-1233 'moz_bug_r_a4' discovered that variants of CVE-2007-3738 and CVE-2007-5338 allow the execution of arbitrary code through XPCNativeWrapper.\n\n - CVE-2008-1234 'moz_bug_r_a4' discovered that insecure handling of event handlers could lead to cross-site scripting.\n\n - CVE-2008-1235 Boris Zbarsky, Johnny Stenback and 'moz_bug_r_a4' discovered that incorrect principal handling could lead to cross-site scripting and the execution of arbitrary code.\n\n - CVE-2008-1236 Tom Ferris, Seth Spitzer, Martin Wargers, John Daggett and Mats Palmgren discovered crashes in the layout engine, which might allow the execution of arbitrary code.\n\n - CVE-2008-1237 'georgi', 'tgirmann' and Igor Bukanov discovered crashes in the JavaScript engine, which might allow the execution of arbitrary code.\n\n - CVE-2008-1238 Gregory Fleischer discovered that HTTP Referrer headers were handled incorrectly in combination with URLs containing Basic Authentication credentials with empty usernames, resulting in potential Cross-Site Request Forgery attacks.\n\n - CVE-2008-1240 Gregory Fleischer discovered that web content fetched through the jar: protocol can use Java to connect to arbitrary ports. This is only an issue in combination with the non-free Java plugin.\n\n - CVE-2008-1241 Chris Thomas discovered that background tabs could generate XUL popups overlaying the current tab, resulting in potential spoofing attacks.\n\nThe Mozilla products from the old stable distribution (sarge) are no longer supported.", "cvss3": {"score": null, "vector": null}, "published": "2008-03-31T00:00:00", "type": "nessus", "title": "Debian DSA-1534-1 : iceape - several vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-3738", "CVE-2007-4879", "CVE-2007-5338", "CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1236", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1240", "CVE-2008-1241"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:iceape", "cpe:/o:debian:debian_linux:4.0"], "id": "DEBIAN_DSA-1534.NASL", "href": "https://www.tenable.com/plugins/nessus/31711", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1534. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(31711);\n script_version(\"1.21\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2007-4879\", \"CVE-2008-1233\", \"CVE-2008-1234\", \"CVE-2008-1235\", \"CVE-2008-1236\", \"CVE-2008-1237\", \"CVE-2008-1238\", \"CVE-2008-1240\", \"CVE-2008-1241\");\n script_xref(name:\"DSA\", value:\"1534\");\n\n script_name(english:\"Debian DSA-1534-1 : iceape - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"# This shares a lot of text with dsa-1532.wml, dsa-1535.wml,\ndsa-1574.wml\n\nSeveral remote vulnerabilities have been discovered in the Iceape\ninternet suite, an unbranded version of the SeaMonkey Internet Suite.\nThe Common Vulnerabilities and Exposures project identifies the\nfollowing problems :\n\n - CVE-2007-4879\n Peter Brodersen and Alexander Klink discovered that the\n autoselection of SSL client certificates could lead to\n users being tracked, resulting in a loss of privacy.\n\n - CVE-2008-1233\n 'moz_bug_r_a4' discovered that variants of CVE-2007-3738\n and CVE-2007-5338 allow the execution of arbitrary code\n through XPCNativeWrapper.\n\n - CVE-2008-1234\n 'moz_bug_r_a4' discovered that insecure handling of\n event handlers could lead to cross-site scripting.\n\n - CVE-2008-1235\n Boris Zbarsky, Johnny Stenback and 'moz_bug_r_a4'\n discovered that incorrect principal handling could lead\n to cross-site scripting and the execution of arbitrary\n code.\n\n - CVE-2008-1236\n Tom Ferris, Seth Spitzer, Martin Wargers, John Daggett\n and Mats Palmgren discovered crashes in the layout\n engine, which might allow the execution of arbitrary\n code.\n\n - CVE-2008-1237\n 'georgi', 'tgirmann' and Igor Bukanov discovered crashes\n in the JavaScript engine, which might allow the\n execution of arbitrary code.\n\n - CVE-2008-1238\n Gregory Fleischer discovered that HTTP Referrer headers\n were handled incorrectly in combination with URLs\n containing Basic Authentication credentials with empty\n usernames, resulting in potential Cross-Site Request\n Forgery attacks.\n\n - CVE-2008-1240\n Gregory Fleischer discovered that web content fetched\n through the jar: protocol can use Java to connect to\n arbitrary ports. This is only an issue in combination\n with the non-free Java plugin.\n\n - CVE-2008-1241\n Chris Thomas discovered that background tabs could\n generate XUL popups overlaying the current tab,\n resulting in potential spoofing attacks.\n\nThe Mozilla products from the old stable distribution (sarge) are no\nlonger supported.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2007-4879\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-1233\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2007-3738\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2007-5338\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-1234\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-1235\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-1236\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-1237\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-1238\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-1240\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-1241\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2008/dsa-1534\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the iceape packages.\n\nFor the stable distribution (etch), these problems have been fixed in\nversion 1.0.13~pre080323b-0etch1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(59, 79, 94, 287, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceape\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:4.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/03/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/03/31\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"4.0\", prefix:\"iceape\", reference:\"1.0.13~pre080323b-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"iceape-browser\", reference:\"1.0.13~pre080323b-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"iceape-calendar\", reference:\"1.0.13~pre080323b-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"iceape-chatzilla\", reference:\"1.0.13~pre080323b-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"iceape-dbg\", reference:\"1.0.13~pre080323b-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"iceape-dev\", reference:\"1.0.13~pre080323b-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"iceape-dom-inspector\", reference:\"1.0.13~pre080323b-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"iceape-gnome-support\", reference:\"1.0.13~pre080323b-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"iceape-mailnews\", reference:\"1.0.13~pre080323b-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"mozilla\", reference:\"1.8+1.0.13~pre080323b-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"mozilla-browser\", reference:\"1.8+1.0.13~pre080323b-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"mozilla-calendar\", reference:\"1.8+1.0.13~pre080323b-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"mozilla-chatzilla\", reference:\"1.8+1.0.13~pre080323b-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"mozilla-dev\", reference:\"1.8+1.0.13~pre080323b-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"mozilla-dom-inspector\", reference:\"1.8+1.0.13~pre080323b-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"mozilla-js-debugger\", reference:\"1.8+1.0.13~pre080323b-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"mozilla-mailnews\", reference:\"1.8+1.0.13~pre080323b-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"mozilla-psm\", reference:\"1.8+1.0.13~pre080323b-0etch1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-03-27T14:52:38", "description": "# This shares a lot of text with dsa-1532.wml, dsa-1534.wml, dsa-1574.wml\n\nSeveral remote vulnerabilities have been discovered in the Iceweasel web browser, an unbranded version of the Firefox browser. The Common Vulnerabilities and Exposures project identifies the following problems :\n\n - CVE-2007-4879 Peter Brodersen and Alexander Klink discovered that the autoselection of SSL client certificates could lead to users being tracked, resulting in a loss of privacy.\n\n - CVE-2008-1233 'moz_bug_r_a4' discovered that variants of CVE-2007-3738 and CVE-2007-5338 allow the execution of arbitrary code through XPCNativeWrapper.\n\n - CVE-2008-1234 'moz_bug_r_a4' discovered that insecure handling of event handlers could lead to cross-site scripting.\n\n - CVE-2008-1235 Boris Zbarsky, Johnny Stenback and 'moz_bug_r_a4' discovered that incorrect principal handling could lead to cross-site scripting and the execution of arbitrary code.\n\n - CVE-2008-1236 Tom Ferris, Seth Spitzer, Martin Wargers, John Daggett and Mats Palmgren discovered crashes in the layout engine, which might allow the execution of arbitrary code.\n\n - CVE-2008-1237 'georgi', 'tgirmann' and Igor Bukanov discovered crashes in the JavaScript engine, which might allow the execution of arbitrary code.\n\n - CVE-2008-1238 Gregory Fleischer discovered that HTTP Referrer headers were handled incorrectly in combination with URLs containing Basic Authentication credentials with empty usernames, resulting in potential Cross-Site Request Forgery attacks.\n\n - CVE-2008-1240 Gregory Fleischer discovered that web content fetched through the jar: protocol can use Java to connect to arbitrary ports. This is only an issue in combination with the non-free Java plugin.\n\n - CVE-2008-1241 Chris Thomas discovered that background tabs could generate XUL popups overlaying the current tab, resulting in potential spoofing attacks.\n\nThe Mozilla products from the old stable distribution (sarge) are no longer supported.", "cvss3": {"score": null, "vector": null}, "published": "2008-04-11T00:00:00", "type": "nessus", "title": "Debian DSA-1535-1 : iceweasel - several vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-3738", "CVE-2007-4879", "CVE-2007-5338", "CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1236", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1240", "CVE-2008-1241"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:iceweasel", "cpe:/o:debian:debian_linux:4.0"], "id": "DEBIAN_DSA-1535.NASL", "href": "https://www.tenable.com/plugins/nessus/31806", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1535. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(31806);\n script_version(\"1.21\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2007-4879\", \"CVE-2008-1233\", \"CVE-2008-1234\", \"CVE-2008-1235\", \"CVE-2008-1236\", \"CVE-2008-1237\", \"CVE-2008-1238\", \"CVE-2008-1240\", \"CVE-2008-1241\");\n script_bugtraq_id(28448);\n script_xref(name:\"DSA\", value:\"1535\");\n\n script_name(english:\"Debian DSA-1535-1 : iceweasel - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"# This shares a lot of text with dsa-1532.wml, dsa-1534.wml,\ndsa-1574.wml\n\nSeveral remote vulnerabilities have been discovered in the Iceweasel\nweb browser, an unbranded version of the Firefox browser. The Common\nVulnerabilities and Exposures project identifies the following\nproblems :\n\n - CVE-2007-4879\n Peter Brodersen and Alexander Klink discovered that the\n autoselection of SSL client certificates could lead to\n users being tracked, resulting in a loss of privacy.\n\n - CVE-2008-1233\n 'moz_bug_r_a4' discovered that variants of CVE-2007-3738\n and CVE-2007-5338 allow the execution of arbitrary code\n through XPCNativeWrapper.\n\n - CVE-2008-1234\n 'moz_bug_r_a4' discovered that insecure handling of\n event handlers could lead to cross-site scripting.\n\n - CVE-2008-1235\n Boris Zbarsky, Johnny Stenback and 'moz_bug_r_a4'\n discovered that incorrect principal handling could lead\n to cross-site scripting and the execution of arbitrary\n code.\n\n - CVE-2008-1236\n Tom Ferris, Seth Spitzer, Martin Wargers, John Daggett\n and Mats Palmgren discovered crashes in the layout\n engine, which might allow the execution of arbitrary\n code.\n\n - CVE-2008-1237\n 'georgi', 'tgirmann' and Igor Bukanov discovered crashes\n in the JavaScript engine, which might allow the\n execution of arbitrary code.\n\n - CVE-2008-1238\n Gregory Fleischer discovered that HTTP Referrer headers\n were handled incorrectly in combination with URLs\n containing Basic Authentication credentials with empty\n usernames, resulting in potential Cross-Site Request\n Forgery attacks.\n\n - CVE-2008-1240\n Gregory Fleischer discovered that web content fetched\n through the jar: protocol can use Java to connect to\n arbitrary ports. This is only an issue in combination\n with the non-free Java plugin.\n\n - CVE-2008-1241\n Chris Thomas discovered that background tabs could\n generate XUL popups overlaying the current tab,\n resulting in potential spoofing attacks.\n\nThe Mozilla products from the old stable distribution (sarge) are no\nlonger supported.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2007-4879\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-1233\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2007-3738\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2007-5338\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-1234\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-1235\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-1236\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-1237\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-1238\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-1240\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-1241\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2008/dsa-1535\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the iceweasel packages.\n\nFor the stable distribution (etch), these problems have been fixed in\nversion 2.0.0.13-0etch1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(59, 79, 94, 287, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:4.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/03/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/04/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"4.0\", prefix:\"firefox\", reference:\"2.0.0.13-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"firefox-dom-inspector\", reference:\"2.0.0.13-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"firefox-gnome-support\", reference:\"2.0.0.13-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"iceweasel\", reference:\"2.0.0.13-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"iceweasel-dbg\", reference:\"2.0.0.13-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"iceweasel-dom-inspector\", reference:\"2.0.0.13-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"iceweasel-gnome-support\", reference:\"2.0.0.13-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"mozilla-firefox\", reference:\"2.0.0.13-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"mozilla-firefox-dom-inspector\", reference:\"2.0.0.13-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"mozilla-firefox-gnome-support\", reference:\"2.0.0.13-0etch1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:10:39", "description": "The remote host is affected by the vulnerability described in GLSA-200805-18 (Mozilla products: Multiple vulnerabilities)\n\n The following vulnerabilities were reported in all mentioned Mozilla products:\n Jesse Ruderman, Kai Engert, Martijn Wargers, Mats Palmgren, and Paul Nickerson reported browser crashes related to JavaScript methods, possibly triggering memory corruption (CVE-2008-0412).\n Carsten Book, Wesley Garland, Igor Bukanov, moz_bug_r_a4, shutdown, Philip Taylor, and tgirmann reported crashes in the JavaScript engine, possibly triggering memory corruption (CVE-2008-0413).\n David Bloom discovered a vulnerability in the way images are treated by the browser when a user leaves a page, possibly triggering memory corruption (CVE-2008-0419).\n moz_bug_r_a4, Boris Zbarsky, and Johnny Stenback reported a series of privilege escalation vulnerabilities related to JavaScript (CVE-2008-1233, CVE-2008-1234, CVE-2008-1235).\n Mozilla developers identified browser crashes caused by the layout and JavaScript engines, possibly triggering memory corruption (CVE-2008-1236, CVE-2008-1237).\n moz_bug_r_a4 and Boris Zbarsky discovered that pages could escape from its sandboxed context and run with chrome privileges, and inject script content into another site, violating the browser's same origin policy (CVE-2008-0415).\n Gerry Eisenhaur discovered a directory traversal vulnerability when using 'flat' addons (CVE-2008-0418).\n Alexey Proskuryakov, Yosuke Hasegawa and Simon Montagu reported multiple character handling flaws related to the backspace character, the '0x80' character, involving zero-length non-ASCII sequences in multiple character sets, that could facilitate Cross-Site Scripting attacks (CVE-2008-0416).\n The following vulnerability was reported in Thunderbird and SeaMonkey:\n regenrecht (via iDefense) reported a heap-based buffer overflow when rendering an email message with an external MIME body (CVE-2008-0304).\n The following vulnerabilities were reported in Firefox, SeaMonkey and XULRunner:\n The fix for CVE-2008-1237 in Firefox 2.0.0.13 and SeaMonkey 1.1.9 introduced a new crash vulnerability (CVE-2008-1380).\n hong and Gregory Fleischer each reported a variant on earlier reported bugs regarding focus shifting in file input controls (CVE-2008-0414).\n Gynvael Coldwind (Vexillium) discovered that BMP images could be used to reveal uninitialized memory, and that this data could be extracted using a 'canvas' feature (CVE-2008-0420).\n Chris Thomas reported that background tabs could create a borderless XUL pop-up in front of pages in other tabs (CVE-2008-1241).\n oo.rio.oo discovered that a plain text file with a 'Content-Disposition: attachment' prevents Firefox from rendering future plain text files within the browser (CVE-2008-0592).\n Martin Straka reported that the '.href' property of stylesheet DOM nodes is modified to the final URI of a 302 redirect, bypassing the same origin policy (CVE-2008-0593).\n Gregory Fleischer discovered that under certain circumstances, leading characters from the hostname part of the 'Referer:' HTTP header are removed (CVE-2008-1238).\n Peter Brodersen and Alexander Klink reported that the browser automatically selected and sent a client certificate when SSL Client Authentication is requested by a server (CVE-2007-4879).\n Gregory Fleischer reported that web content fetched via the 'jar:' protocol was not subject to network access restrictions (CVE-2008-1240).\n The following vulnerabilities were reported in Firefox:\n Justin Dolske discovered a CRLF injection vulnerability when storing passwords (CVE-2008-0417).\n Michal Zalewski discovered that Firefox does not properly manage a delay timer used in confirmation dialogs (CVE-2008-0591).\n Emil Ljungdahl and Lars-Olof Moilanen discovered that a web forgery warning dialog is not displayed if the entire contents of a web page are in a DIV tag that uses absolute positioning (CVE-2008-0594).\n Impact :\n\n A remote attacker could entice a user to view a specially crafted web page or email that will trigger one of the vulnerabilities, possibly leading to the execution of arbitrary code or a Denial of Service. It is also possible for an attacker to trick a user to upload arbitrary files when submitting a form, to corrupt saved passwords for other sites, to steal login credentials, or to conduct Cross-Site Scripting and Cross-Site Request Forgery attacks.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {"score": null, "vector": null}, "published": "2008-05-22T00:00:00", "type": "nessus", "title": "GLSA-200805-18 : Mozilla products: Multiple vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-4879", "CVE-2008-0304", "CVE-2008-0412", "CVE-2008-0413", "CVE-2008-0414", "CVE-2008-0415", "CVE-2008-0416", "CVE-2008-0417", "CVE-2008-0418", "CVE-2008-0419", "CVE-2008-0420", "CVE-2008-0591", "CVE-2008-0592", "CVE-2008-0593", "CVE-2008-0594", "CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1236", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1240", "CVE-2008-1241", "CVE-2008-1380"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:mozilla-firefox", "p-cpe:/a:gentoo:linux:mozilla-firefox-bin", "p-cpe:/a:gentoo:linux:mozilla-thunderbird", "p-cpe:/a:gentoo:linux:mozilla-thunderbird-bin", "p-cpe:/a:gentoo:linux:seamonkey", "p-cpe:/a:gentoo:linux:seamonkey-bin", "p-cpe:/a:gentoo:linux:xulrunner", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-200805-18.NASL", "href": "https://www.tenable.com/plugins/nessus/32416", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200805-18.\n#\n# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(32416);\n script_version(\"1.21\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2007-4879\", \"CVE-2008-0304\", \"CVE-2008-0412\", \"CVE-2008-0413\", \"CVE-2008-0414\", \"CVE-2008-0415\", \"CVE-2008-0416\", \"CVE-2008-0417\", \"CVE-2008-0418\", \"CVE-2008-0419\", \"CVE-2008-0420\", \"CVE-2008-0591\", \"CVE-2008-0592\", \"CVE-2008-0593\", \"CVE-2008-0594\", \"CVE-2008-1233\", \"CVE-2008-1234\", \"CVE-2008-1235\", \"CVE-2008-1236\", \"CVE-2008-1237\", \"CVE-2008-1238\", \"CVE-2008-1240\", \"CVE-2008-1241\", \"CVE-2008-1380\");\n script_xref(name:\"GLSA\", value:\"200805-18\");\n\n script_name(english:\"GLSA-200805-18 : Mozilla products: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200805-18\n(Mozilla products: Multiple vulnerabilities)\n\n The following vulnerabilities were reported in all mentioned Mozilla\n products:\n Jesse Ruderman, Kai Engert, Martijn Wargers, Mats Palmgren, and Paul\n Nickerson reported browser crashes related to JavaScript methods,\n possibly triggering memory corruption (CVE-2008-0412).\n Carsten Book, Wesley Garland, Igor Bukanov, moz_bug_r_a4, shutdown,\n Philip Taylor, and tgirmann reported crashes in the JavaScript engine,\n possibly triggering memory corruption (CVE-2008-0413).\n David Bloom discovered a vulnerability in the way images are treated by\n the browser when a user leaves a page, possibly triggering memory\n corruption (CVE-2008-0419).\n moz_bug_r_a4, Boris Zbarsky, and Johnny Stenback reported a series of\n privilege escalation vulnerabilities related to JavaScript\n (CVE-2008-1233, CVE-2008-1234, CVE-2008-1235).\n Mozilla developers identified browser crashes caused by the layout and\n JavaScript engines, possibly triggering memory corruption\n (CVE-2008-1236, CVE-2008-1237).\n moz_bug_r_a4 and Boris Zbarsky discovered that pages could escape from\n its sandboxed context and run with chrome privileges, and inject script\n content into another site, violating the browser's same origin policy\n (CVE-2008-0415).\n Gerry Eisenhaur discovered a directory traversal vulnerability when\n using 'flat' addons (CVE-2008-0418).\n Alexey Proskuryakov, Yosuke Hasegawa and Simon Montagu reported\n multiple character handling flaws related to the backspace character,\n the '0x80' character, involving zero-length non-ASCII sequences in\n multiple character sets, that could facilitate Cross-Site Scripting\n attacks (CVE-2008-0416).\n The following vulnerability was reported in Thunderbird and SeaMonkey:\n regenrecht (via iDefense) reported a heap-based buffer overflow when\n rendering an email message with an external MIME body (CVE-2008-0304).\n The following vulnerabilities were reported in Firefox, SeaMonkey and\n XULRunner:\n The fix for CVE-2008-1237 in Firefox 2.0.0.13\n and SeaMonkey 1.1.9 introduced a new crash vulnerability\n (CVE-2008-1380).\n hong and Gregory Fleischer each reported a\n variant on earlier reported bugs regarding focus shifting in file input\n controls (CVE-2008-0414).\n Gynvael Coldwind (Vexillium) discovered that BMP images could be used\n to reveal uninitialized memory, and that this data could be extracted\n using a 'canvas' feature (CVE-2008-0420).\n Chris Thomas reported that background tabs could create a borderless\n XUL pop-up in front of pages in other tabs (CVE-2008-1241).\n oo.rio.oo discovered that a plain text file with a\n 'Content-Disposition: attachment' prevents Firefox from rendering\n future plain text files within the browser (CVE-2008-0592).\n Martin Straka reported that the '.href' property of stylesheet DOM\n nodes is modified to the final URI of a 302 redirect, bypassing the\n same origin policy (CVE-2008-0593).\n Gregory Fleischer discovered that under certain circumstances, leading\n characters from the hostname part of the 'Referer:' HTTP header are\n removed (CVE-2008-1238).\n Peter Brodersen and Alexander Klink reported that the browser\n automatically selected and sent a client certificate when SSL Client\n Authentication is requested by a server (CVE-2007-4879).\n Gregory Fleischer reported that web content fetched via the 'jar:'\n protocol was not subject to network access restrictions\n (CVE-2008-1240).\n The following vulnerabilities were reported in Firefox:\n Justin Dolske discovered a CRLF injection vulnerability when storing\n passwords (CVE-2008-0417).\n Michal Zalewski discovered that Firefox does not properly manage a\n delay timer used in confirmation dialogs (CVE-2008-0591).\n Emil Ljungdahl and Lars-Olof Moilanen discovered that a web forgery\n warning dialog is not displayed if the entire contents of a web page\n are in a DIV tag that uses absolute positioning (CVE-2008-0594).\n \nImpact :\n\n A remote attacker could entice a user to view a specially crafted web\n page or email that will trigger one of the vulnerabilities, possibly\n leading to the execution of arbitrary code or a Denial of Service. It\n is also possible for an attacker to trick a user to upload arbitrary\n files when submitting a form, to corrupt saved passwords for other\n sites, to steal login credentials, or to conduct Cross-Site Scripting\n and Cross-Site Request Forgery attacks.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200805-18\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Mozilla Firefox users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-client/mozilla-firefox-2.0.0.14'\n All Mozilla Firefox binary users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-client/mozilla-firefox-bin-2.0.0.14'\n All Mozilla Thunderbird users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=mail-client/mozilla-thunderbird-2.0.0.14'\n All Mozilla Thunderbird binary users should upgrade to the latest\n version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=mail-client/mozilla-thunderbird-bin-2.0.0.14'\n All SeaMonkey users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-client/seamonkey-1.1.9-r1'\n All SeaMonkey binary users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-client/seamonkey-bin-1.1.9'\n All XULRunner users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-libs/xulrunner-1.8.1.14'\n NOTE: The crash vulnerability (CVE-2008-1380) is currently unfixed in\n the SeaMonkey binary ebuild, as no precompiled packages have been\n released. Until an update is available, we recommend all SeaMonkey\n users to disable JavaScript, use Firefox for JavaScript-enabled\n browsing, or switch to the SeaMonkey source ebuild.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 22, 59, 79, 94, 119, 200, 287, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:mozilla-firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:mozilla-firefox-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:mozilla-thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:mozilla-thunderbird-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:seamonkey\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:seamonkey-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:xulrunner\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/05/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/05/22\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/09/08\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"www-client/mozilla-firefox-bin\", unaffected:make_list(\"ge 2.0.0.14\"), vulnerable:make_list(\"lt 2.0.0.14\"))) flag++;\nif (qpkg_check(package:\"www-client/seamonkey-bin\", unaffected:make_list(\"ge 1.1.9\"), vulnerable:make_list(\"lt 1.1.9\"))) flag++;\nif (qpkg_check(package:\"mail-client/mozilla-thunderbird-bin\", unaffected:make_list(\"ge 2.0.0.14\"), vulnerable:make_list(\"lt 2.0.0.14\"))) flag++;\nif (qpkg_check(package:\"www-client/seamonkey\", unaffected:make_list(\"ge 1.1.9-r1\"), vulnerable:make_list(\"lt 1.1.9-r1\"))) flag++;\nif (qpkg_check(package:\"mail-client/mozilla-thunderbird\", unaffected:make_list(\"ge 2.0.0.14\"), vulnerable:make_list(\"lt 2.0.0.14\"))) flag++;\nif (qpkg_check(package:\"net-libs/xulrunner\", unaffected:make_list(\"ge 1.8.1.14\"), vulnerable:make_list(\"lt 1.8.1.14\"))) flag++;\nif (qpkg_check(package:\"www-client/mozilla-firefox\", unaffected:make_list(\"ge 2.0.0.14\"), vulnerable:make_list(\"lt 2.0.0.14\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Mozilla products\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "freebsd": [{"lastseen": "2022-01-19T16:03:50", "description": "\n\nThe Mozilla Foundation reports of multiple security issues\n\t in Firefox, Seamonkey, and Thunderbird. Several of these\n\t issues can probably be used to run arbitrary code with the\n\t privilege of the user running the program.\n\n\nMFSA 2008-19\n\t XUL popup spoofing variant (cross-tab popups)\nMFSA 2008-18\n\t Java socket connection to any local port via LiveConnect\nMFSA 2008-17\n\t Privacy issue with SSL Client Authentication\nMFSA 2008-16\n\t HTTP Referrer spoofing with malformed URLs\nMFSA 2008-15\n\t Crashes with evidence of memory corruption (rv:1.8.1.13)\nMFSA 2008-14\n\t JavaScript privilege escalation and arbitrary code execution\n\n\n\n", "cvss3": {}, "published": "2008-03-26T00:00:00", "type": "freebsd", "title": "mozilla -- multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-4879", "CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1236", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1240", "CVE-2008-1241"], "modified": "2009-12-12T00:00:00", "id": "12B336C6-FE36-11DC-B09C-001C2514716C", "href": "https://vuxml.freebsd.org/freebsd/12b336c6-fe36-11dc-b09c-001c2514716c.html", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2017-07-02T21:10:23", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "cvss3": {}, "published": "2008-09-04T00:00:00", "type": "openvas", "title": "FreeBSD Ports: firefox", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-4879", "CVE-2008-1236", "CVE-2008-1240", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1241"], "modified": "2016-09-19T00:00:00", "id": "OPENVAS:60680", "href": "http://plugins.openvas.org/nasl.php?oid=60680", "sourceData": "#\n#VID 12b336c6-fe36-11dc-b09c-001c2514716c\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from vuxml or freebsd advisories\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following packages are affected:\n firefox\n linux-firefox\n seamonkey\n linux-seamonkey\n linux-seamonkey-devel\n thunderbird\n linux-thunderbird\n\nFor details on the the issues addressed in this update,\nplease visit the referenced security advisories.\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\";\nif(description)\n{\n script_id(60680);\n script_version(\"$Revision: 4112 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-09-19 15:17:59 +0200 (Mon, 19 Sep 2016) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-04 20:41:11 +0200 (Thu, 04 Sep 2008)\");\n script_cve_id(\"CVE-2008-1241\", \"CVE-2008-1240\", \"CVE-2007-4879\", \"CVE-2008-1238\", \"CVE-2008-1236\", \"CVE-2008-1237\", \"CVE-2008-1233\", \"CVE-2008-1234\", \"CVE-2008-1235\");\n script_bugtraq_id(28448);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"FreeBSD Ports: firefox\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"firefox\");\nif(!isnull(bver) && revcomp(a:bver, b:\"2.0.0.13,1\")<0) {\n txt += 'Package firefox version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"linux-firefox\");\nif(!isnull(bver) && revcomp(a:bver, b:\"2.0.0.13\")<0) {\n txt += 'Package linux-firefox version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"seamonkey\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.1.9\")<0) {\n txt += 'Package seamonkey version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"linux-seamonkey\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.1.9\")<0) {\n txt += 'Package linux-seamonkey version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"linux-seamonkey-devel\");\nif(!isnull(bver) && revcomp(a:bver, b:\"0\")>0) {\n txt += 'Package linux-seamonkey-devel version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"thunderbird\");\nif(!isnull(bver) && revcomp(a:bver, b:\"0\")>0) {\n txt += 'Package thunderbird version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"linux-thunderbird\");\nif(!isnull(bver) && revcomp(a:bver, b:\"0\")>0) {\n txt += 'Package linux-thunderbird version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-12T11:20:48", "description": "Check for the Version of MozillaFirefox", "cvss3": {}, "published": "2009-01-23T00:00:00", "type": "openvas", "title": "SuSE Update for MozillaFirefox SUSE-SA:2008:019", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-4879", "CVE-2008-1236", "CVE-2008-1195", "CVE-2008-1240", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1241"], "modified": "2017-12-08T00:00:00", "id": "OPENVAS:850011", "href": "http://plugins.openvas.org/nasl.php?oid=850011", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_suse_2008_019.nasl 8050 2017-12-08 09:34:29Z santu $\n#\n# SuSE Update for MozillaFirefox SUSE-SA:2008:019\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The web browser Mozilla Firefox was brought to security update version 2.0.0.13.\n\n Following security problems were fixed:\n\n - CVE-2008-1241: XUL pop-up spoofing variant (cross-tab\n popups)\n\n - CVE-2008-1240: Java socket connection\n to any local port via LiveConnect\n\n - CVE-2007-4879: Privacy issue with SSL Client\n Authentication\n\n - CVE-2008-1238: HTTP Referrer spoofing with malformed\n URLs\n\n - CVE-2008-1237: Crashes with evidence\n of memory corruption (rv:1.8.1.13)\n\n - CVE-2008-1235:\n JavaScript privilege escalation and arbitrary code execution.\n\n On Novell Linux Desktop 9 the fixes were back ported to the Firefox 1.5.0.14\n version.\n\n seamonkey, mozilla-xulrunner and likely Thunderbird updates will\n follow in the next days.\";\n\ntag_impact = \"remote code execution\";\ntag_affected = \"MozillaFirefox on SUSE LINUX 10.1, openSUSE 10.2, openSUSE 10.3, Novell Linux Desktop 9, SUSE Linux Enterprise Desktop 10 SP1, SUSE Linux Enterprise Server 10 SP1\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_id(850011);\n script_version(\"$Revision: 8050 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-08 10:34:29 +0100 (Fri, 08 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-01-23 16:44:26 +0100 (Fri, 23 Jan 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"SUSE-SA\", value: \"2008-019\");\n script_cve_id(\"CVE-2007-4879\", \"CVE-2008-1195\", \"CVE-2008-1233\", \"CVE-2008-1234\", \"CVE-2008-1235\", \"CVE-2008-1236\", \"CVE-2008-1237\", \"CVE-2008-1238\", \"CVE-2008-1240\", \"CVE-2008-1241\");\n script_name( \"SuSE Update for MozillaFirefox SUSE-SA:2008:019\");\n\n script_summary(\"Check for the Version of MozillaFirefox\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"openSUSE10.3\")\n{\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox\", rpm:\"MozillaFirefox~2.0.0.13~0.1\", rls:\"openSUSE10.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox-translations\", rpm:\"MozillaFirefox-translations~2.0.0.13~0.1\", rls:\"openSUSE10.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"openSUSE10.2\")\n{\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox\", rpm:\"MozillaFirefox~2.0.0.13~0.1\", rls:\"openSUSE10.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox-translations\", rpm:\"MozillaFirefox-translations~2.0.0.13~0.1\", rls:\"openSUSE10.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"NLDk9\")\n{\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox\", rpm:\"MozillaFirefox~1.5.0.12~0.11\", rls:\"NLDk9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox-translations\", rpm:\"MozillaFirefox-translations~1.5.0.12~0.11\", rls:\"NLDk9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"LES10SP1\")\n{\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox\", rpm:\"MozillaFirefox~2.0.0.13~0.2\", rls:\"LES10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox-translations\", rpm:\"MozillaFirefox-translations~2.0.0.13~0.2\", rls:\"LES10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"SLESDk10SP1\")\n{\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox\", rpm:\"MozillaFirefox~2.0.0.13~0.2\", rls:\"SLESDk10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox-translations\", rpm:\"MozillaFirefox-translations~2.0.0.13~0.2\", rls:\"SLESDk10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"SL10.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox\", rpm:\"MozillaFirefox~2.0.0.13~0.2\", rls:\"SL10.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox-translations\", rpm:\"MozillaFirefox-translations~2.0.0.13~0.2\", rls:\"SL10.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:38:28", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n mozilla-xulrunner\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/", "cvss3": {}, "published": "2009-10-13T00:00:00", "type": "openvas", "title": "SLES10: Security update for epiphany", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-4879", "CVE-2008-1236", "CVE-2008-1195", "CVE-2008-1240", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1241"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231065980", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231065980", "sourceData": "#\n#VID slesp1-mozilla-xulrunner-5164\n# OpenVAS Vulnerability Test\n# $\n# Description: Security update for epiphany\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n mozilla-xulrunner\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.65980\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-13 18:25:40 +0200 (Tue, 13 Oct 2009)\");\n script_cve_id(\"CVE-2008-1241\", \"CVE-2008-1195\", \"CVE-2008-1240\", \"CVE-2007-4879\", \"CVE-2008-1238\", \"CVE-2008-1236\", \"CVE-2008-1237\", \"CVE-2008-1233\", \"CVE-2008-1234\", \"CVE-2008-1235\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"SLES10: Security update for epiphany\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner\", rpm:\"mozilla-xulrunner~1.8.0.14eol~0.5\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:37:23", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n mozilla-mail\n mozilla-devel\n mozilla-irc\n mozilla-deat\n mozilla\n mozilla-dom-inspector\n mozilla-venkman\n mozilla-calendar\n mozilla-cs\n mozilla-hu\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5022953 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "cvss3": {}, "published": "2009-10-10T00:00:00", "type": "openvas", "title": "SLES9: Security update for Mozilla", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-4879", "CVE-2008-1236", "CVE-2008-1195", "CVE-2008-1240", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1241"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231065153", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231065153", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5022953.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Security update for Mozilla\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n mozilla-mail\n mozilla-devel\n mozilla-irc\n mozilla-deat\n mozilla\n mozilla-dom-inspector\n mozilla-venkman\n mozilla-calendar\n mozilla-cs\n mozilla-hu\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5022953 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.65153\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2008-1241\", \"CVE-2008-1195\", \"CVE-2008-1240\", \"CVE-2007-4879\", \"CVE-2008-1238\", \"CVE-2008-1236\", \"CVE-2008-1237\", \"CVE-2008-1233\", \"CVE-2008-1234\", \"CVE-2008-1235\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"SLES9: Security update for Mozilla\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"mozilla-mail\", rpm:\"mozilla-mail~1.8_seamonkey_1.0.9~1.13\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-26T08:55:37", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n mozilla-xulrunner\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/", "cvss3": {}, "published": "2009-10-13T00:00:00", "type": "openvas", "title": "SLES10: Security update for epiphany", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-4879", "CVE-2008-1236", "CVE-2008-1195", "CVE-2008-1240", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1241"], "modified": "2017-07-11T00:00:00", "id": "OPENVAS:65980", "href": "http://plugins.openvas.org/nasl.php?oid=65980", "sourceData": "#\n#VID slesp1-mozilla-xulrunner-5164\n# OpenVAS Vulnerability Test\n# $\n# Description: Security update for epiphany\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n mozilla-xulrunner\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n\nif(description)\n{\n script_id(65980);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-13 18:25:40 +0200 (Tue, 13 Oct 2009)\");\n script_cve_id(\"CVE-2008-1241\", \"CVE-2008-1195\", \"CVE-2008-1240\", \"CVE-2007-4879\", \"CVE-2008-1238\", \"CVE-2008-1236\", \"CVE-2008-1237\", \"CVE-2008-1233\", \"CVE-2008-1234\", \"CVE-2008-1235\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"SLES10: Security update for epiphany\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner\", rpm:\"mozilla-xulrunner~1.8.0.14eol~0.5\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2020-04-16T16:58:23", "description": "The remote host is affected by the vulnerabilities described in the\n referenced advisories.", "cvss3": {}, "published": "2008-06-17T00:00:00", "type": "openvas", "title": "Mozilla Firefox, Thunderbird, Seamonkey. Several vulnerabilitys (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-4879", "CVE-2008-1236", "CVE-2008-1195", "CVE-2008-1240", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1241"], "modified": "2020-04-14T00:00:00", "id": "OPENVAS:136141256231090013", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231090013", "sourceData": "# OpenVAS Vulnerability Test\n# Description: Mozilla Firefox, Thunderbird, Seamonkey. Several vulnerabilitys (Windows)\n#\n# Authors:\n# Carsten Koch-Mauthe <c.koch-mauthe at dn-systems.de>\n#\n# Copyright:\n# Copyright (C) 2008 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.90013\");\n script_version(\"2020-04-14T08:15:28+0000\");\n script_tag(name:\"last_modification\", value:\"2020-04-14 08:15:28 +0000 (Tue, 14 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2008-06-17 20:22:38 +0200 (Tue, 17 Jun 2008)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2008-1233\", \"CVE-2008-1234\", \"CVE-2008-1235\", \"CVE-2008-1236\", \"CVE-2008-1237\",\n \"CVE-2008-1238\", \"CVE-2007-4879\", \"CVE-2008-1195\", \"CVE-2008-1240\", \"CVE-2008-1241\");\n script_bugtraq_id(28448);\n script_name(\"Mozilla Firefox, Thunderbird, Seamonkey. Several vulnerabilitys (Windows)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2008 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_firefox_detect_portable_win.nasl\", \"gb_seamonkey_detect_win.nasl\", \"gb_thunderbird_detect_portable_win.nasl\");\n script_mandatory_keys(\"Mozilla/Firefox_or_Seamonkey_or_Thunderbird/Installed\");\n\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-2.0/#firefox2.0.0.13\");\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/security/known-vulnerabilities/seamonkey-1.1/#seamonkey1.1.9\");\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird-2.0/#thunderbird2.0.0.14\");\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2008-19/\");\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2008-18/\");\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2008-17/\");\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2008-16/\");\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2008-15/\");\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2008-14/\");\n\n script_tag(name:\"solution\", value:\"All users should upgrade to the latest versions of Firefox, Thunderbird or\n Seamonkey.\");\n\n script_tag(name:\"summary\", value:\"The remote host is affected by the vulnerabilities described in the\n referenced advisories.\");\n\n script_tag(name:\"impact\", value:\"Mozilla contributors moz_bug_r_a4, Boris Zbarsky, and Johnny Stenback reported\n a series of vulnerabilities which allow scripts from page content to run with\n elevated privileges. moz_bug_r_a4 demonstrated additional variants of MFSA\n 2007-25 and MFSA2007-35 (arbitrary code execution through XPCNativeWrapper\n pollution). Additional vulnerabilities reported separately by Boris Zbarsky,\n Johnny Stenback, and moz_bug_r_a4 showed that the browser could be forced to\n run JavaScript code using the wrong principal leading to universal XSS\n and arbitrary code execution.\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"version_func.inc\");\n\nffVer = get_kb_item(\"Firefox/Win/Ver\");\nif(ffVer)\n{\n if(version_is_less(version:ffVer, test_version:\"2.0.0.13\"))\n {\n report = report_fixed_ver(installed_version:ffVer, fixed_version:\"2.0.0.13\");\n security_message(port: 0, data: report);\n exit(0);\n }\n}\n\nsmVer = get_kb_item(\"Seamonkey/Win/Ver\");\nif(smVer)\n{\n if(version_is_less(version:smVer, test_version:\"1.1.9\"))\n {\n report = report_fixed_ver(installed_version:smVer, fixed_version:\"1.1.9\");\n security_message(port: 0, data: report);\n exit(0);\n }\n}\n\ntbVer = get_kb_item(\"Thunderbird/Win/Ver\");\nif(tbVer)\n{\n if(version_is_less(version:tbVer, test_version:\"2.0.0.14\")){\n report = report_fixed_ver(installed_version:tbVer, fixed_version:\"2.0.0.14\");\n security_message(port: 0, data: report);\n }\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-24T12:56:44", "description": "Check for the Version of mozilla-firefox", "cvss3": {}, "published": "2009-04-09T00:00:00", "type": "openvas", "title": "Mandriva Update for mozilla-firefox MDVSA-2008:080 (mozilla-firefox)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-4879", "CVE-2008-1236", "CVE-2008-1195", "CVE-2008-1240", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1241"], "modified": "2017-07-06T00:00:00", "id": "OPENVAS:830456", "href": "http://plugins.openvas.org/nasl.php?oid=830456", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for mozilla-firefox MDVSA-2008:080 (mozilla-firefox)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A number of security vulnerabilities have been discovered and corrected\n in the latest Mozilla Firefox program, version 2.0.0.13.\n\n This update provides the latest Firefox to correct these issues.\";\n\ntag_affected = \"mozilla-firefox on Mandriva Linux 2007.1,\n Mandriva Linux 2007.1/X86_64,\n Mandriva Linux 2008.0,\n Mandriva Linux 2008.0/X86_64\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2008-03/msg00034.php\");\n script_id(830456);\n script_version(\"$Revision: 6568 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 15:04:21 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-09 14:18:58 +0200 (Thu, 09 Apr 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"MDVSA\", value: \"2008:080\");\n script_cve_id(\"CVE-2007-4879\", \"CVE-2008-1195\", \"CVE-2008-1233\", \"CVE-2008-1234\", \"CVE-2008-1235\", \"CVE-2008-1236\", \"CVE-2008-1237\", \"CVE-2008-1238\", \"CVE-2008-1240\", \"CVE-2008-1241\");\n script_name( \"Mandriva Update for mozilla-firefox MDVSA-2008:080 (mozilla-firefox)\");\n\n script_summary(\"Check for the Version of mozilla-firefox\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2007.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"deskbar-applet\", rpm:\"deskbar-applet~2.18.0~3.7mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"devhelp\", rpm:\"devhelp~0.13~3.7mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"devhelp-plugins\", rpm:\"devhelp-plugins~0.13~3.7mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"eclipse-ecj\", rpm:\"eclipse-ecj~3.2.2~3.4.5mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"eclipse-jdt\", rpm:\"eclipse-jdt~3.2.2~3.4.5mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"eclipse-jdt-sdk\", rpm:\"eclipse-jdt-sdk~3.2.2~3.4.5mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"eclipse-pde\", rpm:\"eclipse-pde~3.2.2~3.4.5mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"eclipse-pde-runtime\", rpm:\"eclipse-pde-runtime~3.2.2~3.4.5mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"eclipse-pde-sdk\", rpm:\"eclipse-pde-sdk~3.2.2~3.4.5mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"eclipse-platform\", rpm:\"eclipse-platform~3.2.2~3.4.5mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"eclipse-platform-sdk\", rpm:\"eclipse-platform-sdk~3.2.2~3.4.5mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"eclipse-rcp\", rpm:\"eclipse-rcp~3.2.2~3.4.5mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"eclipse-rcp-sdk\", rpm:\"eclipse-rcp-sdk~3.2.2~3.4.5mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"eclipse-sdk\", rpm:\"eclipse-sdk~3.2.2~3.4.5mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"epiphany\", rpm:\"epiphany~2.18.0~5.7mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"epiphany-devel\", rpm:\"epiphany-devel~2.18.0~5.7mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"epiphany-extensions\", rpm:\"epiphany-extensions~2.18.0~2.6mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"galeon\", rpm:\"galeon~2.0.3~5.7mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnome-python-extras\", rpm:\"gnome-python-extras~2.14.3~4.7mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnome-python-gda\", rpm:\"gnome-python-gda~2.14.3~4.7mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnome-python-gda-devel\", rpm:\"gnome-python-gda-devel~2.14.3~4.7mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnome-python-gdl\", rpm:\"gnome-python-gdl~2.14.3~4.7mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnome-python-gksu\", rpm:\"gnome-python-gksu~2.14.3~4.7mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnome-python-gtkhtml2\", rpm:\"gnome-python-gtkhtml2~2.14.3~4.7mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnome-python-gtkmozembed\", rpm:\"gnome-python-gtkmozembed~2.14.3~4.7mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnome-python-gtkspell\", rpm:\"gnome-python-gtkspell~2.14.3~4.7mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libdevhelp-1_0\", rpm:\"libdevhelp-1_0~0.13~3.7mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libdevhelp-1_0-devel\", rpm:\"libdevhelp-1_0-devel~0.13~3.7mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libmozilla-firefox-devel\", rpm:\"libmozilla-firefox-devel~2.0.0.13~1.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libmozilla-firefox2.0.0.13\", rpm:\"libmozilla-firefox2.0.0.13~2.0.0.13~1.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libswt3-gtk2\", rpm:\"libswt3-gtk2~3.2.2~3.4.5mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtotem-plparser1\", rpm:\"libtotem-plparser1~2.18.2~1.8mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtotem-plparser1-devel\", rpm:\"libtotem-plparser1-devel~2.18.2~1.8mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox\", rpm:\"mozilla-firefox~2.0.0.13~1.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-af\", rpm:\"mozilla-firefox-af~2.0.0.13~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-ar\", rpm:\"mozilla-firefox-ar~2.0.0.13~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-be\", rpm:\"mozilla-firefox-be~2.0.0.13~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-bg\", rpm:\"mozilla-firefox-bg~2.0.0.13~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-br_FR\", rpm:\"mozilla-firefox-br_FR~2.0.0.13~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-ca\", rpm:\"mozilla-firefox-ca~2.0.0.13~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-cs\", rpm:\"mozilla-firefox-cs~2.0.0.13~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-da\", rpm:\"mozilla-firefox-da~2.0.0.13~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-de\", rpm:\"mozilla-firefox-de~2.0.0.13~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-el\", rpm:\"mozilla-firefox-el~2.0.0.13~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-en_GB\", rpm:\"mozilla-firefox-en_GB~2.0.0.13~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-es_AR\", rpm:\"mozilla-firefox-es_AR~2.0.0.13~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-es_ES\", rpm:\"mozilla-firefox-es_ES~2.0.0.13~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-et_EE\", rpm:\"mozilla-firefox-et_EE~2.0.0.13~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-eu\", rpm:\"mozilla-firefox-eu~2.0.0.13~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-fi\", rpm:\"mozilla-firefox-fi~2.0.0.13~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-fr\", rpm:\"mozilla-firefox-fr~2.0.0.13~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-fy\", rpm:\"mozilla-firefox-fy~2.0.0.13~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-ga\", rpm:\"mozilla-firefox-ga~2.0.0.13~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-gu_IN\", rpm:\"mozilla-firefox-gu_IN~2.0.0.13~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-he\", rpm:\"mozilla-firefox-he~2.0.0.13~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-hu\", rpm:\"mozilla-firefox-hu~2.0.0.13~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-it\", rpm:\"mozilla-firefox-it~2.0.0.13~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-ja\", rpm:\"mozilla-firefox-ja~2.0.0.13~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-ka\", rpm:\"mozilla-firefox-ka~2.0.0.13~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-ko\", rpm:\"mozilla-firefox-ko~2.0.0.13~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-ku\", rpm:\"mozilla-firefox-ku~2.0.0.13~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-lt\", rpm:\"mozilla-firefox-lt~2.0.0.13~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-mk\", rpm:\"mozilla-firefox-mk~2.0.0.13~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-mn\", rpm:\"mozilla-firefox-mn~2.0.0.13~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-nb_NO\", rpm:\"mozilla-firefox-nb_NO~2.0.0.13~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-nl\", rpm:\"mozilla-firefox-nl~2.0.0.13~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-nn_NO\", rpm:\"mozilla-firefox-nn_NO~2.0.0.13~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-pa_IN\", rpm:\"mozilla-firefox-pa_IN~2.0.0.13~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-pl\", rpm:\"mozilla-firefox-pl~2.0.0.13~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-pt_BR\", rpm:\"mozilla-firefox-pt_BR~2.0.0.13~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-pt_PT\", rpm:\"mozilla-firefox-pt_PT~2.0.0.13~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-ro\", rpm:\"mozilla-firefox-ro~2.0.0.13~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-ru\", rpm:\"mozilla-firefox-ru~2.0.0.13~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-sk\", rpm:\"mozilla-firefox-sk~2.0.0.13~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-sl\", rpm:\"mozilla-firefox-sl~2.0.0.13~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-sv_SE\", rpm:\"mozilla-firefox-sv_SE~2.0.0.13~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-tr\", rpm:\"mozilla-firefox-tr~2.0.0.13~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-uk\", rpm:\"mozilla-firefox-uk~2.0.0.13~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-zh_CN\", rpm:\"mozilla-firefox-zh_CN~2.0.0.13~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-zh_TW\", rpm:\"mozilla-firefox-zh_TW~2.0.0.13~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"totem\", rpm:\"totem~2.18.2~1.8mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"totem-common\", rpm:\"totem-common~2.18.2~1.8mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"totem-gstreamer\", rpm:\"totem-gstreamer~2.18.2~1.8mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"totem-mozilla\", rpm:\"totem-mozilla~2.18.2~1.8mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"totem-mozilla-gstreamer\", rpm:\"totem-mozilla-gstreamer~2.18.2~1.8mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"yelp\", rpm:\"yelp~2.18.0~3.7mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"eclipse\", rpm:\"eclipse~3.2.2~3.4.5mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-l10n\", rpm:\"mozilla-firefox-l10n~2.0.0.13~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64devhelp-1_0\", rpm:\"lib64devhelp-1_0~0.13~3.7mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64devhelp-1_0-devel\", rpm:\"lib64devhelp-1_0-devel~0.13~3.7mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64mozilla-firefox-devel\", rpm:\"lib64mozilla-firefox-devel~2.0.0.13~1.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64mozilla-firefox2.0.0.13\", rpm:\"lib64mozilla-firefox2.0.0.13~2.0.0.13~1.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64totem-plparser1\", rpm:\"lib64totem-plparser1~2.18.2~1.8mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64totem-plparser1-devel\", rpm:\"lib64totem-plparser1-devel~2.18.2~1.8mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2008.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"devhelp\", rpm:\"devhelp~0.16~1.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"devhelp-plugins\", rpm:\"devhelp-plugins~0.16~1.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"eclipse-cvs-client\", rpm:\"eclipse-cvs-client~3.3.0~0.20.8.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"eclipse-ecj\", rpm:\"eclipse-ecj~3.3.0~0.20.8.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"eclipse-jdt\", rpm:\"eclipse-jdt~3.3.0~0.20.8.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"eclipse-pde\", rpm:\"eclipse-pde~3.3.0~0.20.8.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"eclipse-pde-runtime\", rpm:\"eclipse-pde-runtime~3.3.0~0.20.8.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"eclipse-platform\", rpm:\"eclipse-platform~3.3.0~0.20.8.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"eclipse-rcp\", rpm:\"eclipse-rcp~3.3.0~0.20.8.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"epiphany\", rpm:\"epiphany~2.20.0~1.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"epiphany-devel\", rpm:\"epiphany-devel~2.20.0~1.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"galeon\", rpm:\"galeon~2.0.3~7.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnome-python-extras\", rpm:\"gnome-python-extras~2.19.1~4.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnome-python-gda\", rpm:\"gnome-python-gda~2.19.1~4.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnome-python-gda-devel\", rpm:\"gnome-python-gda-devel~2.19.1~4.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnome-python-gdl\", rpm:\"gnome-python-gdl~2.19.1~4.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnome-python-gksu\", rpm:\"gnome-python-gksu~2.19.1~4.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnome-python-gtkhtml2\", rpm:\"gnome-python-gtkhtml2~2.19.1~4.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnome-python-gtkmozembed\", rpm:\"gnome-python-gtkmozembed~2.19.1~4.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnome-python-gtkspell\", rpm:\"gnome-python-gtkspell~2.19.1~4.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libdevhelp-1-devel\", rpm:\"libdevhelp-1-devel~0.16~1.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libdevhelp-1_0\", rpm:\"libdevhelp-1_0~0.16~1.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libmozilla-firefox-devel\", rpm:\"libmozilla-firefox-devel~2.0.0.13~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libmozilla-firefox2.0.0.13\", rpm:\"libmozilla-firefox2.0.0.13~2.0.0.13~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libswt3-gtk2\", rpm:\"libswt3-gtk2~3.3.0~0.20.8.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtotem-plparser-devel\", rpm:\"libtotem-plparser-devel~2.20.1~1.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtotem-plparser7\", rpm:\"libtotem-plparser7~2.20.1~1.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox\", rpm:\"mozilla-firefox~2.0.0.13~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-af\", rpm:\"mozilla-firefox-af~2.0.0.13~1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-ar\", rpm:\"mozilla-firefox-ar~2.0.0.13~1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-be\", rpm:\"mozilla-firefox-be~2.0.0.13~1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-bg\", rpm:\"mozilla-firefox-bg~2.0.0.13~1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-br_FR\", rpm:\"mozilla-firefox-br_FR~2.0.0.13~1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-ca\", rpm:\"mozilla-firefox-ca~2.0.0.13~1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-cs\", rpm:\"mozilla-firefox-cs~2.0.0.13~1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-da\", rpm:\"mozilla-firefox-da~2.0.0.13~1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-de\", rpm:\"mozilla-firefox-de~2.0.0.13~1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-el\", rpm:\"mozilla-firefox-el~2.0.0.13~1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-en_GB\", rpm:\"mozilla-firefox-en_GB~2.0.0.13~1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-es_AR\", rpm:\"mozilla-firefox-es_AR~2.0.0.13~1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-es_ES\", rpm:\"mozilla-firefox-es_ES~2.0.0.13~1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-et_EE\", rpm:\"mozilla-firefox-et_EE~2.0.0.13~1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-eu\", rpm:\"mozilla-firefox-eu~2.0.0.13~1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-ext-blogrovr\", rpm:\"mozilla-firefox-ext-blogrovr~1.1.771~3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-ext-foxmarks\", rpm:\"mozilla-firefox-ext-foxmarks~2.0.43~3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-ext-scribefire\", rpm:\"mozilla-firefox-ext-scribefire~1.4.2~6mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-fi\", rpm:\"mozilla-firefox-fi~2.0.0.13~1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-fr\", rpm:\"mozilla-firefox-fr~2.0.0.13~1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-fy\", rpm:\"mozilla-firefox-fy~2.0.0.13~1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-ga\", rpm:\"mozilla-firefox-ga~2.0.0.13~1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-gnome-support\", rpm:\"mozilla-firefox-gnome-support~2.0.0.13~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-gu_IN\", rpm:\"mozilla-firefox-gu_IN~2.0.0.13~1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-he\", rpm:\"mozilla-firefox-he~2.0.0.13~1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-hu\", rpm:\"mozilla-firefox-hu~2.0.0.13~1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-it\", rpm:\"mozilla-firefox-it~2.0.0.13~1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-ja\", rpm:\"mozilla-firefox-ja~2.0.0.13~1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-ka\", rpm:\"mozilla-firefox-ka~2.0.0.13~1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-ko\", rpm:\"mozilla-firefox-ko~2.0.0.13~1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-ku\", rpm:\"mozilla-firefox-ku~2.0.0.13~1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-lt\", rpm:\"mozilla-firefox-lt~2.0.0.13~1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-mk\", rpm:\"mozilla-firefox-mk~2.0.0.13~1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-mn\", rpm:\"mozilla-firefox-mn~2.0.0.13~1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-nb_NO\", rpm:\"mozilla-firefox-nb_NO~2.0.0.13~1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-nl\", rpm:\"mozilla-firefox-nl~2.0.0.13~1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-nn_NO\", rpm:\"mozilla-firefox-nn_NO~2.0.0.13~1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-pa_IN\", rpm:\"mozilla-firefox-pa_IN~2.0.0.13~1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-pl\", rpm:\"mozilla-firefox-pl~2.0.0.13~1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-pt_BR\", rpm:\"mozilla-firefox-pt_BR~2.0.0.13~1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-pt_PT\", rpm:\"mozilla-firefox-pt_PT~2.0.0.13~1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-ro\", rpm:\"mozilla-firefox-ro~2.0.0.13~1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-ru\", rpm:\"mozilla-firefox-ru~2.0.0.13~1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-sk\", rpm:\"mozilla-firefox-sk~2.0.0.13~1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-sl\", rpm:\"mozilla-firefox-sl~2.0.0.13~1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-sv_SE\", rpm:\"mozilla-firefox-sv_SE~2.0.0.13~1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-tr\", rpm:\"mozilla-firefox-tr~2.0.0.13~1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-uk\", rpm:\"mozilla-firefox-uk~2.0.0.13~1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-zh_CN\", rpm:\"mozilla-firefox-zh_CN~2.0.0.13~1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-zh_TW\", rpm:\"mozilla-firefox-zh_TW~2.0.0.13~1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"totem\", rpm:\"totem~2.20.1~1.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"totem-common\", rpm:\"totem-common~2.20.1~1.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"totem-gstreamer\", rpm:\"totem-gstreamer~2.20.1~1.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"totem-mozilla\", rpm:\"totem-mozilla~2.20.1~1.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"totem-mozilla-gstreamer\", rpm:\"totem-mozilla-gstreamer~2.20.1~1.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"yelp\", rpm:\"yelp~2.20.0~3.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"eclipse\", rpm:\"eclipse~3.3.0~0.20.8.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-l10n\", rpm:\"mozilla-firefox-l10n~2.0.0.13~1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64devhelp-1-devel\", rpm:\"lib64devhelp-1-devel~0.16~1.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64devhelp-1_0\", rpm:\"lib64devhelp-1_0~0.16~1.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64mozilla-firefox-devel\", rpm:\"lib64mozilla-firefox-devel~2.0.0.13~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64mozilla-firefox2.0.0.13\", rpm:\"lib64mozilla-firefox2.0.0.13~2.0.0.13~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64totem-plparser-devel\", rpm:\"lib64totem-plparser-devel~2.20.1~1.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64totem-plparser7\", rpm:\"lib64totem-plparser7~2.20.1~1.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-26T08:55:14", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n mozilla-mail\n mozilla-devel\n mozilla-irc\n mozilla-deat\n mozilla\n mozilla-dom-inspector\n mozilla-venkman\n mozilla-calendar\n mozilla-cs\n mozilla-hu\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5022953 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "cvss3": {}, "published": "2009-10-10T00:00:00", "type": "openvas", "title": "SLES9: Security update for Mozilla", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-4879", "CVE-2008-1236", "CVE-2008-1195", "CVE-2008-1240", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1241"], "modified": "2017-07-11T00:00:00", "id": "OPENVAS:65153", "href": "http://plugins.openvas.org/nasl.php?oid=65153", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5022953.nasl 6666 2017-07-11 13:13:36Z cfischer $\n# Description: Security update for Mozilla\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n mozilla-mail\n mozilla-devel\n mozilla-irc\n mozilla-deat\n mozilla\n mozilla-dom-inspector\n mozilla-venkman\n mozilla-calendar\n mozilla-cs\n mozilla-hu\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5022953 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_id(65153);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2008-1241\", \"CVE-2008-1195\", \"CVE-2008-1240\", \"CVE-2007-4879\", \"CVE-2008-1238\", \"CVE-2008-1236\", \"CVE-2008-1237\", \"CVE-2008-1233\", \"CVE-2008-1234\", \"CVE-2008-1235\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"SLES9: Security update for Mozilla\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"mozilla-mail\", rpm:\"mozilla-mail~1.8_seamonkey_1.0.9~1.13\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:40:24", "description": "Check for the Version of mozilla-firefox", "cvss3": {}, "published": "2009-04-09T00:00:00", "type": "openvas", "title": "Mandriva Update for mozilla-firefox MDVSA-2008:080 (mozilla-firefox)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-4879", "CVE-2008-1236", "CVE-2008-1195", "CVE-2008-1240", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1241"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310830456", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310830456", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for mozilla-firefox MDVSA-2008:080 (mozilla-firefox)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A number of security vulnerabilities have been discovered and corrected\n in the latest Mozilla Firefox program, version 2.0.0.13.\n\n This update provides the latest Firefox to correct these issues.\";\n\ntag_affected = \"mozilla-firefox on Mandriva Linux 2007.1,\n Mandriva Linux 2007.1/X86_64,\n Mandriva Linux 2008.0,\n Mandriva Linux 2008.0/X86_64\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2008-03/msg00034.php\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.830456\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-09 14:18:58 +0200 (Thu, 09 Apr 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"MDVSA\", value: \"2008:080\");\n script_cve_id(\"CVE-2007-4879\", \"CVE-2008-1195\", \"CVE-2008-1233\", \"CVE-2008-1234\", \"CVE-2008-1235\", \"CVE-2008-1236\", \"CVE-2008-1237\", \"CVE-2008-1238\", \"CVE-2008-1240\", \"CVE-2008-1241\");\n script_name( \"Mandriva Update for mozilla-firefox MDVSA-2008:080 (mozilla-firefox)\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of mozilla-firefox\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2007.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"deskbar-applet\", rpm:\"deskbar-applet~2.18.0~3.7mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"devhelp\", rpm:\"devhelp~0.13~3.7mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"devhelp-plugins\", rpm:\"devhelp-plugins~0.13~3.7mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"eclipse-ecj\", rpm:\"eclipse-ecj~3.2.2~3.4.5mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"eclipse-jdt\", rpm:\"eclipse-jdt~3.2.2~3.4.5mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"eclipse-jdt-sdk\", rpm:\"eclipse-jdt-sdk~3.2.2~3.4.5mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"eclipse-pde\", rpm:\"eclipse-pde~3.2.2~3.4.5mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"eclipse-pde-runtime\", rpm:\"eclipse-pde-runtime~3.2.2~3.4.5mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"eclipse-pde-sdk\", rpm:\"eclipse-pde-sdk~3.2.2~3.4.5mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"eclipse-platform\", rpm:\"eclipse-platform~3.2.2~3.4.5mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"eclipse-platform-sdk\", rpm:\"eclipse-platform-sdk~3.2.2~3.4.5mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"eclipse-rcp\", rpm:\"eclipse-rcp~3.2.2~3.4.5mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"eclipse-rcp-sdk\", rpm:\"eclipse-rcp-sdk~3.2.2~3.4.5mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"eclipse-sdk\", rpm:\"eclipse-sdk~3.2.2~3.4.5mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"epiphany\", rpm:\"epiphany~2.18.0~5.7mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"epiphany-devel\", rpm:\"epiphany-devel~2.18.0~5.7mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"epiphany-extensions\", rpm:\"epiphany-extensions~2.18.0~2.6mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"galeon\", rpm:\"galeon~2.0.3~5.7mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnome-python-extras\", rpm:\"gnome-python-extras~2.14.3~4.7mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnome-python-gda\", rpm:\"gnome-python-gda~2.14.3~4.7mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnome-python-gda-devel\", rpm:\"gnome-python-gda-devel~2.14.3~4.7mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnome-python-gdl\", rpm:\"gnome-python-gdl~2.14.3~4.7mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnome-python-gksu\", rpm:\"gnome-python-gksu~2.14.3~4.7mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnome-python-gtkhtml2\", rpm:\"gnome-python-gtkhtml2~2.14.3~4.7mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnome-python-gtkmozembed\", rpm:\"gnome-python-gtkmozembed~2.14.3~4.7mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnome-python-gtkspell\", rpm:\"gnome-python-gtkspell~2.14.3~4.7mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libdevhelp-1_0\", rpm:\"libdevhelp-1_0~0.13~3.7mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libdevhelp-1_0-devel\", rpm:\"libdevhelp-1_0-devel~0.13~3.7mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libmozilla-firefox-devel\", rpm:\"libmozilla-firefox-devel~2.0.0.13~1.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libmozilla-firefox2.0.0.13\", rpm:\"libmozilla-firefox2.0.0.13~2.0.0.13~1.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libswt3-gtk2\", rpm:\"libswt3-gtk2~3.2.2~3.4.5mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtotem-plparser1\", rpm:\"libtotem-plparser1~2.18.2~1.8mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtotem-plparser1-devel\", rpm:\"libtotem-plparser1-devel~2.18.2~1.8mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox\", rpm:\"mozilla-firefox~2.0.0.13~1.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-af\", rpm:\"mozilla-firefox-af~2.0.0.13~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-ar\", rpm:\"mozilla-firefox-ar~2.0.0.13~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-be\", rpm:\"mozilla-firefox-be~2.0.0.13~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-bg\", rpm:\"mozilla-firefox-bg~2.0.0.13~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-br_FR\", rpm:\"mozilla-firefox-br_FR~2.0.0.13~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-ca\", rpm:\"mozilla-firefox-ca~2.0.0.13~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-cs\", rpm:\"mozilla-firefox-cs~2.0.0.13~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-da\", rpm:\"mozilla-firefox-da~2.0.0.13~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-de\", rpm:\"mozilla-firefox-de~2.0.0.13~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-el\", rpm:\"mozilla-firefox-el~2.0.0.13~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-en_GB\", rpm:\"mozilla-firefox-en_GB~2.0.0.13~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-es_AR\", rpm:\"mozilla-firefox-es_AR~2.0.0.13~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-es_ES\", rpm:\"mozilla-firefox-es_ES~2.0.0.13~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-et_EE\", rpm:\"mozilla-firefox-et_EE~2.0.0.13~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-eu\", rpm:\"mozilla-firefox-eu~2.0.0.13~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-fi\", rpm:\"mozilla-firefox-fi~2.0.0.13~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-fr\", rpm:\"mozilla-firefox-fr~2.0.0.13~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-fy\", rpm:\"mozilla-firefox-fy~2.0.0.13~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-ga\", rpm:\"mozilla-firefox-ga~2.0.0.13~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-gu_IN\", rpm:\"mozilla-firefox-gu_IN~2.0.0.13~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-he\", rpm:\"mozilla-firefox-he~2.0.0.13~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-hu\", rpm:\"mozilla-firefox-hu~2.0.0.13~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-it\", rpm:\"mozilla-firefox-it~2.0.0.13~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-ja\", rpm:\"mozilla-firefox-ja~2.0.0.13~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-ka\", rpm:\"mozilla-firefox-ka~2.0.0.13~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-ko\", rpm:\"mozilla-firefox-ko~2.0.0.13~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-ku\", rpm:\"mozilla-firefox-ku~2.0.0.13~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-lt\", rpm:\"mozilla-firefox-lt~2.0.0.13~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-mk\", rpm:\"mozilla-firefox-mk~2.0.0.13~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-mn\", rpm:\"mozilla-firefox-mn~2.0.0.13~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-nb_NO\", rpm:\"mozilla-firefox-nb_NO~2.0.0.13~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-nl\", rpm:\"mozilla-firefox-nl~2.0.0.13~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-nn_NO\", rpm:\"mozilla-firefox-nn_NO~2.0.0.13~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-pa_IN\", rpm:\"mozilla-firefox-pa_IN~2.0.0.13~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-pl\", rpm:\"mozilla-firefox-pl~2.0.0.13~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-pt_BR\", rpm:\"mozilla-firefox-pt_BR~2.0.0.13~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-pt_PT\", rpm:\"mozilla-firefox-pt_PT~2.0.0.13~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-ro\", rpm:\"mozilla-firefox-ro~2.0.0.13~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-ru\", rpm:\"mozilla-firefox-ru~2.0.0.13~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-sk\", rpm:\"mozilla-firefox-sk~2.0.0.13~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-sl\", rpm:\"mozilla-firefox-sl~2.0.0.13~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-sv_SE\", rpm:\"mozilla-firefox-sv_SE~2.0.0.13~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-tr\", rpm:\"mozilla-firefox-tr~2.0.0.13~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-uk\", rpm:\"mozilla-firefox-uk~2.0.0.13~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-zh_CN\", rpm:\"mozilla-firefox-zh_CN~2.0.0.13~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-zh_TW\", rpm:\"mozilla-firefox-zh_TW~2.0.0.13~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"totem\", rpm:\"totem~2.18.2~1.8mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"totem-common\", rpm:\"totem-common~2.18.2~1.8mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"totem-gstreamer\", rpm:\"totem-gstreamer~2.18.2~1.8mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"totem-mozilla\", rpm:\"totem-mozilla~2.18.2~1.8mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"totem-mozilla-gstreamer\", rpm:\"totem-mozilla-gstreamer~2.18.2~1.8mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"yelp\", rpm:\"yelp~2.18.0~3.7mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"eclipse\", rpm:\"eclipse~3.2.2~3.4.5mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-l10n\", rpm:\"mozilla-firefox-l10n~2.0.0.13~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64devhelp-1_0\", rpm:\"lib64devhelp-1_0~0.13~3.7mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64devhelp-1_0-devel\", rpm:\"lib64devhelp-1_0-devel~0.13~3.7mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64mozilla-firefox-devel\", rpm:\"lib64mozilla-firefox-devel~2.0.0.13~1.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64mozilla-firefox2.0.0.13\", rpm:\"lib64mozilla-firefox2.0.0.13~2.0.0.13~1.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64totem-plparser1\", rpm:\"lib64totem-plparser1~2.18.2~1.8mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64totem-plparser1-devel\", rpm:\"lib64totem-plparser1-devel~2.18.2~1.8mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2008.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"devhelp\", rpm:\"devhelp~0.16~1.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"devhelp-plugins\", rpm:\"devhelp-plugins~0.16~1.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"eclipse-cvs-client\", rpm:\"eclipse-cvs-client~3.3.0~0.20.8.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"eclipse-ecj\", rpm:\"eclipse-ecj~3.3.0~0.20.8.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"eclipse-jdt\", rpm:\"eclipse-jdt~3.3.0~0.20.8.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"eclipse-pde\", rpm:\"eclipse-pde~3.3.0~0.20.8.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"eclipse-pde-runtime\", rpm:\"eclipse-pde-runtime~3.3.0~0.20.8.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"eclipse-platform\", rpm:\"eclipse-platform~3.3.0~0.20.8.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"eclipse-rcp\", rpm:\"eclipse-rcp~3.3.0~0.20.8.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"epiphany\", rpm:\"epiphany~2.20.0~1.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"epiphany-devel\", rpm:\"epiphany-devel~2.20.0~1.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"galeon\", rpm:\"galeon~2.0.3~7.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnome-python-extras\", rpm:\"gnome-python-extras~2.19.1~4.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnome-python-gda\", rpm:\"gnome-python-gda~2.19.1~4.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnome-python-gda-devel\", rpm:\"gnome-python-gda-devel~2.19.1~4.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnome-python-gdl\", rpm:\"gnome-python-gdl~2.19.1~4.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnome-python-gksu\", rpm:\"gnome-python-gksu~2.19.1~4.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnome-python-gtkhtml2\", rpm:\"gnome-python-gtkhtml2~2.19.1~4.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnome-python-gtkmozembed\", rpm:\"gnome-python-gtkmozembed~2.19.1~4.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnome-python-gtkspell\", rpm:\"gnome-python-gtkspell~2.19.1~4.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libdevhelp-1-devel\", rpm:\"libdevhelp-1-devel~0.16~1.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libdevhelp-1_0\", rpm:\"libdevhelp-1_0~0.16~1.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libmozilla-firefox-devel\", rpm:\"libmozilla-firefox-devel~2.0.0.13~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libmozilla-firefox2.0.0.13\", rpm:\"libmozilla-firefox2.0.0.13~2.0.0.13~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libswt3-gtk2\", rpm:\"libswt3-gtk2~3.3.0~0.20.8.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtotem-plparser-devel\", rpm:\"libtotem-plparser-devel~2.20.1~1.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtotem-plparser7\", rpm:\"libtotem-plparser7~2.20.1~1.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox\", rpm:\"mozilla-firefox~2.0.0.13~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-af\", rpm:\"mozilla-firefox-af~2.0.0.13~1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-ar\", rpm:\"mozilla-firefox-ar~2.0.0.13~1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-be\", rpm:\"mozilla-firefox-be~2.0.0.13~1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-bg\", rpm:\"mozilla-firefox-bg~2.0.0.13~1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-br_FR\", rpm:\"mozilla-firefox-br_FR~2.0.0.13~1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-ca\", rpm:\"mozilla-firefox-ca~2.0.0.13~1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-cs\", rpm:\"mozilla-firefox-cs~2.0.0.13~1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-da\", rpm:\"mozilla-firefox-da~2.0.0.13~1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-de\", rpm:\"mozilla-firefox-de~2.0.0.13~1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-el\", rpm:\"mozilla-firefox-el~2.0.0.13~1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-en_GB\", rpm:\"mozilla-firefox-en_GB~2.0.0.13~1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-es_AR\", rpm:\"mozilla-firefox-es_AR~2.0.0.13~1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-es_ES\", rpm:\"mozilla-firefox-es_ES~2.0.0.13~1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-et_EE\", rpm:\"mozilla-firefox-et_EE~2.0.0.13~1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-eu\", rpm:\"mozilla-firefox-eu~2.0.0.13~1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-ext-blogrovr\", rpm:\"mozilla-firefox-ext-blogrovr~1.1.771~3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-ext-foxmarks\", rpm:\"mozilla-firefox-ext-foxmarks~2.0.43~3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-ext-scribefire\", rpm:\"mozilla-firefox-ext-scribefire~1.4.2~6mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-fi\", rpm:\"mozilla-firefox-fi~2.0.0.13~1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-fr\", rpm:\"mozilla-firefox-fr~2.0.0.13~1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-fy\", rpm:\"mozilla-firefox-fy~2.0.0.13~1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-ga\", rpm:\"mozilla-firefox-ga~2.0.0.13~1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-gnome-support\", rpm:\"mozilla-firefox-gnome-support~2.0.0.13~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-gu_IN\", rpm:\"mozilla-firefox-gu_IN~2.0.0.13~1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-he\", rpm:\"mozilla-firefox-he~2.0.0.13~1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-hu\", rpm:\"mozilla-firefox-hu~2.0.0.13~1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-it\", rpm:\"mozilla-firefox-it~2.0.0.13~1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-ja\", rpm:\"mozilla-firefox-ja~2.0.0.13~1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-ka\", rpm:\"mozilla-firefox-ka~2.0.0.13~1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-ko\", rpm:\"mozilla-firefox-ko~2.0.0.13~1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-ku\", rpm:\"mozilla-firefox-ku~2.0.0.13~1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-lt\", rpm:\"mozilla-firefox-lt~2.0.0.13~1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-mk\", rpm:\"mozilla-firefox-mk~2.0.0.13~1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-mn\", rpm:\"mozilla-firefox-mn~2.0.0.13~1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-nb_NO\", rpm:\"mozilla-firefox-nb_NO~2.0.0.13~1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-nl\", rpm:\"mozilla-firefox-nl~2.0.0.13~1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-nn_NO\", rpm:\"mozilla-firefox-nn_NO~2.0.0.13~1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-pa_IN\", rpm:\"mozilla-firefox-pa_IN~2.0.0.13~1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-pl\", rpm:\"mozilla-firefox-pl~2.0.0.13~1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-pt_BR\", rpm:\"mozilla-firefox-pt_BR~2.0.0.13~1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-pt_PT\", rpm:\"mozilla-firefox-pt_PT~2.0.0.13~1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-ro\", rpm:\"mozilla-firefox-ro~2.0.0.13~1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-ru\", rpm:\"mozilla-firefox-ru~2.0.0.13~1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-sk\", rpm:\"mozilla-firefox-sk~2.0.0.13~1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-sl\", rpm:\"mozilla-firefox-sl~2.0.0.13~1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-sv_SE\", rpm:\"mozilla-firefox-sv_SE~2.0.0.13~1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-tr\", rpm:\"mozilla-firefox-tr~2.0.0.13~1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-uk\", rpm:\"mozilla-firefox-uk~2.0.0.13~1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-zh_CN\", rpm:\"mozilla-firefox-zh_CN~2.0.0.13~1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-zh_TW\", rpm:\"mozilla-firefox-zh_TW~2.0.0.13~1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"totem\", rpm:\"totem~2.20.1~1.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"totem-common\", rpm:\"totem-common~2.20.1~1.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"totem-gstreamer\", rpm:\"totem-gstreamer~2.20.1~1.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"totem-mozilla\", rpm:\"totem-mozilla~2.20.1~1.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"totem-mozilla-gstreamer\", rpm:\"totem-mozilla-gstreamer~2.20.1~1.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"yelp\", rpm:\"yelp~2.20.0~3.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"eclipse\", rpm:\"eclipse~3.3.0~0.20.8.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-l10n\", rpm:\"mozilla-firefox-l10n~2.0.0.13~1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64devhelp-1-devel\", rpm:\"lib64devhelp-1-devel~0.16~1.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64devhelp-1_0\", rpm:\"lib64devhelp-1_0~0.16~1.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64mozilla-firefox-devel\", rpm:\"lib64mozilla-firefox-devel~2.0.0.13~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64mozilla-firefox2.0.0.13\", rpm:\"lib64mozilla-firefox2.0.0.13~2.0.0.13~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64totem-plparser-devel\", rpm:\"lib64totem-plparser-devel~2.20.1~1.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64totem-plparser7\", rpm:\"lib64totem-plparser7~2.20.1~1.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:50:14", "description": "The remote host is missing an update to xulrunner\nannounced via advisory DSA 1532-1.", "cvss3": {}, "published": "2008-04-07T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 1532-1 (xulrunner)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-4879", "CVE-2008-1236", "CVE-2007-3738", "CVE-2008-1240", "CVE-2007-5338", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1241"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:60653", "href": "http://plugins.openvas.org/nasl.php?oid=60653", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1532_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 1532-1 (xulrunner)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several remote vulnerabilities have been discovered in Xulrunner, a\nruntime environment for XUL applications. For details, please visit\nthe referenced security advisories.\n\nFor the stable distribution (etch), these problems have been fixed in\nversion 1.8.0.15~pre080323b-0etch1.\n\nThe Mozilla products from the old stable distribution (sarge) are\nno longer supported.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.8.1.13-1.\n\nWe recommend that you upgrade your xulrunner packages.\";\ntag_summary = \"The remote host is missing an update to xulrunner\nannounced via advisory DSA 1532-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201532-1\";\n\n\nif(description)\n{\n script_id(60653);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-04-07 20:38:54 +0200 (Mon, 07 Apr 2008)\");\n script_cve_id(\"CVE-2007-4879\", \"CVE-2008-1233\", \"CVE-2008-1234\", \"CVE-2008-1235\", \"CVE-2008-1236\", \"CVE-2008-1237\", \"CVE-2008-1238\", \"CVE-2008-1240\", \"CVE-2008-1241\", \"CVE-2007-3738\", \"CVE-2007-5338\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Debian Security Advisory DSA 1532-1 (xulrunner)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libsmjs1\", ver:\"1.8.0.15~pre080323b-0etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmozjs-dev\", ver:\"1.8.0.15~pre080323b-0etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libsmjs-dev\", ver:\"1.8.0.15~pre080323b-0etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxul-dev\", ver:\"1.8.0.15~pre080323b-0etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libnss3-dev\", ver:\"1.8.0.15~pre080323b-0etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmozillainterfaces-java\", ver:\"1.8.0.15~pre080323b-0etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libnspr4-dev\", ver:\"1.8.0.15~pre080323b-0etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxul-common\", ver:\"1.8.0.15~pre080323b-0etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libnspr4-0d\", ver:\"1.8.0.15~pre080323b-0etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libnss3-0d-dbg\", ver:\"1.8.0.15~pre080323b-0etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libnss3-0d\", ver:\"1.8.0.15~pre080323b-0etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmozjs0d-dbg\", ver:\"1.8.0.15~pre080323b-0etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xulrunner\", ver:\"1.8.0.15~pre080323b-0etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xulrunner-gnome-support\", ver:\"1.8.0.15~pre080323b-0etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxul0d-dbg\", ver:\"1.8.0.15~pre080323b-0etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxul0d\", ver:\"1.8.0.15~pre080323b-0etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmozjs0d\", ver:\"1.8.0.15~pre080323b-0etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"spidermonkey-bin\", ver:\"1.8.0.15~pre080323b-0etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"python-xpcom\", ver:\"1.8.0.15~pre080323b-0etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libnspr4-0d-dbg\", ver:\"1.8.0.15~pre080323b-0etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libnss3-tools\", ver:\"1.8.0.15~pre080323b-0etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-04T11:28:53", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-592-1", "cvss3": {}, "published": "2009-03-23T00:00:00", "type": "openvas", "title": "Ubuntu Update for firefox vulnerabilities USN-592-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-4879", "CVE-2008-1236", "CVE-2008-1195", "CVE-2008-1240", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1233", "CVE-2008-0416", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1241"], "modified": "2017-12-01T00:00:00", "id": "OPENVAS:840285", "href": "http://plugins.openvas.org/nasl.php?oid=840285", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_592_1.nasl 7969 2017-12-01 09:23:16Z santu $\n#\n# Ubuntu Update for firefox vulnerabilities USN-592-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Alexey Proskuryakov, Yosuke Hasegawa and Simon Montagu discovered flaws\n in Firefox's character encoding handling. If a user were tricked into\n opening a malicious web page, an attacker could perform cross-site\n scripting attacks. (CVE-2008-0416)\n\n Various flaws were discovered in the JavaScript engine. By tricking\n a user into opening a malicious web page, an attacker could escalate\n privileges within the browser, perform cross-site scripting attacks\n and/or execute arbitrary code with the user's privileges.\n (CVE-2008-1233, CVE-2008-1234, CVE-2008-1235)\n \n Several problems were discovered in Firefox which could lead to crashes\n and memory corruption. If a user were tricked into opening a malicious\n web page, an attacker may be able to execute arbitrary code with the\n user's privileges. (CVE-2008-1236, CVE-2008-1237)\n \n Gregory Fleischer discovered Firefox did not properly process HTTP\n Referrer headers when they were sent with with requests to URLs\n containing Basic Authentication credentials with empty usernames. An\n attacker could exploit this vulnerability to perform cross-site request\n forgery attacks. (CVE-2008-1238)\n \n Peter Brodersen and Alexander Klink reported that default the setting in\n Firefox for SSL Client Authentication allowed for users to be tracked\n via their client certificate. The default has been changed to prompt\n the user each time a website requests a client certificate.\n (CVE-2007-4879)\n \n Gregory Fleischer discovered that web content fetched via the jar\n protocol could use Java LiveConnect to connect to arbitrary ports on\n the user's machine due to improper parsing in the Java plugin. If a\n user were tricked into opening malicious web content, an attacker may be\n able to access services running on the user's machine. (CVE-2008-1195,\n CVE-2008-1240)\n \n Chris Thomas discovered that Firefox would allow an XUL popup from an\n unselected tab to display in front of the selected tab. An attacker\n could exploit this behavior to spoof a login prompt and steal the user's\n credentials. (CVE-2008-1241)\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-592-1\";\ntag_affected = \"firefox vulnerabilities on Ubuntu 6.06 LTS ,\n Ubuntu 6.10 ,\n Ubuntu 7.04 ,\n Ubuntu 7.10\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-592-1/\");\n script_id(840285);\n script_version(\"$Revision: 7969 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 10:23:16 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-23 10:59:50 +0100 (Mon, 23 Mar 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"USN\", value: \"592-1\");\n script_cve_id(\"CVE-2007-4879\", \"CVE-2008-0416\", \"CVE-2008-1195\", \"CVE-2008-1233\", \"CVE-2008-1234\", \"CVE-2008-1235\", \"CVE-2008-1236\", \"CVE-2008-1237\", \"CVE-2008-1238\", \"CVE-2008-1240\", \"CVE-2008-1241\");\n script_name( \"Ubuntu Update for firefox vulnerabilities USN-592-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU7.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"firefox-dbg\", ver:\"2.0.0.13+0nobinonly-0ubuntu0.7.4\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox-dev\", ver:\"2.0.0.13+0nobinonly-0ubuntu0.7.4\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox-gnome-support\", ver:\"2.0.0.13+0nobinonly-0ubuntu0.7.4\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox-libthai\", ver:\"2.0.0.13+0nobinonly-0ubuntu0.7.4\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox\", ver:\"2.0.0.13+0nobinonly-0ubuntu0.7.4\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libnspr-dev\", ver:\"1.firefox2.0.0.13+0nobinonly-0ubuntu0.7.4\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libnspr4\", ver:\"1.firefox2.0.0.13+0nobinonly-0ubuntu0.7.4\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libnss-dev\", ver:\"1.firefox2.0.0.13+0nobinonly-0ubuntu0.7.4\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libnss3\", ver:\"1.firefox2.0.0.13+0nobinonly-0ubuntu0.7.4\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox-dom-inspector\", ver:\"2.0.0.13+0nobinonly-0ubuntu0.7.4\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"mozilla-firefox-dev\", ver:\"2.0.0.13+0nobinonly-0ubuntu0.7.4\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"mozilla-firefox-dom-inspector\", ver:\"2.0.0.13+0nobinonly-0ubuntu0.7.4\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"mozilla-firefox-gnome-support\", ver:\"2.0.0.13+0nobinonly-0ubuntu0.7.4\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"mozilla-firefox\", ver:\"2.0.0.13+0nobinonly-0ubuntu0.7.4\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU6.06 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"firefox-dbg\", ver:\"1.5.dfsg+1.5.0.15~prepatch080323a-0ubuntu1\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox-dev\", ver:\"1.5.dfsg+1.5.0.15~prepatch080323a-0ubuntu1\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox-gnome-support\", ver:\"1.5.dfsg+1.5.0.15~prepatch080323a-0ubuntu1\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox\", ver:\"1.5.dfsg+1.5.0.15~prepatch080323a-0ubuntu1\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libnspr-dev\", ver:\"1.firefox1.5.dfsg+1.5.0.15~prepatch080323a-0ubuntu1\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libnspr4\", ver:\"1.firefox1.5.dfsg+1.5.0.15~prepatch080323a-0ubuntu1\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libnss-dev\", ver:\"1.firefox1.5.dfsg+1.5.0.15~prepatch080323a-0ubuntu1\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libnss3\", ver:\"1.firefox1.5.dfsg+1.5.0.15~prepatch080323a-0ubuntu1\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox-dom-inspector\", ver:\"1.5.dfsg+1.5.0.15~prepatch080323a-0ubuntu1\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"mozilla-firefox\", ver:\"1.5.dfsg+1.5.0.15~prepatch080323a-0ubuntu1\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"mozilla-firefox-dev\", ver:\"1.5.dfsg+1.5.0.15~prepatch080323a-0ubuntu1\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU6.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"firefox-dbg\", ver:\"2.0.0.13+0nobinonly-0ubuntu0.6.10\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox-dev\", ver:\"2.0.0.13+0nobinonly-0ubuntu0.6.10\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox-gnome-support\", ver:\"2.0.0.13+0nobinonly-0ubuntu0.6.10\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox\", ver:\"2.0.0.13+0nobinonly-0ubuntu0.6.10\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libnspr-dev\", ver:\"1.firefox2.0.0.13+0nobinonly-0ubuntu0.6.10\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libnspr4\", ver:\"1.firefox2.0.0.13+0nobinonly-0ubuntu0.6.10\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libnss-dev\", ver:\"1.firefox2.0.0.13+0nobinonly-0ubuntu0.6.10\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libnss3\", ver:\"1.firefox2.0.0.13+0nobinonly-0ubuntu0.6.10\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox-dom-inspector\", ver:\"2.0.0.13+0nobinonly-0ubuntu0.6.10\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"mozilla-firefox-dev\", ver:\"2.0.0.13+0nobinonly-0ubuntu0.6.10\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"mozilla-firefox-dom-inspector\", ver:\"2.0.0.13+0nobinonly-0ubuntu0.6.10\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"mozilla-firefox-gnome-support\", ver:\"2.0.0.13+0nobinonly-0ubuntu0.6.10\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"mozilla-firefox\", ver:\"2.0.0.13+0nobinonly-0ubuntu0.6.10\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU7.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"firefox-dbg\", ver:\"2.0.0.13+1nobinonly-0ubuntu0.7.10\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox-dev\", ver:\"2.0.0.13+1nobinonly-0ubuntu0.7.10\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox-gnome-support\", ver:\"2.0.0.13+1nobinonly-0ubuntu0.7.10\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox-libthai\", ver:\"2.0.0.13+1nobinonly-0ubuntu0.7.10\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox\", ver:\"2.0.0.13+1nobinonly-0ubuntu0.7.10\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox-dom-inspector\", ver:\"2.0.0.13+1nobinonly-0ubuntu0.7.10\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:50:06", "description": "The remote host is missing an update to iceape\nannounced via advisory DSA 1534-2.", "cvss3": {}, "published": "2008-04-30T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 1534-2 (iceape)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-4879", "CVE-2008-1236", "CVE-2007-3738", "CVE-2008-1240", "CVE-2007-5338", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1241"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:60862", "href": "http://plugins.openvas.org/nasl.php?oid=60862", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1534_2.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 1534-2 (iceape)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A regression in mailnews handling has been fixed. For reference the\noriginal advisory text below:\n\nSeveral remote vulnerabilities have been discovered in the Iceape internet\nsuite, an unbranded version of the Seamonkey Internet Suite. The Common\nVulnerabilities and Exposures project identifies the following problems:\n\nCVE-2007-4879\n\nPeter Brodersen and Alexander Klink discovered that the\nautoselection of SSL client certificates could lead to users\nbeing tracked, resulting in a loss of privacy.\n\nCVE-2008-1233\n\nmoz_bug_r_a4 discovered that variants of CVE-2007-3738 and\nCVE-2007-5338 allow the execution of arbitrary code through\nXPCNativeWrapper.\n\nCVE-2008-1234\n\nmoz_bug_r_a4 discovered that insecure handling of event\nhandlers could lead to cross-site scripting.\n\nCVE-2008-1235\n\nBoris Zbarsky, Johnny Stenback, and moz_bug_r_a4 discovered\nthat incorrect principal handling can lead to cross-site\nscripting and the execution of arbitrary code.\n\nCVE-2008-1236\n\nTom Ferris, Seth Spitzer, Martin Wargers, John Daggett and Mats\nPalmgren discovered crashes in the layout engine, which might\nallow the execution of arbitrary code.\n\nCVE-2008-1237\n\ngeorgi, tgirmann and Igor Bukanov discovered crashes in the\nJavascript engine, which might allow the execution of arbitrary\ncode.\n\nCVE-2008-1238\n\nGregory Fleischer discovered that HTTP Referrer headers were\nhandled incorrectly in combination with URLs containing Basic\nAuthentication credentials with empty usernames, resulting\nin potential Cross-Site Request Forgery attacks.\n\nCVE-2008-1240\n\nGregory Fleischer discovered that web content fetched through\nthe jar: protocol can use Java to connect to arbitrary ports.\nThis is only an issue in combination with the non-free Java\nplugin.\n\nCVE-2008-1241\n\nChris Thomas discovered that background tabs could generate\nXUL popups overlaying the current tab, resulting in potential\nspoofing attacks.\n\nFor the stable distribution (etch), these problems have been fixed in\nversion 1.0.13~pre080323b-0etch2.\n\nWe recommend that you upgrade your iceape packages.\";\ntag_summary = \"The remote host is missing an update to iceape\nannounced via advisory DSA 1534-2.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201534-2\";\n\n\nif(description)\n{\n script_id(60862);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-04-30 19:28:13 +0200 (Wed, 30 Apr 2008)\");\n script_cve_id(\"CVE-2007-4879\", \"CVE-2008-1233\", \"CVE-2008-1234\", \"CVE-2008-1235\", \"CVE-2008-1236\", \"CVE-2008-1237\", \"CVE-2008-1238\", \"CVE-2008-1240\", \"CVE-2008-1241\", \"CVE-2007-3738\", \"CVE-2007-5338\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Debian Security Advisory DSA 1534-2 (iceape)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"mozilla-browser\", ver:\"1.8+1.0.13~pre080323b-0etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mozilla-js-debugger\", ver:\"1.8+1.0.13~pre080323b-0etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mozilla-psm\", ver:\"1.8+1.0.13~pre080323b-0etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mozilla-chatzilla\", ver:\"1.8+1.0.13~pre080323b-0etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceape-dev\", ver:\"1.0.13~pre080323b-0etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mozilla-calendar\", ver:\"1.8+1.0.13~pre080323b-0etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mozilla\", ver:\"1.8+1.0.13~pre080323b-0etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceape-chatzilla\", ver:\"1.0.13~pre080323b-0etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceape\", ver:\"1.0.13~pre080323b-0etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mozilla-mailnews\", ver:\"1.8+1.0.13~pre080323b-0etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mozilla-dom-inspector\", ver:\"1.8+1.0.13~pre080323b-0etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mozilla-dev\", ver:\"1.8+1.0.13~pre080323b-0etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceape-browser\", ver:\"1.0.13~pre080323b-0etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceape-mailnews\", ver:\"1.0.13~pre080323b-0etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceape-calendar\", ver:\"1.0.13~pre080323b-0etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceape-gnome-support\", ver:\"1.0.13~pre080323b-0etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceape-dbg\", ver:\"1.0.13~pre080323b-0etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceape-dom-inspector\", ver:\"1.0.13~pre080323b-0etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:50:00", "description": "The remote host is missing an update to iceape\nannounced via advisory DSA 1534-1.", "cvss3": {}, "published": "2008-04-07T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 1534-1 (iceape)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-4879", "CVE-2008-1236", "CVE-2007-3738", "CVE-2008-1240", "CVE-2007-5338", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1241"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:60655", "href": "http://plugins.openvas.org/nasl.php?oid=60655", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1534_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 1534-1 (iceape)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several remote vulnerabilities have been discovered in the Iceape internet\nsuite, an unbranded version of the Seamonkey Internet Suite. For details\non the issues addressed in this update, please visit the referenced\nsecurity advisories.\n\nFor the stable distribution (etch), these problems have been fixed in\nversion 1.0.13~pre080323b-0etch1.\n\nThe Mozilla products of the old stable distribution (sarge) are no\nlonger supported.\n\nWe recommend that you upgrade your iceape packages.\";\ntag_summary = \"The remote host is missing an update to iceape\nannounced via advisory DSA 1534-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201534-1\";\n\n\nif(description)\n{\n script_id(60655);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-04-07 20:38:54 +0200 (Mon, 07 Apr 2008)\");\n script_cve_id(\"CVE-2007-4879\", \"CVE-2008-1233\", \"CVE-2008-1234\", \"CVE-2008-1235\", \"CVE-2008-1236\", \"CVE-2008-1237\", \"CVE-2008-1238\", \"CVE-2008-1240\", \"CVE-2008-1241\", \"CVE-2007-3738\", \"CVE-2007-5338\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Debian Security Advisory DSA 1534-1 (iceape)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"mozilla-calendar\", ver:\"1.8+1.0.13~pre080323b-0etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mozilla-browser\", ver:\"1.8+1.0.13~pre080323b-0etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mozilla-dev\", ver:\"1.8+1.0.13~pre080323b-0etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mozilla-mailnews\", ver:\"1.8+1.0.13~pre080323b-0etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceape\", ver:\"1.0.13~pre080323b-0etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mozilla-chatzilla\", ver:\"1.8+1.0.13~pre080323b-0etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceape-dev\", ver:\"1.0.13~pre080323b-0etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mozilla\", ver:\"1.8+1.0.13~pre080323b-0etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mozilla-dom-inspector\", ver:\"1.8+1.0.13~pre080323b-0etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mozilla-js-debugger\", ver:\"1.8+1.0.13~pre080323b-0etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceape-chatzilla\", ver:\"1.0.13~pre080323b-0etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mozilla-psm\", ver:\"1.8+1.0.13~pre080323b-0etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceape-browser\", ver:\"1.0.13~pre080323b-0etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceape-calendar\", ver:\"1.0.13~pre080323b-0etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceape-dom-inspector\", ver:\"1.0.13~pre080323b-0etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceape-dbg\", ver:\"1.0.13~pre080323b-0etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceape-gnome-support\", ver:\"1.0.13~pre080323b-0etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceape-mailnews\", ver:\"1.0.13~pre080323b-0etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:50:10", "description": "The remote host is missing an update to iceweasel\nannounced via advisory DSA 1535-1.", "cvss3": {}, "published": "2008-04-07T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 1535-1 (iceweasel)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-4879", "CVE-2008-1236", "CVE-2007-3738", "CVE-2008-1240", "CVE-2007-5338", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1241"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:60657", "href": "http://plugins.openvas.org/nasl.php?oid=60657", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1535_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 1535-1 (iceweasel)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several remote vulnerabilities have been discovered in the Iceweasel\nweb browser, an unbranded version of the Firefox browser. The Common\nVulnerabilities and Exposures project identifies the following\nproblems:\n\nCVE-2007-4879\n\nPeter Brodersen and Alexander Klink discovered that the\nautoselection of SSL client certificates could lead to users\nbeing tracked, resulting in a loss of privacy.\n\nCVE-2008-1233\n\nmoz_bug_r_a4 discovered that variants of CVE-2007-3738 and\nCVE-2007-5338 allow the execution of arbitrary code through\nXPCNativeWrapper.\n\nCVE-2008-1234\n\nmoz_bug_r_a4 discovered that insecure handling of event\nhandlers could lead to cross-site scripting.\n\nCVE-2008-1235\n\nBoris Zbarsky, Johnny Stenback, and moz_bug_r_a4 discovered\nthat incorrect principal handling can lead to cross-site\nscripting and the execution of arbitrary code.\n\nCVE-2008-1236\n\nTom Ferris, Seth Spitzer, Martin Wargers, John Daggett and Mats\nPalmgren discovered crashes in the layout engine, which might\nallow the execution of arbitrary code.\n\nCVE-2008-1237\n\ngeorgi, tgirmann and Igor Bukanov discovered crashes in the\nJavascript engine, which might allow the execution of arbitrary\ncode.\n\nCVE-2008-1238\n\nGregory Fleischer discovered that HTTP Referrer headers were\nhandled incorrectly in combination with URLs containing Basic\nAuthentication credentials with empty usernames, resulting\nin potential Cross-Site Request Forgery attacks.\n\nCVE-2008-1240\n\nGregory Fleischer discovered that web content fetched through\nthe jar: protocol can use Java to connect to arbitrary ports.\nThis is only an issue in combination with the non-free Java\nplugin.\n\nCVE-2008-1241\n\nChris Thomas discovered that background tabs could generate\nXUL popups overlaying the current tab, resulting in potential\nspoofing attacks.\n\nFor the stable distribution (etch), these problems have been fixed in\nversion 2.0.0.13-0etch1.\n\nThe Mozilla products from the old stable distribution (sarge) are no\nlonger supported.\n\nWe recommend that you upgrade your iceweasel packages.\";\ntag_summary = \"The remote host is missing an update to iceweasel\nannounced via advisory DSA 1535-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201535-1\";\n\n\nif(description)\n{\n script_id(60657);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-04-07 20:38:54 +0200 (Mon, 07 Apr 2008)\");\n script_cve_id(\"CVE-2007-4879\", \"CVE-2008-1233\", \"CVE-2008-1234\", \"CVE-2008-1235\", \"CVE-2008-1236\", \"CVE-2008-1237\", \"CVE-2008-1238\", \"CVE-2008-1240\", \"CVE-2008-1241\", \"CVE-2007-3738\", \"CVE-2007-5338\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Debian Security Advisory DSA 1535-1 (iceweasel)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"mozilla-firefox-dom-inspector\", ver:\"2.0.0.13-0etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox\", ver:\"2.0.0.13-0etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-dom-inspector\", ver:\"2.0.0.13-0etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-gnome-support\", ver:\"2.0.0.13-0etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mozilla-firefox-gnome-support\", ver:\"2.0.0.13-0etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-dom-inspector\", ver:\"2.0.0.13-0etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mozilla-firefox\", ver:\"2.0.0.13-0etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel\", ver:\"2.0.0.13-0etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-dbg\", ver:\"2.0.0.13-0etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-gnome-support\", ver:\"2.0.0.13-0etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2020-04-07T16:39:04", "description": "The remote host is probable affected by the vulnerabilitys described in\n CVE-2008-0416, CVE-2007-4879, CVE-2008-1195, CVE-2008-1233,\n CVE-2008-1234, CVE-2008-1235, CVE-2008-1236, CVE-2008-1237,\n CVE-2008-1238, CVE-2008-1240, CVE-2008-1241 and more.", "cvss3": {}, "published": "2008-06-17T00:00:00", "type": "openvas", "title": "Mozilla Firefox, Thunderbird, Seamonkey. Several vulnerabilitys (Linux)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-4879", "CVE-2008-1236", "CVE-2008-1195", "CVE-2008-0412", "CVE-2008-1240", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1233", "CVE-2008-0416", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1241"], "modified": "2020-04-02T00:00:00", "id": "OPENVAS:136141256231090014", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231090014", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Description: Mozilla Firefox, Thunderbird, Seamonkey. Several vulnerabilitys (Linux)\n#\n# Authors:\n# Carsten Koch-Mauthe <c.koch-mauthe at dn-systems.de>\n#\n# Copyright:\n# Copyright (C) 2008 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.90014\");\n script_version(\"2020-04-02T11:36:28+0000\");\n script_tag(name:\"last_modification\", value:\"2020-04-02 11:36:28 +0000 (Thu, 02 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2008-06-17 20:22:38 +0200 (Tue, 17 Jun 2008)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2008-1238\", \"CVE-2008-1240\", \"CVE-2008-1241\", \"CVE-2008-0412\", \"CVE-2008-0416\");\n script_name(\"Mozilla Firefox, Thunderbird, Seamonkey. Several vulnerabilitys (Linux)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2008 Greenbone Networks GmbH\");\n script_family(\"General\");\n\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2008/mfsa2008-14.html\");\n\n script_tag(name:\"solution\", value:\"All Users should upgrade to the latest versions of Firefox, Thunderbird or Seamonkey.\");\n\n script_tag(name:\"summary\", value:\"The remote host is probable affected by the vulnerabilitys described in\n CVE-2008-0416, CVE-2007-4879, CVE-2008-1195, CVE-2008-1233,\n CVE-2008-1234, CVE-2008-1235, CVE-2008-1236, CVE-2008-1237,\n CVE-2008-1238, CVE-2008-1240, CVE-2008-1241 and more.\");\n\n script_tag(name:\"impact\", value:\"Mozilla contributors moz_bug_r_a4, Boris Zbarsky,\n and Johnny Stenback reported a series of vulnerabilities which allow scripts from\n page content to run with elevated privileges. moz_bug_r_a4 demonstrated additional\n variants of MFSA 2007-25 and MFSA2007-35 (arbitrary code execution through\n XPCNativeWrapper pollution). Additional vulnerabilities reported separately by\n Boris Zbarsky, Johnny Stenback, and moz_bug_r_a4 showed that the browser could be\n forced to run JavaScript code using the wrong principal leading to universal XSS\n and arbitrary code execution. And more...\");\n\n script_tag(name:\"deprecated\", value:TRUE); # This NVT is broken in many ways...\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n\n exit(0);\n}\n\nexit(66);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-13T10:49:36", "description": "The remote host is probable affected by the vulnerabilities described in\n CVE-2008-0416, CVE-2007-4879, CVE-2008-1195, CVE-2008-1233,\n CVE-2008-1234, CVE-2008-1235, CVE-2008-1236, CVE-2008-1237,\n CVE-2008-1238, CVE-2008-1240, CVE-2008-1241 and more.", "cvss3": {}, "published": "2008-06-17T00:00:00", "type": "openvas", "title": "Mozilla Firefox, Thunderbird, Seamonkey. Several vulnerabilitys (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-4879", "CVE-2008-1236", "CVE-2008-1195", "CVE-2008-0412", "CVE-2008-1240", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1233", "CVE-2008-0416", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1241"], "modified": "2017-06-28T00:00:00", "id": "OPENVAS:90013", "href": "http://plugins.openvas.org/nasl.php?oid=90013", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: smbcl_mozilla.nasl 6467 2017-06-28 13:51:19Z cfischer $\n# Description: Mozilla Firefox, Thunderbird, Seamonkey. Several vulnerabilitys (Windows)\n#\n# Authors:\n# Carsten Koch-Mauthe <c.koch-mauthe at dn-systems.de>\n# Modified to implement through 'smb_nt.inc'\n# - By Sharath S <sharaths@secpod.com> On 2009-09-17\n#\n# Copyright:\n# Copyright (C) 2008 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ntag_impact = \"Mozilla contributors moz_bug_r_a4, Boris Zbarsky, and Johnny Stenback reported\n a series of vulnerabilities which allow scripts from page content to run with\n elevated privileges. moz_bug_r_a4 demonstrated additional variants of MFSA\n 2007-25 and MFSA2007-35 (arbitrary code execution through XPCNativeWrapper\n pollution). Additional vulnerabilities reported separately by Boris Zbarsky,\n Johnny Stenback, and moz_bug_r_a4 showed that the browser could be forced to\n run JavaScript code using the wrong principal leading to universal XSS\n and arbitrary code execution.\";\n\ntag_summary = \"The remote host is probable affected by the vulnerabilities described in\n CVE-2008-0416, CVE-2007-4879, CVE-2008-1195, CVE-2008-1233,\n CVE-2008-1234, CVE-2008-1235, CVE-2008-1236, CVE-2008-1237,\n CVE-2008-1238, CVE-2008-1240, CVE-2008-1241 and more.\";\n\ntag_solution = \"All Users should upgrade to the latest versions of Firefox, Thunderbird or\n Seamonkey.\n http://www.mozilla.com/en-US/firefox/all.html\n http://www.seamonkey-project.org/releases/\n http://www.mozillamessaging.com/en-US/thunderbird/all.html\";\n\n# $Revision: 6467 $\n\nif(description)\n{\n script_id(90013);\n script_version(\"$Revision: 6467 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-06-28 15:51:19 +0200 (Wed, 28 Jun 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-06-17 20:22:38 +0200 (Tue, 17 Jun 2008)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2008-0412\", \"CVE-2008-0416\", \"CVE-2008-1238\", \"CVE-2008-1240\", \"CVE-2008-1241\");\n script_bugtraq_id(28448);\n script_name(\"Mozilla Firefox, Thunderbird, Seamonkey. Several vulnerabilitys (Windows)\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2008/mfsa2008-14.html\");\n\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"qod_type\", value:\"registry\");\n script_copyright(\"Copyright (C) 2008 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_firefox_detect_win.nasl\", \"gb_seamonkey_detect_win.nasl\", \"gb_thunderbird_detect_win.nasl\");\n script_mandatory_keys(\"Mozilla/Firefox_or_Seamonkey_or_Thunderbird/Installed\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"impact\" , value : tag_impact);\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"version_func.inc\");\n\n# Firefox Check\nffVer = get_kb_item(\"Firefox/Win/Ver\");\nif(ffVer)\n{\n # Grep for Firefox version < 2.0.0.14\n if(version_is_less(version:ffVer, test_version:\"2.0.0.14\"))\n {\n security_message(0);\n exit(0);\n }\n}\n\n# Seamonkey Check\nsmVer = get_kb_item(\"Seamonkey/Win/Ver\");\nif(smVer)\n{\n # Grep for Seamonkey version < 1.1.9\n if(version_is_less(version:smVer, test_version:\"1.1.9\"))\n {\n security_message(0);\n exit(0);\n }\n}\n\n# Thunderbird Check\ntbVer = get_kb_item(\"Thunderbird/Win/Ver\");\nif(tbVer)\n{\n # Grep for Thunderbird version < 2.0.0.14\n if(version_is_less(version:tbVer, test_version:\"2.0.0.14\")){\n security_message(0);\n }\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-08T11:44:49", "description": "The remote host is probable affected by the vulnerabilitys described in \nCVE-2008-0416, CVE-2007-4879, CVE-2008-1195, CVE-2008-1233,\nCVE-2008-1234, CVE-2008-1235, CVE-2008-1236, CVE-2008-1237,\nCVE-2008-1238, CVE-2008-1240, CVE-2008-1241 and more.\n\n\nImpact\n Mozilla contributors moz_bug_r_a4, Boris Zbarsky, \n and Johnny Stenback reported a series of vulnerabilities \n which allow scripts from page content to run with elevated\n privileges. moz_bug_r_a4 demonstrated additional variants\n of MFSA 2007-25 and MFSA2007-35 (arbitrary code execution\n through XPCNativeWrapper pollution). Additional \n vulnerabilities reported separately by Boris Zbarsky, \n Johnny Stenback, and moz_bug_r_a4 showed that the browser\n could be forced to run JavaScript code using the wrong \n principal leading to universal XSS and arbitrary code execution.\n And more...", "cvss3": {}, "published": "2008-06-17T00:00:00", "type": "openvas", "title": "Mozilla Firefox, Thunderbird, Seamonkey. Several vulnerabilitys (Linux)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-4879", "CVE-2008-1236", "CVE-2008-1195", "CVE-2008-0412", "CVE-2008-1240", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1233", "CVE-2008-0416", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1241"], "modified": "2017-12-07T00:00:00", "id": "OPENVAS:90014", "href": "http://plugins.openvas.org/nasl.php?oid=90014", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: mozilla_CB-A08-0017.nasl 8023 2017-12-07 08:36:26Z teissa $\n# Description: Mozilla Firefox, Thunderbird, Seamonkey. Several vulnerabilitys (Linux)\n#\n# Authors:\n# Carsten Koch-Mauthe <c.koch-mauthe at dn-systems.de>\n#\n# Copyright:\n# Copyright (C) 2008 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ntag_summary = \"The remote host is probable affected by the vulnerabilitys described in \nCVE-2008-0416, CVE-2007-4879, CVE-2008-1195, CVE-2008-1233,\nCVE-2008-1234, CVE-2008-1235, CVE-2008-1236, CVE-2008-1237,\nCVE-2008-1238, CVE-2008-1240, CVE-2008-1241 and more.\n\n\nImpact\n Mozilla contributors moz_bug_r_a4, Boris Zbarsky, \n and Johnny Stenback reported a series of vulnerabilities \n which allow scripts from page content to run with elevated\n privileges. moz_bug_r_a4 demonstrated additional variants\n of MFSA 2007-25 and MFSA2007-35 (arbitrary code execution\n through XPCNativeWrapper pollution). Additional \n vulnerabilities reported separately by Boris Zbarsky, \n Johnny Stenback, and moz_bug_r_a4 showed that the browser\n could be forced to run JavaScript code using the wrong \n principal leading to universal XSS and arbitrary code execution.\n And more...\";\n\ntag_solution = \"All Users should upgrade to the latest versions of Firefox, Thunderbird or Seamonkey.\";\n\n# $Revision: 8023 $\n\nif(description)\n{\n\n script_id(90014);\n script_version(\"$Revision: 8023 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-07 09:36:26 +0100 (Thu, 07 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-06-17 20:22:38 +0200 (Tue, 17 Jun 2008)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2008-1238\", \"CVE-2008-1240\", \"CVE-2008-1241\", \"CVE-2008-0412\", \"CVE-2008-0416\");\n name = \"Mozilla Firefox, Thunderbird, Seamonkey. Several vulnerabilitys (Linux)\";\n script_name(name);\n\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2008/mfsa2008-14.html\");\n\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_copyright(\"Copyright (C) 2008 Greenbone Networks GmbH\");\n family = \"General\";\n script_family(family);\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"login/SSH/success\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n\n # This NVT is broken in many ways...\n script_tag(name:\"deprecated\", value:TRUE); \n\n exit(0);\n}\n\nexit(66);\n\ninclude(\"ssh_func.inc\");\ninclude(\"version_func.inc\");\n\nsock = ssh_login_or_reuse_connection();\nif(!sock){\n exit(0);\n}\n\nr = find_bin(prog_name:\"firefox\", sock:sock);\nforeach binary_name (r) {\n binary_name = chomp(binary_name);\n ver = get_bin_version(full_prog_name:binary_name, version_argv:\"--version\", ver_pattern:\"([0-9\\.]+)\");\n if(ver != NULL) {\n if(version_is_less(version:ver[0], test_version:\"2.0.0.14\") ) {\n security_message(port:0);\n report = string(\"\\nFound : \") + binary_name + \" Version : \" + ver[max_index(ver)-1] + string(\"\\n\");\n security_message(port:0, data:report);\n } \n }\n}\nr = find_bin(prog_name:\"thunderbird\", sock:sock);\nforeach binary_name (r) {\n binary_name = chomp(binary_name);\n ver = get_bin_version(full_prog_name:binary_name, version_argv:\"--version\", ver_pattern:\"([0-9\\.]+)\");\n if(ver != NULL) {\n if(version_is_less(version:ver[0], test_version:\"2.0.0.14\") ) {\n security_message(port:0);\n report = string(\"\\nFound : \") + binary_name + \" Version : \" + ver[max_index(ver)-1] + string(\"\\n\");\n security_message(port:0, data:report);\n } \n }\n}\nr = find_bin(prog_name:\"seamonkey\", sock:sock);\nforeach binary_name (r) {\n binary_name = chomp(binary_name);\n ver = get_bin_version(full_prog_name:binary_name, version_argv:\"--version\", ver_pattern:\"([0-9\\.]+)\");\n if(ver != NULL) {\n if(version_is_less(version:ver[0], test_version:\"1.1.9\") ) {\n security_message(port:0);\n report = string(\"\\nFound : \") + binary_name + \" Version : \" + ver[max_index(ver)-1] + string(\"\\n\");\n security_message(port:0, data:report);\n } \n }\n}\n\nexit(0);\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:50:22", "description": "The remote host is missing updates announced in\nadvisory GLSA 200805-18.", "cvss3": {}, "published": "2008-09-24T00:00:00", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200805-18 (mozilla ...)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-4879", "CVE-2008-0417", "CVE-2008-1236", "CVE-2008-0412", "CVE-2008-0419", "CVE-2008-0594", "CVE-2008-1240", "CVE-2008-1237", "CVE-2008-0593", "CVE-2008-1238", "CVE-2008-0413", "CVE-2008-1380", "CVE-2008-1233", "CVE-2008-0418", "CVE-2008-0416", "CVE-2008-0304", "CVE-2008-0592", "CVE-2008-0414", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-0420", "CVE-2008-1241", "CVE-2008-0415", "CVE-2008-0591"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:61052", "href": "http://plugins.openvas.org/nasl.php?oid=61052", "sourceData": "# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities have been reported in Mozilla Firefox,\nThunderbird, SeaMonkey and XULRunner, some of which may allow\nuser-assisted execution of arbitrary code.\";\ntag_solution = \"Upgrade to the latest package. For details, please visit the\nreferenced security advisory.\n\nNOTE: The crash vulnerability (CVE-2008-1380) is currently unfixed in the\nSeaMonkey binary ebuild, as no precompiled packages have been released.\nUntil an update is available, we recommend all SeaMonkey users to disable\nJavaScript, use Firefox for JavaScript-enabled browsing, or switch to the\nSeaMonkey source ebuild.\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200805-18\nhttp://bugs.gentoo.org/show_bug.cgi?id=208128\nhttp://bugs.gentoo.org/show_bug.cgi?id=214816\nhttp://bugs.gentoo.org/show_bug.cgi?id=218065\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200805-18.\";\n\n \n\nif(description)\n{\n script_id(61052);\n script_version(\"$Revision: 6596 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:21:37 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)\");\n script_cve_id(\"CVE-2007-4879\", \"CVE-2008-0304\", \"CVE-2008-0412\", \"CVE-2008-0413\", \"CVE-2008-0414\", \"CVE-2008-0415\", \"CVE-2008-0416\", \"CVE-2008-0417\", \"CVE-2008-0418\", \"CVE-2008-0419\", \"CVE-2008-0420\", \"CVE-2008-0591\", \"CVE-2008-0592\", \"CVE-2008-0593\", \"CVE-2008-0594\", \"CVE-2008-1233\", \"CVE-2008-1234\", \"CVE-2008-1235\", \"CVE-2008-1236\", \"CVE-2008-1237\", \"CVE-2008-1238\", \"CVE-2008-1240\", \"CVE-2008-1241\", \"CVE-2008-1380\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Gentoo Security Advisory GLSA 200805-18 (mozilla ...)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"www-client/mozilla-firefox\", unaffected: make_list(\"ge 2.0.0.14\"), vulnerable: make_list(\"lt 2.0.0.14\"))) != NULL) {\n report += res;\n}\nif ((res = ispkgvuln(pkg:\"www-client/mozilla-firefox-bin\", unaffected: make_list(\"ge 2.0.0.14\"), vulnerable: make_list(\"lt 2.0.0.14\"))) != NULL) {\n report += res;\n}\nif ((res = ispkgvuln(pkg:\"mail-client/mozilla-thunderbird\", unaffected: make_list(\"ge 2.0.0.14\"), vulnerable: make_list(\"lt 2.0.0.14\"))) != NULL) {\n report += res;\n}\nif ((res = ispkgvuln(pkg:\"mail-client/mozilla-thunderbird-bin\", unaffected: make_list(\"ge 2.0.0.14\"), vulnerable: make_list(\"lt 2.0.0.14\"))) != NULL) {\n report += res;\n}\nif ((res = ispkgvuln(pkg:\"www-client/seamonkey\", unaffected: make_list(\"ge 1.1.9-r1\"), vulnerable: make_list(\"lt 1.1.9-r1\"))) != NULL) {\n report += res;\n}\nif ((res = ispkgvuln(pkg:\"www-client/seamonkey-bin\", unaffected: make_list(\"ge 1.1.9\"), vulnerable: make_list(\"lt 1.1.9\"))) != NULL) {\n report += res;\n}\nif ((res = ispkgvuln(pkg:\"net-libs/xulrunner\", unaffected: make_list(\"ge 1.8.1.14\"), vulnerable: make_list(\"lt 1.8.1.14\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "seebug": [{"lastseen": "2017-11-19T21:44:43", "description": "BUGTRAQ ID: 28448\r\nCVE(CAN) ID: CVE-2008-1241,CVE-2008-1240,CVE-2007-4879,CVE-2008-1238,CVE-2008-1236,CVE-2008-1237,CVE-2008-1233,CVE-2008-1234,CVE-2008-1235\r\n\r\nFirefox/Thunderbird/SeaMonkey\u662fMozilla\u6240\u53d1\u5e03\u7684WEB\u6d4f\u89c8\u5668\u548c\u90ae\u4ef6/\u65b0\u95fb\u7ec4\u5ba2\u6237\u7aef\u3002\r\n\r\nFirefox\u4e2d\u7684\u591a\u4e2a\u5b89\u5168\u6f0f\u6d1e\u5141\u8bb8\u6076\u610f\u7528\u6237\u6cc4\u9732\u654f\u611f\u4fe1\u606f\u3001\u7ed5\u8fc7\u5b89\u5168\u9650\u5236\u3001\u6267\u884c\u6b3a\u9a97\u653b\u51fb\u6216\u5165\u4fb5\u7528\u6237\u7cfb\u7edf\u3002\u7531\u4e8e\u4ee3\u7801\u5171\u4eab\uff0cThunderbird\u548cSeaMonkey\u4e5f\u53d7\u8fd9\u4e9b\u6f0f\u6d1e\u7684\u5f71\u54cd\u3002\r\n\r\n1) XPCNativeWrappers\u8c03\u7528\u4e2d\u7684\u5b89\u5168\u6f0f\u6d1e\u53ef\u80fd\u5141\u8bb8\u901a\u8fc7setTimeout()\u8c03\u7528\u4ee5\u7528\u6237\u6743\u9650\u6267\u884c\u4efb\u610fJavascript\u4ee3\u7801\u3002\r\n\r\n2) Javascript\u5f15\u64ce\u4e2d\u7684\u5404\u79cd\u9519\u8bef\u53ef\u80fd\u5bfc\u81f4\u5185\u5b58\u7834\u574f\uff0c\u5141\u8bb8\u7528\u6237\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\r\n\r\n3) \u5982\u679c\u5411URL\u53d1\u9001\u8bf7\u6c42\u7684HTTP Referer:\u5934\u7684Basic Authentication\u51ed\u636e\u4e2d\u7528\u6237\u540d\u4e3a\u7a7a\u7684\u8bdd\uff0c\u5c31\u53ef\u4ee5\u7ed5\u8fc7\u8de8\u7ad9\u8bf7\u6c42\u4f2a\u9020\u9632\u62a4\u3002\r\n\r\n4) \u5728\u521b\u5efa\u5230\u8bf7\u6c42\u4e86SSL\u5ba2\u6237\u7aef\u8ba4\u8bc1\u7684Web\u670d\u52a1\u5668\u7684\u8fde\u63a5\u65f6\uff0cFirefox\u63d0\u4f9b\u4e86\u4e4b\u524d\u914d\u7f6e\u7684\u79c1\u6709SSL\u8bc1\u4e66\uff0c\u8fd9\u53ef\u80fd\u5bfc\u81f4\u6cc4\u9732\u654f\u611f\u4fe1\u606f\u3002 \r\n\r\n5) jar:\u534f\u8bae\u5904\u7406\u4e2d\u7684\u9519\u8bef\u53ef\u80fd\u5bfc\u81f4\u521b\u5efa\u5230\u672c\u5730\u673a\u5668\u4e0a\u4efb\u610f\u7aef\u53e3\u7684\u8fde\u63a5\u3002\r\n\r\n6) \u5728\u663e\u793aXUL\u5f39\u51fa\u7a97\u53e3\u65f6\u7684\u9519\u8bef\u53ef\u80fd\u88ab\u5229\u7528\u9690\u85cf\u7a97\u53e3\u8fb9\u754c\uff0c\u8fd9\u6709\u52a9\u4e8e\u9493\u9c7c\u653b\u51fb\u3002\r\n\r\n\n\nMozilla Firefox <= 2.0.0.12\r\nMozilla Thunderbird <= 2.0.0.12\r\nMozilla SeaMonkey <= 1.1.8\n Mozilla\r\n-------\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\n<a href=http://www.mozilla.org/ target=_blank>http://www.mozilla.org/</a>\r\n\r\nRedHat\r\n------\r\nRedHat\u5df2\u7ecf\u4e3a\u6b64\u53d1\u5e03\u4e86\u4e00\u4e2a\u5b89\u5168\u516c\u544a\uff08RHSA-2008:0207-01\uff09\u4ee5\u53ca\u76f8\u5e94\u8865\u4e01:\r\nRHSA-2008:0207-01\uff1aCritical: firefox security update\r\n\u94fe\u63a5\uff1a<a href=https://www.redhat.com/support/errata/RHSA-2008-0207.html target=_blank>https://www.redhat.com/support/errata/RHSA-2008-0207.html</a>", "cvss3": {}, "published": "2008-03-31T00:00:00", "title": "Mozilla Thunderbird/Seamonkey/Firefox 2.0.0.13\u7248\u672c\u4fee\u590d\u591a\u4e2a\u5b89\u5168\u6f0f\u6d1e", "type": "seebug", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2007-4879", "CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1236", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1240", "CVE-2008-1241"], "modified": "2008-03-31T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-3105", "id": "SSV:3105", "sourceData": "\n http://pseudo-flaw.net/r/referer-spoofing-with-at/\r\n\r\nhttps://bugzilla.mozilla.org/attachment.cgi?id=291347 \r\nhttps://bugzilla.mozilla.org/attachment.cgi?id=291348\n ", "sourceHref": "https://www.seebug.org/vuldb/ssvid-3105", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "suse": [{"lastseen": "2021-06-08T18:39:38", "description": "The web browser Mozilla Firefox was brought to security update version 2.0.0.13.\n#### Solution\nThere is no known workaround, please install the update packages.", "cvss3": {}, "published": "2008-04-04T15:01:05", "type": "suse", "title": "remote code execution in MozillaFirefox", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2007-4879", "CVE-2008-1236", "CVE-2008-1195", "CVE-2008-1240", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1241"], "modified": "2008-04-04T15:01:05", "id": "SUSE-SA:2008:019", "href": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00002.html", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "ubuntu": [{"lastseen": "2022-01-04T13:33:04", "description": "Alexey Proskuryakov, Yosuke Hasegawa and Simon Montagu discovered flaws \nin Firefox's character encoding handling. If a user were tricked into \nopening a malicious web page, an attacker could perform cross-site \nscripting attacks. (CVE-2008-0416)\n\nVarious flaws were discovered in the JavaScript engine. By tricking \na user into opening a malicious web page, an attacker could escalate \nprivileges within the browser, perform cross-site scripting attacks \nand/or execute arbitrary code with the user's privileges. \n(CVE-2008-1233, CVE-2008-1234, CVE-2008-1235)\n\nSeveral problems were discovered in Firefox which could lead to crashes \nand memory corruption. If a user were tricked into opening a malicious \nweb page, an attacker may be able to execute arbitrary code with the \nuser's privileges. (CVE-2008-1236, CVE-2008-1237)\n\nGregory Fleischer discovered Firefox did not properly process HTTP \nReferrer headers when they were sent with with requests to URLs \ncontaining Basic Authentication credentials with empty usernames. An \nattacker could exploit this vulnerability to perform cross-site request \nforgery attacks. (CVE-2008-1238)\n\nPeter Brodersen and Alexander Klink reported that default the setting in \nFirefox for SSL Client Authentication allowed for users to be tracked \nvia their client certificate. The default has been changed to prompt \nthe user each time a website requests a client certificate. \n(CVE-2007-4879)\n\nGregory Fleischer discovered that web content fetched via the jar \nprotocol could use Java LiveConnect to connect to arbitrary ports on \nthe user's machine due to improper parsing in the Java plugin. If a \nuser were tricked into opening malicious web content, an attacker may be \nable to access services running on the user's machine. (CVE-2008-1195, \nCVE-2008-1240)\n\nChris Thomas discovered that Firefox would allow an XUL popup from an \nunselected tab to display in front of the selected tab. An attacker \ncould exploit this behavior to spoof a login prompt and steal the user's \ncredentials. (CVE-2008-1241)\n", "cvss3": {}, "published": "2008-03-26T00:00:00", "type": "ubuntu", "title": "Firefox vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": true, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-1195", "CVE-2008-1234", "CVE-2008-1241", "CVE-2008-1233", "CVE-2008-1240", "CVE-2008-1237", "CVE-2008-1238", "CVE-2007-4879", "CVE-2008-1235", "CVE-2008-1236", "CVE-2008-0416"], "modified": "2008-03-26T00:00:00", "id": "USN-592-1", "href": "https://ubuntu.com/security/notices/USN-592-1", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "securityvulns": [{"lastseen": "2021-06-08T18:56:45", "description": "Javascript privilege esccalation and code execution, crossite scripting, multiple DoS conditions, URI and dialogs spoofing, local ports access from Java, privacy problems on SSL authentication.", "edition": 2, "cvss3": {}, "published": "2008-03-28T00:00:00", "title": "Mozilla Firefox / Seamonkey multiple security vulnerabilities", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2007-4879", "CVE-2008-1236", "CVE-2008-1195", "CVE-2008-1240", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1233", "CVE-2008-0416", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1241"], "modified": "2008-03-28T00:00:00", "id": "SECURITYVULNS:VULN:8838", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:8838", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "debian": [{"lastseen": "2022-03-17T14:30:26", "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-1532-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nMarch 27, 2008 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : xulrunner\nVulnerability : several\nProblem-Type : remote\nDebian-specific: no\nCVE ID : CVE-2007-4879 CVE-2008-1233 CVE-2008-1234 CVE-2008-1235\n CVE-2008-1236 CVE-2008-1237 CVE-2008-1238 CVE-2008-1240\n CVE-2008-1241\n\nSeveral remote vulnerabilities have been discovered in Xulrunner, a\nruntime environment for XUL applications. The Common Vulnerabilities\nand Exposures project identifies the following problems:\n\nCVE-2007-4879\n\n Peter Brodersen and Alexander Klink discovered that the\n autoselection of SSL client certificates could lead to users\n being tracked, resulting in a loss of privacy.\n\nCVE-2008-1233\n\n "moz_bug_r_a4" discovered that variants of CVE-2007-3738 and\n CVE-2007-5338 allow the execution of arbitrary code through\n XPCNativeWrapper.\n\nCVE-2008-1234\n\n "moz_bug_r_a4" discovered that insecure handling of event\n handlers could lead to cross-site scripting.\n\nCVE-2008-1235\n \n Boris Zbarsky, Johnny Stenback, and "moz_bug_r_a4" discovered\n that incorrect principal handling could lead to cross-site\n scripting and the execution of arbitrary code.\n\nCVE-2008-1236\n\n Tom Ferris, Seth Spitzer, Martin Wargers, John Daggett and Mats\n Palmgren discovered crashes in the layout engine, which might\n allow the execution of arbitrary code.\n\nCVE-2008-1237\n\n "georgi", "tgirmann" and Igor Bukanov discovered crashes in the\n Javascript engine, which might allow the execution of arbitrary\n code.\n\nCVE-2008-1238\n\n Gregory Fleischer discovered that HTTP Referrer headers were\n handled incorrectly in combination with URLs containing Basic\n Authentication credentials with empty usernames, resulting\n in potential Cross-Site Request Forgery attacks.\n\nCVE-2008-1240\n\n Gregory Fleischer discovered that web content fetched through\n the jar: protocol can use Java to connect to arbitrary ports.\n This is only an issue in combination with the non-free Java\n plugin.\n\nCVE-2008-1241\n\n Chris Thomas discovered that background tabs could generate\n XUL popups overlaying the current tab, resulting in potential\n spoofing attacks.\n\nFor the stable distribution (etch), these problems have been fixed in\nversion 1.8.0.15~pre080323b-0etch1.\n\nThe Mozilla products from the old stable distribution (sarge) are\nno longer supported.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.8.1.13-1.\n\n\nWe recommend that you upgrade your xulrunner packages.\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian 4.0 (stable)\n- -------------------\n\nStable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.15~pre080323b.orig.tar.gz\n Size/MD5 checksum: 45764828 f7e8262a29bf69cce700927bef7300af\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.15~pre080323b-0etch1.diff.gz\n Size/MD5 checksum: 145281 bfc8c2aa41a7862e08aea26d511b0d7f\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.15~pre080323b-0etch1.dsc\n Size/MD5 checksum: 1346 b9aa349380f911380c63ea80d830e714\n\nArchitecture independent packages:\n\n http://security.debian.org/pool/updates/main/x/xulrunner/libsmjs1_1.8.0.15~pre080323b-0etch1_all.deb\n Size/MD5 checksum: 35882 f2ce370eaf317061047c2ddb5d06fe9e\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.8.0.15~pre080323b-0etch1_all.deb\n Size/MD5 checksum: 175242 8fbf589810a9b9ba093f0a1edfcb35a8\n http://security.debian.org/pool/updates/main/x/xulrunner/libsmjs-dev_1.8.0.15~pre080323b-0etch1_all.deb\n Size/MD5 checksum: 35922 920c075859f9b5eefd80e15bc99d7bdd\n http://security.debian.org/pool/updates/main/x/xulrunner/libxul-dev_1.8.0.15~pre080323b-0etch1_all.deb\n Size/MD5 checksum: 2837876 633673664eed374b6430312dfb6e0c63\n http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-dev_1.8.0.15~pre080323b-0etch1_all.deb\n Size/MD5 checksum: 238196 c59bb911bbab99561ea6062bef50da97\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozillainterfaces-java_1.8.0.15~pre080323b-0etch1_all.deb\n Size/MD5 checksum: 1030224 cd6b30bdbae92062cc9df0895a9e4062\n http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-dev_1.8.0.15~pre080323b-0etch1_all.deb\n Size/MD5 checksum: 211622 9a16bcf2dc9628ad51e77ced0fbeded7\n http://security.debian.org/pool/updates/main/x/xulrunner/libxul-common_1.8.0.15~pre080323b-0etch1_all.deb\n Size/MD5 checksum: 1088114 6283895f8024771715073e99ef85a3b3\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.15~pre080323b-0etch1_alpha.deb\n Size/MD5 checksum: 161226 d729ab085bdee6e9dcf1dce05850a14e\n http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.15~pre080323b-0etch1_alpha.deb\n Size/MD5 checksum: 3186384 c8245333f0130863a80879c3811929db\n http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.15~pre080323b-0etch1_alpha.deb\n Size/MD5 checksum: 906444 b70dcd7971c698078dc68f11abe5e1aa\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.15~pre080323b-0etch1_alpha.deb\n Size/MD5 checksum: 764982 4a1e753e3842e06918f9323b6240f856\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.15~pre080323b-0etch1_alpha.deb\n Size/MD5 checksum: 291230 57f40c7ad0e0f90387ede43c30ece309\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.15~pre080323b-0etch1_alpha.deb\n Size/MD5 checksum: 70456 3b2f1ff05eadb6b0340863f1d07fc63f\n http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.15~pre080323b-0etch1_alpha.deb\n Size/MD5 checksum: 45975008 10514a1d33bb59593369a93bf4f76de8\n http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.15~pre080323b-0etch1_alpha.deb\n Size/MD5 checksum: 7332642 f96396caa887d64f6d74a81b5228e2b2\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.15~pre080323b-0etch1_alpha.deb\n Size/MD5 checksum: 385530 62d1df3e585b309fc07c5660e2f414b4\n http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.15~pre080323b-0etch1_alpha.deb\n Size/MD5 checksum: 52438 22eab64b251c3e9ee06af63d708a82ff\n http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.15~pre080323b-0etch1_alpha.deb\n Size/MD5 checksum: 130362 379933f55ced82411f6915d06b73a664\n http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.15~pre080323b-0etch1_alpha.deb\n Size/MD5 checksum: 301088 fd967936c8f8acc89af1916ddb121ecc\n http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.15~pre080323b-0etch1_alpha.deb\n Size/MD5 checksum: 738554 2d2de82747b04baad87cd396f550d1bf\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.15~pre080323b-0etch1_amd64.deb\n Size/MD5 checksum: 148652 d0b4c30467002dea3626d90cb3297686\n http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.15~pre080323b-0etch1_amd64.deb\n Size/MD5 checksum: 6331562 ecd902372e4951675dc503b7090161fc\n http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.15~pre080323b-0etch1_amd64.deb\n Size/MD5 checksum: 45177656 9a724b6f54ad3e93baac620d03bc6401\n http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.15~pre080323b-0etch1_amd64.deb\n Size/MD5 checksum: 124378 da9982815bc3835842e9cb0237394982\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.15~pre080323b-0etch1_amd64.deb\n Size/MD5 checksum: 354910 4946a918d569cccc124ee2f59be69af7\n http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.15~pre080323b-0etch1_amd64.deb\n Size/MD5 checksum: 51862 f66865da6c44f43baa1a710f2bc7c2e3\n http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.15~pre080323b-0etch1_amd64.deb\n Size/MD5 checksum: 669580 71e5321adeba7c1d4229e60f63d43069\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.15~pre080323b-0etch1_amd64.deb\n Size/MD5 checksum: 753904 d1ff3bb62276219b7c32b6e33884172f\n http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.15~pre080323b-0etch1_amd64.deb\n Size/MD5 checksum: 3174456 c426cff365dd6c40c563f27573360770\n http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.15~pre080323b-0etch1_amd64.deb\n Size/MD5 checksum: 808390 e86e788d2de494f12920f643158f1b6f\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.15~pre080323b-0etch1_amd64.deb\n Size/MD5 checksum: 277228 63ac70cbbd875ae7fb936b1741671d54\n http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.15~pre080323b-0etch1_amd64.deb\n Size/MD5 checksum: 303338 47356a1188c0317da55b9fd9a5a5846e\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.15~pre080323b-0etch1_amd64.deb\n Size/MD5 checksum: 68270 db208422feaf2260ae88cbef481aa611\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.15~pre080323b-0etch1_i386.deb\n Size/MD5 checksum: 49652 b1e665106b63bc6ad8f04cfb77d9ed11\n http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.15~pre080323b-0etch1_i386.deb\n Size/MD5 checksum: 116748 41cc2a92e3e04b1559dbdd7b72fb7554\n http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.15~pre080323b-0etch1_i386.deb\n Size/MD5 checksum: 5372530 250f5b5f520ec5928c1bd66991bbda1f\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.15~pre080323b-0etch1_i386.deb\n Size/MD5 checksum: 62786 f655dcb5aeec4a2c8923c232a388b471\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.15~pre080323b-0etch1_i386.deb\n Size/MD5 checksum: 335966 50a07d15670d74e724f8e483488949e3\n http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.15~pre080323b-0etch1_i386.deb\n Size/MD5 checksum: 3032842 20bee79266e72f57403cb3152671086d\n http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.15~pre080323b-0etch1_i386.deb\n Size/MD5 checksum: 44658644 8aade9e0c4627707dd1ca99a28e132aa\n http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.15~pre080323b-0etch1_i386.deb\n Size/MD5 checksum: 741670 c3951402efc54ddba61955fd93d8e3ce\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.15~pre080323b-0etch1_i386.deb\n Size/MD5 checksum: 714016 c98812879b4550e6dd9e9e36b494f850\n http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.15~pre080323b-0etch1_i386.deb\n Size/MD5 checksum: 295656 0edd608c1d4dbb74ee978e8447f0face\n http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.15~pre080323b-0etch1_i386.deb\n Size/MD5 checksum: 627318 e00b9254b0fbde1ff7c439e7f944c5ae\n http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.15~pre080323b-0etch1_i386.deb\n Size/MD5 checksum: 138788 f0fa8a248699b29c1bb0f6bc9c42079b\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.15~pre080323b-0etch1_i386.deb\n Size/MD5 checksum: 266766 d1ca812ce1ceb0eeab2ced78d0284a25\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.15~pre080323b-0etch1_ia64.deb\n Size/MD5 checksum: 56664 f5a75b2bb0b2823f23842a7a59923c8c\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.15~pre080323b-0etch1_ia64.deb\n Size/MD5 checksum: 79828 76473d42d1d983482338404bcdc0d865\n http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.15~pre080323b-0etch1_ia64.deb\n Size/MD5 checksum: 286608 2605ca0cd488319d2e86fb053ccf31d4\n http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.15~pre080323b-0etch1_ia64.deb\n Size/MD5 checksum: 936698 58fc441685f9c8a0bbed396f97072bfa\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.15~pre080323b-0etch1_ia64.deb\n Size/MD5 checksum: 332758 cf8c60c72fe7affa7a1ff84a17ec1aca\n http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.15~pre080323b-0etch1_ia64.deb\n Size/MD5 checksum: 197996 0207c44d2d339999f14b774eb39120de\n http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.15~pre080323b-0etch1_ia64.deb\n Size/MD5 checksum: 3051188 989a4d21ba77742e40a04406ac37fe74\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.15~pre080323b-0etch1_ia64.deb\n Size/MD5 checksum: 531358 0e4beefa497ac52badd68a16813c100c\n http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.15~pre080323b-0etch1_ia64.deb\n Size/MD5 checksum: 1121218 c6ad4ad7f40f89720b809e86db1970fb\n http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.15~pre080323b-0etch1_ia64.deb\n Size/MD5 checksum: 9669140 ef137b9f65d18ec6bdad0881866bcb16\n http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.15~pre080323b-0etch1_ia64.deb\n Size/MD5 checksum: 149248 8dd09b6e7cfbd14793e308c7a96f6961\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.15~pre080323b-0etch1_ia64.deb\n Size/MD5 checksum: 756024 b553fb0b46c31c24ba97703758c9631d\n http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.15~pre080323b-0etch1_ia64.deb\n Size/MD5 checksum: 45389676 d6aa7c13c2213f62c5c302a3a60344f2\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.15~pre080323b-0etch1_mips.deb\n Size/MD5 checksum: 785092 4edf15273e68511a2d446dd07d0dd809\n http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.15~pre080323b-0etch1_mips.deb\n Size/MD5 checksum: 46723876 ee24fe73fd2300a8b2de27273085f6eb\n http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.15~pre080323b-0etch1_mips.deb\n Size/MD5 checksum: 3289318 586bc4d51c3b8d7ccd60e42ef5c98753\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.15~pre080323b-0etch1_mips.deb\n Size/MD5 checksum: 274386 7311c00c61911e38d78f6ecac78047c5\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.15~pre080323b-0etch1_mips.deb\n Size/MD5 checksum: 63498 05c52433cb018f6f69f1478f8ad3a327\n http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.15~pre080323b-0etch1_mips.deb\n Size/MD5 checksum: 311870 7f9eb42dbc6b12dbdcf1b0d0542332d6\n http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.15~pre080323b-0etch1_mips.deb\n Size/MD5 checksum: 50778 8bed283129f6829b14ffdd412a5ff263\n http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.15~pre080323b-0etch1_mips.deb\n Size/MD5 checksum: 118094 245b435752a2bb02fb2462ff2a10db6a\n http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.15~pre080323b-0etch1_mips.deb\n Size/MD5 checksum: 669864 f9f020be575216a0928462f1d8e90ef4\n http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.15~pre080323b-0etch1_mips.deb\n Size/MD5 checksum: 5946452 27ae0bd5b72056f79be3032aa32d3e3f\n http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.15~pre080323b-0etch1_mips.deb\n Size/MD5 checksum: 145790 851c54d5d237ff610b3d5ab98d5fde5a\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.15~pre080323b-0etch1_mips.deb\n Size/MD5 checksum: 351584 5f32453811c2992e2e52f0f574909fdb\n http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.15~pre080323b-0etch1_mips.deb\n Size/MD5 checksum: 808368 077cf1def9c63a018ba5ba94a4016576\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.15~pre080323b-0etch1_mipsel.deb\n Size/MD5 checksum: 117784 1572f36c48293326a866cdfe34cfdfae\n http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.15~pre080323b-0etch1_mipsel.deb\n Size/MD5 checksum: 145356 1bf8c9026f7e86a4dd9a4a226c01c2b3\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.15~pre080323b-0etch1_mipsel.deb\n Size/MD5 checksum: 350146 c52571ed70ce5ba88eb745691bf01ebb\n http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.15~pre080323b-0etch1_mipsel.deb\n Size/MD5 checksum: 669682 1d6d7b0cce2283b9d468f7e9e63014e1\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.15~pre080323b-0etch1_mipsel.deb\n Size/MD5 checksum: 64070 029439008e32a309b2c48a2cc40e9540\n http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.15~pre080323b-0etch1_mipsel.deb\n Size/MD5 checksum: 304858 ae2b98349c0c6e833c4b446bfe3e6c6e\n http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.15~pre080323b-0etch1_mipsel.deb\n Size/MD5 checksum: 51366 4d5c48175269f4bba867a894cd680487\n http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.15~pre080323b-0etch1_mipsel.deb\n Size/MD5 checksum: 45326432 ad07c2fc78e16fc9787fc6aa5d520c38\n http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.15~pre080323b-0etch1_mipsel.deb\n Size/MD5 checksum: 3186104 d54c0bd3b7f5d0aa38863bae901494ae\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.15~pre080323b-0etch1_mipsel.deb\n Size/MD5 checksum: 765954 dec06465580de9d6777110f111681df6\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.15~pre080323b-0etch1_mipsel.deb\n Size/MD5 checksum: 273808 d8048e010b2e3f4d8ac5f8566c59594c\n http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.15~pre080323b-0etch1_mipsel.deb\n Size/MD5 checksum: 784690 d5e82d07385de9c3d486ccdf0292db6d\n http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.15~pre080323b-0etch1_mipsel.deb\n Size/MD5 checksum: 5745222 3efa9fc25037a4f4747a1f2d9515476b\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.15~pre080323b-0etch1_powerpc.deb\n Size/MD5 checksum: 46906058 3e248440ae765c7ed64bf9dcc62bd5eb\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.15~pre080323b-0etch1_powerpc.deb\n Size/MD5 checksum: 348768 26c683a72ad08d4f7f6759ad43ccc7de\n http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.15~pre080323b-0etch1_powerpc.deb\n Size/MD5 checksum: 639430 6566ef1a600701d73d9bbfa61a5a46ed\n http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.15~pre080323b-0etch1_powerpc.deb\n Size/MD5 checksum: 52632 93cf2165ae5639afe615f43fb04ea13c\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.15~pre080323b-0etch1_powerpc.deb\n Size/MD5 checksum: 278018 c2ed2d505e3caab62b3ba4a2225d85e6\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.15~pre080323b-0etch1_powerpc.deb\n Size/MD5 checksum: 63986 5e0452a82a88dd1c0a9bd34faffbec6b\n http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.15~pre080323b-0etch1_powerpc.deb\n Size/MD5 checksum: 6101626 af82f05e648802c03a18dc5de96b5033\n http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.15~pre080323b-0etch1_powerpc.deb\n Size/MD5 checksum: 809428 1e80fe2da6becf2a15d971b22e404650\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.15~pre080323b-0etch1_powerpc.deb\n Size/MD5 checksum: 773254 95e411af4fc1b2e4426bc073d81e49ef\n http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.15~pre080323b-0etch1_powerpc.deb\n Size/MD5 checksum: 310316 c0bddab9d07772942034e5fddd5ad9e4\n http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.15~pre080323b-0etch1_powerpc.deb\n Size/MD5 checksum: 123254 9961833815143c8ce15cdb2e553edceb\n http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.15~pre080323b-0etch1_powerpc.deb\n Size/MD5 checksum: 147112 e4d0ad40cc109ae0cd14d92bd338f902\n http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.15~pre080323b-0etch1_powerpc.deb\n Size/MD5 checksum: 3207168 551666c0a866c3304d853d83e02dacd2\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.15~pre080323b-0etch1_s390.deb\n Size/MD5 checksum: 687758 757fa88a79dbae077be47e8bf1494a10\n http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.15~pre080323b-0etch1_s390.deb\n Size/MD5 checksum: 305978 19ae358d489bb7fc82bfb1ebd686626a\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.15~pre080323b-0etch1_s390.deb\n Size/MD5 checksum: 281708 2255e5dd1d696e337930a14588741739\n http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.15~pre080323b-0etch1_s390.deb\n Size/MD5 checksum: 898196 95922b0ea1711d700bf090eed5782eb0\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.15~pre080323b-0etch1_s390.deb\n Size/MD5 checksum: 755712 3589abdc1c72b80fa2480c359c436f23\n http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.15~pre080323b-0etch1_s390.deb\n Size/MD5 checksum: 3180612 f95a6db580e98f6b023ce13abd4a62ca\n http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.15~pre080323b-0etch1_s390.deb\n Size/MD5 checksum: 6807102 06d0aec7760683f47ddb47e3fb049a98\n http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.15~pre080323b-0etch1_s390.deb\n Size/MD5 checksum: 46039278 d9188f5282b60f333f1a2bafd0ad2867\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.15~pre080323b-0etch1_s390.deb\n Size/MD5 checksum: 68972 c80df62d2f503e5bee986f6aa9215a65\n http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.15~pre080323b-0etch1_s390.deb\n Size/MD5 checksum: 52866 8fcb54ef65fd1b95f1106662c66ebc88\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.15~pre080323b-0etch1_s390.deb\n Size/MD5 checksum: 371524 a417939e58bf7e005995da13b81b1c3c\n http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.15~pre080323b-0etch1_s390.deb\n Size/MD5 checksum: 159698 42ce7553a3bb90bd0cd5526cac51e82b\n http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.15~pre080323b-0etch1_s390.deb\n Size/MD5 checksum: 126174 c70ff0e986ef87352c609db8d38ee9a2\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.15~pre080323b-0etch1_sparc.deb\n Size/MD5 checksum: 322582 2c18a34bd799015fa0807021bed307be\n http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.15~pre080323b-0etch1_sparc.deb\n Size/MD5 checksum: 117932 7c43500e827c70d2d2bd0e701f3e9aca\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.15~pre080323b-0etch1_sparc.deb\n Size/MD5 checksum: 260210 5d629ece7be7fed2984404bad20c3c31\n http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.15~pre080323b-0etch1_sparc.deb\n Size/MD5 checksum: 718838 9f00574bc04a2a40cf34ad0abff46ad4\n http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.15~pre080323b-0etch1_sparc.deb\n Size/MD5 checksum: 585340 f47998d5f69b8e4cdab0fcb8fc43ff6e\n http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.15~pre080323b-0etch1_sparc.deb\n Size/MD5 checksum: 44751342 0c441a5d7f99f9ce0828ffe83f677282\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.15~pre080323b-0etch1_sparc.deb\n Size/MD5 checksum: 62272 cbb5218e8dd7697831759096450af93c\n http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.15~pre080323b-0etch1_sparc.deb\n Size/MD5 checksum: 283370 89f4d127c00856f5f03cdf526278953e\n http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.15~pre080323b-0etch1_sparc.deb\n Size/MD5 checksum: 50750 2a1c75692c21c72caafff2259fd96be6\n http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.15~pre080323b-0etch1_sparc.deb\n Size/MD5 checksum: 2853850 8a7b99a0dfed7669ebd669db8d5b01c9\n http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.15~pre080323b-0etch1_sparc.deb\n Size/MD5 checksum: 135910 99bc8823167b2a0657a52a25fbc2a609\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.15~pre080323b-0etch1_sparc.deb\n Size/MD5 checksum: 674772 5ef9d0792cdba9211452c75d1daf365b\n http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.15~pre080323b-0etch1_sparc.deb\n Size/MD5 checksum: 5681186 a9e27572a661821abad23967ac4d8543\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>", "cvss3": {}, "published": "2008-03-27T22:01:06", "type": "debian", "title": "[SECURITY] [DSA 1532-1] New xulrunner packages fix several vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-3738", "CVE-2007-4879", "CVE-2007-5338", "CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1236", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1240", "CVE-2008-1241"], "modified": "2008-03-27T22:01:06", "id": "DEBIAN:DSA-1532-1:C8439", "href": "https://lists.debian.org/debian-security-announce/2008/msg00100.html", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-03-17T14:30:19", "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-1534-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nMarch 28, 2008 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : iceape\nVulnerability : several\nProblem-Type : remote\nDebian-specific: no\nCVE ID : CVE-2007-4879 CVE-2008-1233 CVE-2008-1234 CVE-2008-1235\n CVE-2008-1236 CVE-2008-1237 CVE-2008-1238 CVE-2008-1240\n CVE-2008-1241\n\nSeveral remote vulnerabilities have been discovered in the Iceape internet\nsuite, an unbranded version of the Seamonkey Internet Suite. The Common\nVulnerabilities and Exposures project identifies the following problems:\n\nCVE-2007-4879\n\n Peter Brodersen and Alexander Klink discovered that the\n autoselection of SSL client certificates could lead to users\n being tracked, resulting in a loss of privacy.\n\nCVE-2008-1233\n\n "moz_bug_r_a4" discovered that variants of CVE-2007-3738 and\n CVE-2007-5338 allow the execution of arbitrary code through\n XPCNativeWrapper.\n\nCVE-2008-1234\n\n "moz_bug_r_a4" discovered that insecure handling of event\n handlers could lead to cross-site scripting.\n\nCVE-2008-1235\n \n Boris Zbarsky, Johnny Stenback, and "moz_bug_r_a4" discovered\n that incorrect principal handling can lead to cross-site\n scripting and the execution of arbitrary code.\n\nCVE-2008-1236\n\n Tom Ferris, Seth Spitzer, Martin Wargers, John Daggett and Mats\n Palmgren discovered crashes in the layout engine, which might\n allow the execution of arbitrary code.\n\nCVE-2008-1237\n\n "georgi", "tgirmann" and Igor Bukanov discovered crashes in the\n Javascript engine, which might allow the execution of arbitrary\n code.\n\nCVE-2008-1238\n\n Gregory Fleischer discovered that HTTP Referrer headers were\n handled incorrectly in combination with URLs containing Basic\n Authentication credentials with empty usernames, resulting\n in potential Cross-Site Request Forgery attacks.\n\nCVE-2008-1240\n\n Gregory Fleischer discovered that web content fetched through\n the jar: protocol can use Java to connect to arbitrary ports.\n This is only an issue in combination with the non-free Java\n plugin.\n\nCVE-2008-1241\n\n Chris Thomas discovered that background tabs could generate\n XUL popups overlaying the current tab, resulting in potential\n spoofing attacks.\n\nFor the stable distribution (etch), these problems have been fixed in\nversion 1.0.13~pre080323b-0etch1.\n\nThe Mozilla products of the old stable distribution (sarge) are no\nlonger supported.\n\nWe recommend that you upgrade your iceape packages.\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\nDebian 4.0 (stable)\n- -------------------\n\nStable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/i/iceape/iceape_1.0.13~pre080323b-0etch1.dsc\n Size/MD5 checksum: 1439 bbddb3a4298f074ef44d28726cb899a7\n http://security.debian.org/pool/updates/main/i/iceape/iceape_1.0.13~pre080323b-0etch1.diff.gz\n Size/MD5 checksum: 270153 f1f5729e8f0ae75037263ce466411f93\n http://security.debian.org/pool/updates/main/i/iceape/iceape_1.0.13~pre080323b.orig.tar.gz\n Size/MD5 checksum: 42900009 f2a3c50d814f6e7015f779b10494fac8\n\nArchitecture independent packages:\n\n http://security.debian.org/pool/updates/main/i/iceape/mozilla-calendar_1.8+1.0.13~pre080323b-0etch1_all.deb\n Size/MD5 checksum: 27452 67eb8b78d13a177e8060ba1010f3aba5\n http://security.debian.org/pool/updates/main/i/iceape/mozilla-browser_1.8+1.0.13~pre080323b-0etch1_all.deb\n Size/MD5 checksum: 28426 1cfeb741553c331bf3a05d3d615ed45e\n http://security.debian.org/pool/updates/main/i/iceape/mozilla-dev_1.8+1.0.13~pre080323b-0etch1_all.deb\n Size/MD5 checksum: 27584 fbc1fd43eda2b6a1e013d6500f2a4251\n http://security.debian.org/pool/updates/main/i/iceape/mozilla-mailnews_1.8+1.0.13~pre080323b-0etch1_all.deb\n Size/MD5 checksum: 27472 07d0092d76d3b0e20b4abdb7bfda5cb9\n http://security.debian.org/pool/updates/main/i/iceape/iceape_1.0.13~pre080323b-0etch1_all.deb\n Size/MD5 checksum: 28852 bfae5642743dbbec8d2ff16aa33210a2\n http://security.debian.org/pool/updates/main/i/iceape/mozilla-chatzilla_1.8+1.0.13~pre080323b-0etch1_all.deb\n Size/MD5 checksum: 27466 593903e4433b310299117247b834b7b6\n http://security.debian.org/pool/updates/main/i/iceape/iceape-dev_1.0.13~pre080323b-0etch1_all.deb\n Size/MD5 checksum: 3928454 ee73849da0e9a4399c5a3e4050a84c6d\n http://security.debian.org/pool/updates/main/i/iceape/mozilla_1.8+1.0.13~pre080323b-0etch1_all.deb\n Size/MD5 checksum: 27440 fb68ab7bd171309832a5cea94634709d\n http://security.debian.org/pool/updates/main/i/iceape/mozilla-dom-inspector_1.8+1.0.13~pre080323b-0etch1_all.deb\n Size/MD5 checksum: 27488 281d7a31a496908717da53d533cc92c8\n http://security.debian.org/pool/updates/main/i/iceape/mozilla-js-debugger_1.8+1.0.13~pre080323b-0etch1_all.deb\n Size/MD5 checksum: 27488 fab5cb4acfcd6eb254f2d75c260b7f19\n http://security.debian.org/pool/updates/main/i/iceape/iceape-chatzilla_1.0.13~pre080323b-0etch1_all.deb\n Size/MD5 checksum: 282162 2801947ecfc25f4e5f442a04f84f748e\n http://security.debian.org/pool/updates/main/i/iceape/mozilla-psm_1.8+1.0.13~pre080323b-0etch1_all.deb\n Size/MD5 checksum: 27456 11a309344c4747e73c22c241437cbaa5\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.13~pre080323b-0etch1_alpha.deb\n Size/MD5 checksum: 12888480 7921f3f3e15968908ed4e5fbd56aab8d\n http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.13~pre080323b-0etch1_alpha.deb\n Size/MD5 checksum: 626308 0053fb055c3ee9d03245374ebd4f0f8e\n http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.13~pre080323b-0etch1_alpha.deb\n Size/MD5 checksum: 198042 22c7d5ffd0b357f79f751a4bd037ff90\n http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.13~pre080323b-0etch1_alpha.deb\n Size/MD5 checksum: 60661454 be0eafd95ec914846264becfce3352f1\n http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.13~pre080323b-0etch1_alpha.deb\n Size/MD5 checksum: 54236 06a465db7cfcd7b822d0fbc3eeb9dbe8\n http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.13~pre080323b-0etch1_alpha.deb\n Size/MD5 checksum: 2283086 90f46111bb978c369b686cf8ac6b7601\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.13~pre080323b-0etch1_amd64.deb\n Size/MD5 checksum: 2099810 07b28b205c7eefc3a3877ea97b196e2f\n http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.13~pre080323b-0etch1_amd64.deb\n Size/MD5 checksum: 11691952 177221b9335ee60a5714358026c42415\n http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.13~pre080323b-0etch1_amd64.deb\n Size/MD5 checksum: 53616 77e7d16213280b74557a8e6b382b9a2e\n http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.13~pre080323b-0etch1_amd64.deb\n Size/MD5 checksum: 614092 f2cbc1715ac37d18f88bc4f55f6aaec1\n http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.13~pre080323b-0etch1_amd64.deb\n Size/MD5 checksum: 195316 63ab323bcf8f343375e15e771e81ab0a\n http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.13~pre080323b-0etch1_amd64.deb\n Size/MD5 checksum: 59662720 f39cbc78e542cb0b1cbee1c41bd270a2\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.13~pre080323b-0etch1_i386.deb\n Size/MD5 checksum: 48682 3f6be3fa9e4faf9b33ace249b3cae873\n http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.13~pre080323b-0etch1_i386.deb\n Size/MD5 checksum: 1891680 7d060689b282d8338075d41e1b74edfa\n http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.13~pre080323b-0etch1_i386.deb\n Size/MD5 checksum: 10480134 a454aa4169bdc8c33055acc1d1c84e31\n http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.13~pre080323b-0etch1_i386.deb\n Size/MD5 checksum: 589222 21928b5b2d70379970a3fac0dc6a06e4\n http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.13~pre080323b-0etch1_i386.deb\n Size/MD5 checksum: 190034 a955b664d5c5a04831bbd0504ce0f661\n http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.13~pre080323b-0etch1_i386.deb\n Size/MD5 checksum: 58740636 520dac74cff1a3ca6f9bfa4dfe20a9a2\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.13~pre080323b-0etch1_ia64.deb\n Size/MD5 checksum: 2817286 5e9c004f5c549d7f9d97f973d64a1ea0\n http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.13~pre080323b-0etch1_ia64.deb\n Size/MD5 checksum: 59919906 79ff779faed87a05338b396966a9dc4e\n http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.13~pre080323b-0etch1_ia64.deb\n Size/MD5 checksum: 62136 e48897dfff4fb298733ff2a95e1a1087\n http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.13~pre080323b-0etch1_ia64.deb\n Size/MD5 checksum: 662110 f2e7e73357eb4b997aecef7055c3f33f\n http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.13~pre080323b-0etch1_ia64.deb\n Size/MD5 checksum: 15794020 7f278b9e166a936a7910bf3756b14a74\n http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.13~pre080323b-0etch1_ia64.deb\n Size/MD5 checksum: 204956 9995011c479f89d6bc30340f9c12cefa\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.13~pre080323b-0etch1_mips.deb\n Size/MD5 checksum: 599712 25733a7076ffa75701fc5b602ac18109\n http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.13~pre080323b-0etch1_mips.deb\n Size/MD5 checksum: 50154 509c15bc0ec88ee22fdd6f808a7a28cc\n http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.13~pre080323b-0etch1_mips.deb\n Size/MD5 checksum: 1959486 7c51ab276c725e6973fc7184c99384b2\n http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.13~pre080323b-0etch1_mips.deb\n Size/MD5 checksum: 11157502 d6a4e81674b7a779d55beda2eadec238\n http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.13~pre080323b-0etch1_mips.deb\n Size/MD5 checksum: 61513330 70f6d19279890154f0fce90f55ba205f\n http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.13~pre080323b-0etch1_mips.deb\n Size/MD5 checksum: 191252 86cbc31711645f2fc0c8c9dbebcb750f\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.13~pre080323b-0etch1_mipsel.deb\n Size/MD5 checksum: 191486 4c713676077a8ed9757d4ba26ec6dda0\n http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.13~pre080323b-0etch1_mipsel.deb\n Size/MD5 checksum: 10910618 39f5b0ba8e2820b9d4e04423c39afe23\n http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.13~pre080323b-0etch1_mipsel.deb\n Size/MD5 checksum: 596164 cf1651c09d984cf9748eed698d28f4d1\n http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.13~pre080323b-0etch1_mipsel.deb\n Size/MD5 checksum: 49998 6859bf75d6d84d40f52fab864dfc0c86\n http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.13~pre080323b-0etch1_mipsel.deb\n Size/MD5 checksum: 59864430 875cb3f035a468c7a798baeb43aeae56\n http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.13~pre080323b-0etch1_mipsel.deb\n Size/MD5 checksum: 1942462 d8b585c728d1c3c79794340ab36f149d\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.13~pre080323b-0etch1_powerpc.deb\n Size/MD5 checksum: 2006632 cb5d4644f988da299d5d2981d65624e3\n http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.13~pre080323b-0etch1_powerpc.deb\n Size/MD5 checksum: 596412 20b7d022fc264028ff3bd98f0880c0a8\n http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.13~pre080323b-0etch1_powerpc.deb\n Size/MD5 checksum: 192266 ccc58d21f227b6f76418a02dae9ee465\n http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.13~pre080323b-0etch1_powerpc.deb\n Size/MD5 checksum: 61653568 4573fd2de80ddb97b43e59b43c03c21b\n http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.13~pre080323b-0etch1_powerpc.deb\n Size/MD5 checksum: 49458 6ab4067f7480066a0ba9dafb50c10634\n http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.13~pre080323b-0etch1_powerpc.deb\n Size/MD5 checksum: 11310320 2583312ad8822789d7e1331168ba85be\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.13~pre080323b-0etch1_s390.deb\n Size/MD5 checksum: 60408236 61255bd3e79604b8a7e969001328f838\n http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.13~pre080323b-0etch1_s390.deb\n Size/MD5 checksum: 12287744 9d77ab82ad6113e433f7326ad356780f\n http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.13~pre080323b-0etch1_s390.deb\n Size/MD5 checksum: 197132 f93d1c741a8a63303fc89ae76aeaa869\n http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.13~pre080323b-0etch1_s390.deb\n Size/MD5 checksum: 611904 6a7bdbee38806943338ad71a5eb4bdc0\n http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.13~pre080323b-0etch1_s390.deb\n Size/MD5 checksum: 54206 0a4ed8eb13c620548650bd3cd92f1637\n http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.13~pre080323b-0etch1_s390.deb\n Size/MD5 checksum: 2186016 fcfd0fd599884e1415f03ddbc29bb3ae\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.13~pre080323b-0etch1_sparc.deb\n Size/MD5 checksum: 189920 534d2f5cc56549b87576e038114466c4\n http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.13~pre080323b-0etch1_sparc.deb\n Size/MD5 checksum: 48260 c9be9a7854ea7876c89048f0cc0b0a00\n http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.13~pre080323b-0etch1_sparc.deb\n Size/MD5 checksum: 58546302 19a562c621f0347ec994a95e51244014\n http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.13~pre080323b-0etch1_sparc.deb\n Size/MD5 checksum: 585528 78f5742b546957c8e2b405186cb6e202\n http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.13~pre080323b-0etch1_sparc.deb\n Size/MD5 checksum: 1896246 b21c759518c193e4bc8956d96fa5e9af\n http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.13~pre080323b-0etch1_sparc.deb\n Size/MD5 checksum: 10659660 d2c72f953bcdd7a11f62a0adaa91246e\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>", "cvss3": {}, "published": "2008-03-28T13:48:02", "type": "debian", "title": "[SECURITY] [DSA 1534-1] New iceape packages fix several vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-3738", "CVE-2007-4879", "CVE-2007-5338", "CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1236", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1240", "CVE-2008-1241"], "modified": "2008-03-28T13:48:02", "id": "DEBIAN:DSA-1534-1:C0870", "href": "https://lists.debian.org/debian-security-announce/2008/msg00102.html", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-10-22T01:35:57", "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-1534-2 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nApril 24, 2008 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : iceape\nVulnerability : several\nProblem-Type : remote\nDebian-specific: no\nCVE ID : CVE-2007-4879 CVE-2008-1233 CVE-2008-1234 CVE-2008-1235\n CVE-2008-1236 CVE-2008-1237 CVE-2008-1238 CVE-2008-1240\n CVE-2008-1241\n\nA regression in mailnews handling has been fixed. For reference the\noriginal advisory text below:\n\nSeveral remote vulnerabilities have been discovered in the Iceape internet\nsuite, an unbranded version of the Seamonkey Internet Suite. The Common\nVulnerabilities and Exposures project identifies the following problems:\n\nCVE-2007-4879\n\n Peter Brodersen and Alexander Klink discovered that the\n autoselection of SSL client certificates could lead to users\n being tracked, resulting in a loss of privacy.\n\nCVE-2008-1233\n\n "moz_bug_r_a4" discovered that variants of CVE-2007-3738 and\n CVE-2007-5338 allow the execution of arbitrary code through\n XPCNativeWrapper.\n\nCVE-2008-1234\n\n "moz_bug_r_a4" discovered that insecure handling of event\n handlers could lead to cross-site scripting.\n\nCVE-2008-1235\n \n Boris Zbarsky, Johnny Stenback, and "moz_bug_r_a4" discovered\n that incorrect principal handling can lead to cross-site\n scripting and the execution of arbitrary code.\n\nCVE-2008-1236\n\n Tom Ferris, Seth Spitzer, Martin Wargers, John Daggett and Mats\n Palmgren discovered crashes in the layout engine, which might\n allow the execution of arbitrary code.\n\nCVE-2008-1237\n\n "georgi", "tgirmann" and Igor Bukanov discovered crashes in the\n Javascript engine, which might allow the execution of arbitrary\n code.\n\nCVE-2008-1238\n\n Gregory Fleischer discovered that HTTP Referrer headers were\n handled incorrectly in combination with URLs containing Basic\n Authentication credentials with empty usernames, resulting\n in potential Cross-Site Request Forgery attacks.\n\nCVE-2008-1240\n\n Gregory Fleischer discovered that web content fetched through\n the jar: protocol can use Java to connect to arbitrary ports.\n This is only an issue in combination with the non-free Java\n plugin.\n\nCVE-2008-1241\n\n Chris Thomas discovered that background tabs could generate\n XUL popups overlaying the current tab, resulting in potential\n spoofing attacks.\n\nFor the stable distribution (etch), these problems have been fixed in\nversion 1.0.13~pre080323b-0etch2.\n\nWe recommend that you upgrade your iceape packages.\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\nDebian 4.0 (stable)\n- -------------------\n\nStable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/i/iceape/iceape_1.0.13~pre080323b-0etch2.diff.gz\n Size/MD5 checksum: 270431 fc94cccf043f45b5bd2f1ea2d6b9b225\n http://security.debian.org/pool/updates/main/i/iceape/iceape_1.0.13~pre080323b-0etch2.dsc\n Size/MD5 checksum: 1439 3a1c421b0d61223760b7724dcf7ff6d9\n http://security.debian.org/pool/updates/main/i/iceape/iceape_1.0.13~pre080323b.orig.tar.gz\n Size/MD5 checksum: 42900009 f2a3c50d814f6e7015f779b10494fac8\n\nArchitecture independent packages:\n\n http://security.debian.org/pool/updates/main/i/iceape/mozilla-browser_1.8+1.0.13~pre080323b-0etch2_all.deb\n Size/MD5 checksum: 28532 87c74c4e89522054101318d3a6aaaef9\n http://security.debian.org/pool/updates/main/i/iceape/mozilla-js-debugger_1.8+1.0.13~pre080323b-0etch2_all.deb\n Size/MD5 checksum: 27594 5795424a813f6d765400d27852161904\n http://security.debian.org/pool/updates/main/i/iceape/mozilla-psm_1.8+1.0.13~pre080323b-0etch2_all.deb\n Size/MD5 checksum: 27568 7b63ae9c6c56a43ae9db63e2f4c0ff85\n http://security.debian.org/pool/updates/main/i/iceape/mozilla-chatzilla_1.8+1.0.13~pre080323b-0etch2_all.deb\n Size/MD5 checksum: 27576 a3cb70fb2e4811959f447c35effd3dcc\n http://security.debian.org/pool/updates/main/i/iceape/iceape-dev_1.0.13~pre080323b-0etch2_all.deb\n Size/MD5 checksum: 3928614 14cc24bbe9b509d69db0a20ccc1de079\n http://security.debian.org/pool/updates/main/i/iceape/mozilla-calendar_1.8+1.0.13~pre080323b-0etch2_all.deb\n Size/MD5 checksum: 27558 bde53046463a722d1831cb45a59bb3cf\n http://security.debian.org/pool/updates/main/i/iceape/mozilla_1.8+1.0.13~pre080323b-0etch2_all.deb\n Size/MD5 checksum: 27560 62b1ef313aa14596c934a8121eb412c2\n http://security.debian.org/pool/updates/main/i/iceape/iceape-chatzilla_1.0.13~pre080323b-0etch2_all.deb\n Size/MD5 checksum: 282312 6df637681e0a66b1bf68833b347b2124\n http://security.debian.org/pool/updates/main/i/iceape/iceape_1.0.13~pre080323b-0etch2_all.deb\n Size/MD5 checksum: 28966 549dc26dd898c58013aeb624098d5db1\n http://security.debian.org/pool/updates/main/i/iceape/mozilla-mailnews_1.8+1.0.13~pre080323b-0etch2_all.deb\n Size/MD5 checksum: 27582 9c5919265f60ed5ba60075bc9b5102dc\n http://security.debian.org/pool/updates/main/i/iceape/mozilla-dom-inspector_1.8+1.0.13~pre080323b-0etch2_all.deb\n Size/MD5 checksum: 27596 9aa97c6c5f94155ec3e8d36c2414fd1d\n http://security.debian.org/pool/updates/main/i/iceape/mozilla-dev_1.8+1.0.13~pre080323b-0etch2_all.deb\n Size/MD5 checksum: 27694 c2a812caa94a72724bb98ec8cfc93249\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.13~pre080323b-0etch2_alpha.deb\n Size/MD5 checksum: 12886108 2d9a38d95503842a3832aed859f0f80a\n http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.13~pre080323b-0etch2_alpha.deb\n Size/MD5 checksum: 2281642 791f3a80ebdb173c2f9d0ff152f976c9\n http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.13~pre080323b-0etch2_alpha.deb\n Size/MD5 checksum: 627482 5729fa2e2f72dfa803e37a99b461417b\n http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.13~pre080323b-0etch2_alpha.deb\n Size/MD5 checksum: 54972 11524f4ed3875809260eac9a6c0325a0\n http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.13~pre080323b-0etch2_alpha.deb\n Size/MD5 checksum: 60658744 e56cb39f56de70aaf7a201b0e13d309a\n http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.13~pre080323b-0etch2_alpha.deb\n Size/MD5 checksum: 199028 8d154e497acf9e7796390f2b1c1501dd\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.13~pre080323b-0etch2_amd64.deb\n Size/MD5 checksum: 59663026 37829add13c621e391eb2c6c9e047ca7\n http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.13~pre080323b-0etch2_amd64.deb\n Size/MD5 checksum: 2099876 895840b306a190900c44dc4088961c50\n http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.13~pre080323b-0etch2_amd64.deb\n Size/MD5 checksum: 11692150 69a227342b3e5d563a716149eadfc7ca\n http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.13~pre080323b-0etch2_amd64.deb\n Size/MD5 checksum: 53740 d716f72d98622c3c97a679705426c2d5\n http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.13~pre080323b-0etch2_amd64.deb\n Size/MD5 checksum: 195436 c5838a1fcb25f0588abed9da193c06ce\n http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.13~pre080323b-0etch2_amd64.deb\n Size/MD5 checksum: 614236 0483f95d4be4d1a5b359a3864bc466f4\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.13~pre080323b-0etch2_arm.deb\n Size/MD5 checksum: 586622 65a7a73dc018e2c1c77c26a412510e7d\n http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.13~pre080323b-0etch2_arm.deb\n Size/MD5 checksum: 58798986 33ad7943133f5f00672dcdeaa245f057\n http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.13~pre080323b-0etch2_arm.deb\n Size/MD5 checksum: 10426214 24dbab44f5ab57bccd1a0bfbb0f17680\n http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.13~pre080323b-0etch2_arm.deb\n Size/MD5 checksum: 187090 57015ccb41fa214c46cd79b696d14198\n http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.13~pre080323b-0etch2_arm.deb\n Size/MD5 checksum: 47796 e0c6b965e643018af3abb27d41a01c38\n http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.13~pre080323b-0etch2_arm.deb\n Size/MD5 checksum: 1916922 36584dddf43f46a70412fe794991d07e\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.13~pre080323b-0etch2_hppa.deb\n Size/MD5 checksum: 55158 0f80d4449589b0b77c8ef469ed9c2102\n http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.13~pre080323b-0etch2_hppa.deb\n Size/MD5 checksum: 619606 4ac9462c322063202406f20eb08b6adb\n http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.13~pre080323b-0etch2_hppa.deb\n Size/MD5 checksum: 198562 7dcaaf89e91e427acefa886275f2606c\n http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.13~pre080323b-0etch2_hppa.deb\n Size/MD5 checksum: 12991842 40dbc4f08611a986d30c358b4c442cab\n http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.13~pre080323b-0etch2_hppa.deb\n Size/MD5 checksum: 2349778 0400cc18d7078e6a5c9d675cc5ec935d\n http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.13~pre080323b-0etch2_hppa.deb\n Size/MD5 checksum: 60520824 a501cd292183eb7a909cdc481302cc9d\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.13~pre080323b-0etch2_i386.deb\n Size/MD5 checksum: 1891942 8b55f7fffc8dda99a78c8deb587b3601\n http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.13~pre080323b-0etch2_i386.deb\n Size/MD5 checksum: 48796 920f9ba79b92a527149a3f8e3ca9e80f\n http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.13~pre080323b-0etch2_i386.deb\n Size/MD5 checksum: 58740626 87ac20b038ce496fe0dec8fc78f8fb66\n http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.13~pre080323b-0etch2_i386.deb\n Size/MD5 checksum: 190146 7d2da0e3a0a4291f5a78da36e4d91758\n http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.13~pre080323b-0etch2_i386.deb\n Size/MD5 checksum: 589368 c07d98219b6c237b4ecdc8cc24dde349\n http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.13~pre080323b-0etch2_i386.deb\n Size/MD5 checksum: 10480450 b302009b8337411c5b1cc59a394249a9\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.13~pre080323b-0etch2_ia64.deb\n Size/MD5 checksum: 62286 ae7ef14b5c6bc27032715154c3b830d1\n http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.13~pre080323b-0etch2_ia64.deb\n Size/MD5 checksum: 205078 7ffa6a5b770b336fe224c9c659e22236\n http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.13~pre080323b-0etch2_ia64.deb\n Size/MD5 checksum: 2817294 c1330dea34afd59505ba68496dfc9de0\n http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.13~pre080323b-0etch2_ia64.deb\n Size/MD5 checksum: 59920064 1e9f504516f7e024e3aa7df03b7859c4\n http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.13~pre080323b-0etch2_ia64.deb\n Size/MD5 checksum: 15794360 5a0009de6fe96fd8745b6d1da4f57512\n http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.13~pre080323b-0etch2_ia64.deb\n Size/MD5 checksum: 662296 a147dba65a655f2ffc4bc2dba80d062a\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.13~pre080323b-0etch2_mips.deb\n Size/MD5 checksum: 11157426 2894d4aa411f541d24321e7cfc8c40dc\n http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.13~pre080323b-0etch2_mips.deb\n Size/MD5 checksum: 1959586 8245d1d89e210dc64822059177c60935\n http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.13~pre080323b-0etch2_mips.deb\n Size/MD5 checksum: 191382 993aa97774959191af28842e469ee122\n http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.13~pre080323b-0etch2_mips.deb\n Size/MD5 checksum: 50272 71182383f85762af687451ac3ef38824\n http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.13~pre080323b-0etch2_mips.deb\n Size/MD5 checksum: 599816 32d92af3b4068d460b27aea4a2941ef5\n http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.13~pre080323b-0etch2_mips.deb\n Size/MD5 checksum: 61513408 ddaa38162de39210cf0372b66d277afd\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.13~pre080323b-0etch2_mipsel.deb\n Size/MD5 checksum: 10910758 dc4b71d0b3b3877411f1d6434152ae60\n http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.13~pre080323b-0etch2_mipsel.deb\n Size/MD5 checksum: 191610 9829f7d8bf6d3057b575f44f2e42d7ba\n http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.13~pre080323b-0etch2_mipsel.deb\n Size/MD5 checksum: 596352 1fbd24b1af0f0a8f09fa6caabd05f9d1\n http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.13~pre080323b-0etch2_mipsel.deb\n Size/MD5 checksum: 50114 5321e20192aba965da843116d5198a81\n http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.13~pre080323b-0etch2_mipsel.deb\n Size/MD5 checksum: 59864402 a591a34d73e69d6f8ba4985f7398cb60\n http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.13~pre080323b-0etch2_mipsel.deb\n Size/MD5 checksum: 1942674 7e8584f9c790ab330d760e0589a8a657\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.13~pre080323b-0etch2_powerpc.deb\n Size/MD5 checksum: 596578 8ca91ddc369b7c2ef83d0cd1596cd644\n http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.13~pre080323b-0etch2_powerpc.deb\n Size/MD5 checksum: 192394 87211ca1331a30d20a2c899ce647cfc2\n http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.13~pre080323b-0etch2_powerpc.deb\n Size/MD5 checksum: 49580 f483e34bfbe4f072ba48fe4467c6d9eb\n http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.13~pre080323b-0etch2_powerpc.deb\n Size/MD5 checksum: 2006802 cd1f36cb35b56996ed18ccc2bce77769\n http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.13~pre080323b-0etch2_powerpc.deb\n Size/MD5 checksum: 61653704 d6a8402134109d8aa8d086f5a014e180\n http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.13~pre080323b-0etch2_powerpc.deb\n Size/MD5 checksum: 11310660 d7775c0b98494daec085df09bdbc87c8\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.13~pre080323b-0etch2_s390.deb\n Size/MD5 checksum: 197250 556af0df979862515c7a58f9b823cec7\n http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.13~pre080323b-0etch2_s390.deb\n Size/MD5 checksum: 54332 ef3f1234a167fa3056075501d4ab7ccb\n http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.13~pre080323b-0etch2_s390.deb\n Size/MD5 checksum: 612090 5b6a56753f5a39caa9336a9dd5e6f67c\n http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.13~pre080323b-0etch2_s390.deb\n Size/MD5 checksum: 2186154 c106802c2fbf29e99beb440ade898d06\n http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.13~pre080323b-0etch2_s390.deb\n Size/MD5 checksum: 60408796 7169c59d6b3ea8758e6ca752a44b537d\n http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.13~pre080323b-0etch2_s390.deb\n Size/MD5 checksum: 12288118 e54834b616bba85af29add06b7c18be7\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.13~pre080323b-0etch2_sparc.deb\n Size/MD5 checksum: 585692 caea96e57a9283b7978ad15fcc6a378c\n http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.13~pre080323b-0etch2_sparc.deb\n Size/MD5 checksum: 1896400 609528b7ee5eb3ca761853daf8a5f619\n http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.13~pre080323b-0etch2_sparc.deb\n Size/MD5 checksum: 10659906 27159c6c7c281cbf50e8b6f8bcb9164a\n http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.13~pre080323b-0etch2_sparc.deb\n Size/MD5 checksum: 58546410 4d394093ea9de39766982f3047fd3f9b\n http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.13~pre080323b-0etch2_sparc.deb\n Size/MD5 checksum: 190044 f0a2981d7f48f1c8e3cec1fb9b9ec6ed\n http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.13~pre080323b-0etch2_sparc.deb\n Size/MD5 checksum: 48396 ad3f586fd1c9f3239fa1a587fcc1603e\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>", "cvss3": {}, "published": "2008-04-24T21:02:40", "type": "debian", "title": "[SECURITY] [DSA 1534-2] New iceape packages fix regression", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-3738", "CVE-2007-4879", "CVE-2007-5338", "CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1236", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1240", "CVE-2008-1241"], "modified": "2008-04-24T21:02:40", "id": "DEBIAN:DSA-1534-2:56C6B", "href": "https://lists.debian.org/debian-security-announce/2008/msg00129.html", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-03-26T15:59:00", "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-1535-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nMarch 30, 2008 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : iceweasel\nVulnerability : several\nProblem-Type : remote\nDebian-specific: no\nCVE ID : CVE-2007-4879 CVE-2008-1233 CVE-2008-1234 CVE-2008-1235\n CVE-2008-1236 CVE-2008-1237 CVE-2008-1238 CVE-2008-1240\n CVE-2008-1241\n\nSeveral remote vulnerabilities have been discovered in the Iceweasel\nweb browser, an unbranded version of the Firefox browser. The Common\nVulnerabilities and Exposures project identifies the following\nproblems:\n\nCVE-2007-4879\n\n Peter Brodersen and Alexander Klink discovered that the\n autoselection of SSL client certificates could lead to users\n being tracked, resulting in a loss of privacy.\n\nCVE-2008-1233\n\n "moz_bug_r_a4" discovered that variants of CVE-2007-3738 and\n CVE-2007-5338 allow the execution of arbitrary code through\n XPCNativeWrapper.\n\nCVE-2008-1234\n\n "moz_bug_r_a4" discovered that insecure handling of event\n handlers could lead to cross-site scripting.\n\nCVE-2008-1235\n \n Boris Zbarsky, Johnny Stenback, and "moz_bug_r_a4" discovered\n that incorrect principal handling can lead to cross-site\n scripting and the execution of arbitrary code.\n\nCVE-2008-1236\n\n Tom Ferris, Seth Spitzer, Martin Wargers, John Daggett and Mats\n Palmgren discovered crashes in the layout engine, which might\n allow the execution of arbitrary code.\n\nCVE-2008-1237\n\n "georgi", "tgirmann" and Igor Bukanov discovered crashes in the\n Javascript engine, which might allow the execution of arbitrary\n code.\n\nCVE-2008-1238\n\n Gregory Fleischer discovered that HTTP Referrer headers were\n handled incorrectly in combination with URLs containing Basic\n Authentication credentials with empty usernames, resulting\n in potential Cross-Site Request Forgery attacks.\n\nCVE-2008-1240\n\n Gregory Fleischer discovered that web content fetched through\n the jar: protocol can use Java to connect to arbitrary ports.\n This is only an issue in combination with the non-free Java\n plugin.\n\nCVE-2008-1241\n\n Chris Thomas discovered that background tabs could generate\n XUL popups overlaying the current tab, resulting in potential\n spoofing attacks.\n\nFor the stable distribution (etch), these problems have been fixed in\nversion 2.0.0.13-0etch1.\n\nThe Mozilla products from the old stable distribution (sarge) are no\nlonger supported.\n\nWe recommend that you upgrade your iceweasel packages.\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian 4.0 (stable)\n- -------------------\n\nStable updates are available for amd64, arm, 386, ia64, mips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.13-0etch1.diff.gz\n Size/MD5 checksum: 186301 53f3006d2e0e33c5c3b9b2e5455dceda\n http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.13-0etch1.dsc\n Size/MD5 checksum: 1289 4cae6173a998d828c2482342990d278a\n http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.13.orig.tar.gz\n Size/MD5 checksum: 43550925 d9581b7ecfadc75faab6745b27f153fb\n\nArchitecture independent packages:\n\n http://security.debian.org/pool/updates/main/i/iceweasel/mozilla-firefox-dom-inspector_2.0.0.13-0etch1_all.deb\n Size/MD5 checksum: 54124 1c174b651e317df30e5fdeba88d0ec55\n http://security.debian.org/pool/updates/main/i/iceweasel/firefox_2.0.0.13-0etch1_all.deb\n Size/MD5 checksum: 54384 5edb0209f67852029483cbcba18f5c92\n http://security.debian.org/pool/updates/main/i/iceweasel/firefox-dom-inspector_2.0.0.13-0etch1_all.deb\n Size/MD5 checksum: 54274 7b8c2847eccc00fe3fd8b867e9d71acf\n http://security.debian.org/pool/updates/main/i/iceweasel/firefox-gnome-support_2.0.0.13-0etch1_all.deb\n Size/MD5 checksum: 54242 92384349e31851e1b0119552cb07f44d\n http://security.debian.org/pool/updates/main/i/iceweasel/mozilla-firefox-gnome-support_2.0.0.13-0etch1_all.deb\n Size/MD5 checksum: 54124 45d17d43f0b99aeb176375edd4c75d76\n http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dom-inspector_2.0.0.13-0etch1_all.deb\n Size/MD5 checksum: 239444 393dcf03f5b94cf95be68525b89492bf\n http://security.debian.org/pool/updates/main/i/iceweasel/mozilla-firefox_2.0.0.13-0etch1_all.deb\n Size/MD5 checksum: 54914 6540e2954f40e3bc63bf74bc4fd8b674\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.13-0etch1_amd64.deb\n Size/MD5 checksum: 10194518 754786f9c4fdc37b85cf89834e9cbdb5\n http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.13-0etch1_amd64.deb\n Size/MD5 checksum: 50099150 ca0f49a7edcb77cbdd7cad9f6d0ea069\n http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.13-0etch1_amd64.deb\n Size/MD5 checksum: 87670 338c9a70618805a6ffb822269101b044\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.13-0etch1_arm.deb\n Size/MD5 checksum: 9243714 c57fc912cd587993569f30cca27ece6c\n http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.13-0etch1_arm.deb\n Size/MD5 checksum: 49186638 1574200afef731f356faf15092f2721a\n http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.13-0etch1_arm.deb\n Size/MD5 checksum: 81406 c80e04d7cb727b3cdb2144819bf7f028\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.13-0etch1_i386.deb\n Size/MD5 checksum: 81770 8b584c2e16fc0eb7bd8c11d27a68f8e5\n http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.13-0etch1_i386.deb\n Size/MD5 checksum: 9107570 8ac43d77b6449acbecd281b1e5f2e9ac\n http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.13-0etch1_i386.deb\n Size/MD5 checksum: 49495882 81830f6ad26fa886669d90b887433e77\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.13-0etch1_ia64.deb\n Size/MD5 checksum: 99988 d28403a679b81194e3f65e1b1cec1220\n http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.13-0etch1_ia64.deb\n Size/MD5 checksum: 50453990 eb2fc53f839647fb1584012b126b661b\n http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.13-0etch1_ia64.deb\n Size/MD5 checksum: 14130102 d8e18be59e8d5c800e606ae69708f124\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.13-0etch1_mips.deb\n Size/MD5 checksum: 53881214 78264349841c07851ae9077e12506456\n http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.13-0etch1_mips.deb\n Size/MD5 checksum: 11049744 2b030d2cfc9cc25127a83a27a3acb180\n http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.13-0etch1_mips.deb\n Size/MD5 checksum: 82892 413e9bbb536e91cb9374bc7660034f43\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.13-0etch1_mipsel.deb\n Size/MD5 checksum: 10750920 c4f9f270a9dc3bb9a4c7fb653672ca61\n http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.13-0etch1_mipsel.deb\n Size/MD5 checksum: 52448404 2adcb659d1f1eacbe089e6ecf5c1a577\n http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.13-0etch1_mipsel.deb\n Size/MD5 checksum: 82932 cf40c0bddc35bbcc0ad25bdd5b75cc70\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.13-0etch1_powerpc.deb\n Size/MD5 checksum: 51896022 22d862ee8df86400f7cf1e92fcbe8299\n http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.13-0etch1_powerpc.deb\n Size/MD5 checksum: 83486 3cfbd6d6e50cba5ee0f9f2a64c582bbb\n http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.13-0etch1_powerpc.deb\n Size/MD5 checksum: 9925618 b0790a2eaa530ae0c14cf3e4e087c156\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.13-0etch1_s390.deb\n Size/MD5 checksum: 87860 6cf8c562ea26ef6b4966990380d0dbaa\n http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.13-0etch1_s390.deb\n Size/MD5 checksum: 10344926 36b3aa8464d05e8f62c7526df1edb90d\n http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.13-0etch1_s390.deb\n Size/MD5 checksum: 50768124 95d62e4679469eda4932f22ef004e3e1\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.13-0etch1_sparc.deb\n Size/MD5 checksum: 81614 4c1326aaae9821365b4baab2c692e5f0\n http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.13-0etch1_sparc.deb\n Size/MD5 checksum: 9129464 dc5b96ef06e08ee830411f043ead9836\n http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.13-0etch1_sparc.deb\n Size/MD5 checksum: 49108664 fee19c03f569025e398d02e1c63af3c4\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>", "cvss3": {}, "published": "2008-03-30T12:22:31", "type": "debian", "title": "[SECURITY] [DSA 1535-1] New iceweasel packages fix several vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-3738", "CVE-2007-4879", "CVE-2007-5338", "CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1236", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1240", "CVE-2008-1241"], "modified": "2008-03-30T12:22:31", "id": "DEBIAN:DSA-1535-1:5D1F2", "href": "https://lists.debian.org/debian-security-announce/2008/msg00104.html", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "osv": [{"lastseen": "2022-07-04T05:01:54", "description": "\nSeveral remote vulnerabilities have been discovered in Xulrunner, a\nruntime environment for XUL applications. The Common Vulnerabilities\nand Exposures project identifies the following problems:\n\n\n* [CVE-2007-4879](https://security-tracker.debian.org/tracker/CVE-2007-4879)\nPeter Brodersen and Alexander Klink discovered that the\n autoselection of SSL client certificates could lead to users\n being tracked, resulting in a loss of privacy.\n* [CVE-2008-1233](https://security-tracker.debian.org/tracker/CVE-2008-1233)\nmoz\\_bug\\_r\\_a4 discovered that variants of [CVE-2007-3738](https://security-tracker.debian.org/tracker/CVE-2007-3738) and\n [CVE-2007-5338](https://security-tracker.debian.org/tracker/CVE-2007-5338) allow the execution of arbitrary code through\n XPCNativeWrapper.\n* [CVE-2008-1234](https://security-tracker.debian.org/tracker/CVE-2008-1234)\nmoz\\_bug\\_r\\_a4 discovered that insecure handling of event\n handlers could lead to cross-site scripting.\n* [CVE-2008-1235](https://security-tracker.debian.org/tracker/CVE-2008-1235)\nBoris Zbarsky, Johnny Stenback and moz\\_bug\\_r\\_a4 discovered\n that incorrect principal handling could lead to cross-site\n scripting and the execution of arbitrary code.\n* [CVE-2008-1236](https://security-tracker.debian.org/tracker/CVE-2008-1236)\nTom Ferris, Seth Spitzer, Martin Wargers, John Daggett and Mats\n Palmgren discovered crashes in the layout engine, which might\n allow the execution of arbitrary code.\n* [CVE-2008-1237](https://security-tracker.debian.org/tracker/CVE-2008-1237)\ngeorgi, tgirmann and Igor Bukanov discovered crashes in the\n Javascript engine, which might allow the execution of arbitrary\n code.\n* [CVE-2008-1238](https://security-tracker.debian.org/tracker/CVE-2008-1238)\nGregory Fleischer discovered that HTTP Referrer headers were\n handled incorrectly in combination with URLs containing Basic\n Authentication credentials with empty usernames, resulting\n in potential Cross-Site Request Forgery attacks.\n* [CVE-2008-1240](https://security-tracker.debian.org/tracker/CVE-2008-1240)\nGregory Fleischer discovered that web content fetched through\n the jar: protocol can use Java to connect to arbitrary ports.\n This is only an issue in combination with the non-free Java\n plugin.\n* [CVE-2008-1241](https://security-tracker.debian.org/tracker/CVE-2008-1241)\nChris Thomas discovered that background tabs could generate\n XUL popups overlaying the current tab, resulting in potential\n spoofing attacks.\n\n\nThe Mozilla products from the old stable distribution (sarge) are no\nlonger supported.\n\n\nFor the stable distribution (etch), these problems have been fixed in\nversion 1.8.0.15~pre080323b-0etch1.\n\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.8.1.13-1.\n\n\nWe recommend that you upgrade your xulrunner packages.\n\n\n", "cvss3": {}, "published": "2008-03-27T00:00:00", "type": "osv", "title": "xulrunner", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-3738", "CVE-2007-4879", "CVE-2007-5338", "CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1236", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1240", "CVE-2008-1241"], "modified": "2022-07-04T02:33:37", "id": "OSV:DSA-1532-1", "href": "https://osv.dev/vulnerability/DSA-1532-1", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-07-04T05:02:24", "description": "\nSeveral remote vulnerabilities have been discovered in the Iceape internet\nsuite, an unbranded version of the Seamonkey Internet Suite. The Common\nVulnerabilities and Exposures project identifies the following problems:\n\n\n* [CVE-2007-4879](https://security-tracker.debian.org/tracker/CVE-2007-4879)\nPeter Brodersen and Alexander Klink discovered that the\n autoselection of SSL client certificates could lead to users\n being tracked, resulting in a loss of privacy.\n* [CVE-2008-1233](https://security-tracker.debian.org/tracker/CVE-2008-1233)\nmoz\\_bug\\_r\\_a4 discovered that variants of [CVE-2007-3738](https://security-tracker.debian.org/tracker/CVE-2007-3738) and\n [CVE-2007-5338](https://security-tracker.debian.org/tracker/CVE-2007-5338) allow the execution of arbitrary code through\n XPCNativeWrapper.\n* [CVE-2008-1234](https://security-tracker.debian.org/tracker/CVE-2008-1234)\nmoz\\_bug\\_r\\_a4 discovered that insecure handling of event\n handlers could lead to cross-site scripting.\n* [CVE-2008-1235](https://security-tracker.debian.org/tracker/CVE-2008-1235)\nBoris Zbarsky, Johnny Stenback and moz\\_bug\\_r\\_a4 discovered\n that incorrect principal handling could lead to cross-site\n scripting and the execution of arbitrary code.\n* [CVE-2008-1236](https://security-tracker.debian.org/tracker/CVE-2008-1236)\nTom Ferris, Seth Spitzer, Martin Wargers, John Daggett and Mats\n Palmgren discovered crashes in the layout engine, which might\n allow the execution of arbitrary code.\n* [CVE-2008-1237](https://security-tracker.debian.org/tracker/CVE-2008-1237)\ngeorgi, tgirmann and Igor Bukanov discovered crashes in the\n Javascript engine, which might allow the execution of arbitrary\n code.\n* [CVE-2008-1238](https://security-tracker.debian.org/tracker/CVE-2008-1238)\nGregory Fleischer discovered that HTTP Referrer headers were\n handled incorrectly in combination with URLs containing Basic\n Authentication credentials with empty usernames, resulting\n in potential Cross-Site Request Forgery attacks.\n* [CVE-2008-1240](https://security-tracker.debian.org/tracker/CVE-2008-1240)\nGregory Fleischer discovered that web content fetched through\n the jar: protocol can use Java to connect to arbitrary ports.\n This is only an issue in combination with the non-free Java\n plugin.\n* [CVE-2008-1241](https://security-tracker.debian.org/tracker/CVE-2008-1241)\nChris Thomas discovered that background tabs could generate\n XUL popups overlaying the current tab, resulting in potential\n spoofing attacks.\n\n\nThe Mozilla products from the old stable distribution (sarge) are no\nlonger supported.\n\n\nFor the stable distribution (etch), these problems have been fixed in\nversion 1.0.13~pre080323b-0etch1.\n\n\nWe recommend that you upgrade your iceape packages.\n\n\n", "cvss3": {}, "published": "2008-03-28T00:00:00", "type": "osv", "title": "iceape - regression", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-3738", "CVE-2007-4879", "CVE-2007-5338", "CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1236", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1240", "CVE-2008-1241"], "modified": "2022-07-04T02:33:13", "id": "OSV:DSA-1534-2", "href": "https://osv.dev/vulnerability/DSA-1534-2", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-07-04T05:02:31", "description": "\nSeveral remote vulnerabilities have been discovered in the Iceweasel\nweb browser, an unbranded version of the Firefox browser. The Common\nVulnerabilities and Exposures project identifies the following problems:\n\n\n* [CVE-2007-4879](https://security-tracker.debian.org/tracker/CVE-2007-4879)\nPeter Brodersen and Alexander Klink discovered that the\n autoselection of SSL client certificates could lead to users\n being tracked, resulting in a loss of privacy.\n* [CVE-2008-1233](https://security-tracker.debian.org/tracker/CVE-2008-1233)\nmoz\\_bug\\_r\\_a4 discovered that variants of [CVE-2007-3738](https://security-tracker.debian.org/tracker/CVE-2007-3738) and\n [CVE-2007-5338](https://security-tracker.debian.org/tracker/CVE-2007-5338) allow the execution of arbitrary code through\n XPCNativeWrapper.\n* [CVE-2008-1234](https://security-tracker.debian.org/tracker/CVE-2008-1234)\nmoz\\_bug\\_r\\_a4 discovered that insecure handling of event\n handlers could lead to cross-site scripting.\n* [CVE-2008-1235](https://security-tracker.debian.org/tracker/CVE-2008-1235)\nBoris Zbarsky, Johnny Stenback and moz\\_bug\\_r\\_a4 discovered\n that incorrect principal handling could lead to cross-site\n scripting and the execution of arbitrary code.\n* [CVE-2008-1236](https://security-tracker.debian.org/tracker/CVE-2008-1236)\nTom Ferris, Seth Spitzer, Martin Wargers, John Daggett and Mats\n Palmgren discovered crashes in the layout engine, which might\n allow the execution of arbitrary code.\n* [CVE-2008-1237](https://security-tracker.debian.org/tracker/CVE-2008-1237)\ngeorgi, tgirmann and Igor Bukanov discovered crashes in the\n Javascript engine, which might allow the execution of arbitrary\n code.\n* [CVE-2008-1238](https://security-tracker.debian.org/tracker/CVE-2008-1238)\nGregory Fleischer discovered that HTTP Referrer headers were\n handled incorrectly in combination with URLs containing Basic\n Authentication credentials with empty usernames, resulting\n in potential Cross-Site Request Forgery attacks.\n* [CVE-2008-1240](https://security-tracker.debian.org/tracker/CVE-2008-1240)\nGregory Fleischer discovered that web content fetched through\n the jar: protocol can use Java to connect to arbitrary ports.\n This is only an issue in combination with the non-free Java\n plugin.\n* [CVE-2008-1241](https://security-tracker.debian.org/tracker/CVE-2008-1241)\nChris Thomas discovered that background tabs could generate\n XUL popups overlaying the current tab, resulting in potential\n spoofing attacks.\n\n\nThe Mozilla products from the old stable distribution (sarge) are no\nlonger supported.\n\n\nFor the stable distribution (etch), these problems have been fixed in\nversion 2.0.0.13-0etch1.\n\n\nWe recommend that you upgrade your iceweasel packages.\n\n\n", "cvss3": {}, "published": "2008-03-30T00:00:00", "type": "osv", "title": "iceweasel", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-3738", "CVE-2007-4879", "CVE-2007-5338", "CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1236", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1240", "CVE-2008-1241"], "modified": "2022-07-04T02:33:03", "id": "OSV:DSA-1535-1", "href": "https://osv.dev/vulnerability/DSA-1535-1", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-07-04T04:59:22", "description": "\nSeveral remote vulnerabilities have been discovered in the Iceape internet\nsuite, an unbranded version of the Seamonkey Internet Suite. The Common\nVulnerabilities and Exposures project identifies the following problems:\n\n\n* [CVE-2007-4879](https://security-tracker.debian.org/tracker/CVE-2007-4879)\nPeter Brodersen and Alexander Klink discovered that the\n autoselection of SSL client certificates could lead to users\n being tracked, resulting in a loss of privacy.\n* [CVE-2008-1233](https://security-tracker.debian.org/tracker/CVE-2008-1233)\nmoz\\_bug\\_r\\_a4 discovered that variants of [CVE-2007-3738](https://security-tracker.debian.org/tracker/CVE-2007-3738) and\n [CVE-2007-5338](https://security-tracker.debian.org/tracker/CVE-2007-5338) allow the execution of arbitrary code through\n XPCNativeWrapper.\n* [CVE-2008-1234](https://security-tracker.debian.org/tracker/CVE-2008-1234)\nmoz\\_bug\\_r\\_a4 discovered that insecure handling of event\n handlers could lead to cross-site scripting.\n* [CVE-2008-1235](https://security-tracker.debian.org/tracker/CVE-2008-1235)\nBoris Zbarsky, Johnny Stenback and moz\\_bug\\_r\\_a4 discovered\n that incorrect principal handling could lead to cross-site\n scripting and the execution of arbitrary code.\n* [CVE-2008-1236](https://security-tracker.debian.org/tracker/CVE-2008-1236)\nTom Ferris, Seth Spitzer, Martin Wargers, John Daggett and Mats\n Palmgren discovered crashes in the layout engine, which might\n allow the execution of arbitrary code.\n* [CVE-2008-1237](https://security-tracker.debian.org/tracker/CVE-2008-1237)\ngeorgi, tgirmann and Igor Bukanov discovered crashes in the\n Javascript engine, which might allow the execution of arbitrary\n code.\n* [CVE-2008-1238](https://security-tracker.debian.org/tracker/CVE-2008-1238)\nGregory Fleischer discovered that HTTP Referrer headers were\n handled incorrectly in combination with URLs containing Basic\n Authentication credentials with empty usernames, resulting\n in potential Cross-Site Request Forgery attacks.\n* [CVE-2008-1240](https://security-tracker.debian.org/tracker/CVE-2008-1240)\nGregory Fleischer discovered that web content fetched through\n the jar: protocol can use Java to connect to arbitrary ports.\n This is only an issue in combination with the non-free Java\n plugin.\n* [CVE-2008-1241](https://security-tracker.debian.org/tracker/CVE-2008-1241)\nChris Thomas discovered that background tabs could generate\n XUL popups overlaying the current tab, resulting in potential\n spoofing attacks.\n\n\nThe Mozilla products from the old stable distribution (sarge) are no\nlonger supported.\n\n\nFor the stable distribution (etch), these problems have been fixed in\nversion 1.0.13~pre080323b-0etch1.\n\n\nWe recommend that you upgrade your iceape packages.\n\n\n", "cvss3": {}, "published": "2008-03-28T00:00:00", "type": "osv", "title": "iceape", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-3738", "CVE-2007-4879", "CVE-2007-5338", "CVE-2007-6589", "CVE-2008-0420", "CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1236", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1240", "CVE-2008-1241"], "modified": "2022-07-04T02:45:19", "id": "OSV:DSA-1534-1", "href": "https://osv.dev/vulnerability/DSA-1534-1", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "gentoo": [{"lastseen": "2022-01-17T19:15:20", "description": "### Background\n\nMozilla Firefox is an open-source web browser and Mozilla Thunderbird an open-source email client, both from the Mozilla Project. The SeaMonkey project is a community effort to deliver production-quality releases of code derived from the application formerly known as the 'Mozilla Application Suite'. XULRunner is a Mozilla runtime package that can be used to bootstrap XUL+XPCOM applications like Firefox and Thunderbird. \n\n### Description\n\nThe following vulnerabilities were reported in all mentioned Mozilla products: \n\n * Jesse Ruderman, Kai Engert, Martijn Wargers, Mats Palmgren, and Paul Nickerson reported browser crashes related to JavaScript methods, possibly triggering memory corruption (CVE-2008-0412). \n * Carsten Book, Wesley Garland, Igor Bukanov, moz_bug_r_a4, shutdown, Philip Taylor, and tgirmann reported crashes in the JavaScript engine, possibly triggering memory corruption (CVE-2008-0413). \n * David Bloom discovered a vulnerability in the way images are treated by the browser when a user leaves a page, possibly triggering memory corruption (CVE-2008-0419). \n * moz_bug_r_a4, Boris Zbarsky, and Johnny Stenback reported a series of privilege escalation vulnerabilities related to JavaScript (CVE-2008-1233, CVE-2008-1234, CVE-2008-1235). \n * Mozilla developers identified browser crashes caused by the layout and JavaScript engines, possibly triggering memory corruption (CVE-2008-1236, CVE-2008-1237). \n * moz_bug_r_a4 and Boris Zbarsky discovered that pages could escape from its sandboxed context and run with chrome privileges, and inject script content into another site, violating the browser's same origin policy (CVE-2008-0415). \n * Gerry Eisenhaur discovered a directory traversal vulnerability when using \"flat\" addons (CVE-2008-0418). \n * Alexey Proskuryakov, Yosuke Hasegawa and Simon Montagu reported multiple character handling flaws related to the backspace character, the \"0x80\" character, involving zero-length non-ASCII sequences in multiple character sets, that could facilitate Cross-Site Scripting attacks (CVE-2008-0416). \n\nThe following vulnerability was reported in Thunderbird and SeaMonkey: \n\n * regenrecht (via iDefense) reported a heap-based buffer overflow when rendering an email message with an external MIME body (CVE-2008-0304). \n\nThe following vulnerabilities were reported in Firefox, SeaMonkey and XULRunner: \n\n * The fix for CVE-2008-1237 in Firefox 2.0.0.13 and SeaMonkey 1.1.9 introduced a new crash vulnerability (CVE-2008-1380).\n * hong and Gregory Fleischer each reported a variant on earlier reported bugs regarding focus shifting in file input controls (CVE-2008-0414). \n * Gynvael Coldwind (Vexillium) discovered that BMP images could be used to reveal uninitialized memory, and that this data could be extracted using a \"canvas\" feature (CVE-2008-0420). \n * Chris Thomas reported that background tabs could create a borderless XUL pop-up in front of pages in other tabs (CVE-2008-1241). \n * oo.rio.oo discovered that a plain text file with a \"Content-Disposition: attachment\" prevents Firefox from rendering future plain text files within the browser (CVE-2008-0592). \n * Martin Straka reported that the \".href\" property of stylesheet DOM nodes is modified to the final URI of a 302 redirect, bypassing the same origin policy (CVE-2008-0593). \n * Gregory Fleischer discovered that under certain circumstances, leading characters from the hostname part of the \"Referer:\" HTTP header are removed (CVE-2008-1238). \n * Peter Brodersen and Alexander Klink reported that the browser automatically selected and sent a client certificate when SSL Client Authentication is requested by a server (CVE-2007-4879). \n * Gregory Fleischer reported that web content fetched via the \"jar:\" protocol was not subject to network access restrictions (CVE-2008-1240). \n\nThe following vulnerabilities were reported in Firefox: \n\n * Justin Dolske discovered a CRLF injection vulnerability when storing passwords (CVE-2008-0417). \n * Michal Zalewski discovered that Firefox does not properly manage a delay timer used in confirmation dialogs (CVE-2008-0591). \n * Emil Ljungdahl and Lars-Olof Moilanen discovered that a web forgery warning dialog is not displayed if the entire contents of a web page are in a DIV tag that uses absolute positioning (CVE-2008-0594). \n\n### Impact\n\nA remote attacker could entice a user to view a specially crafted web page or email that will trigger one of the vulnerabilities, possibly leading to the execution of arbitrary code or a Denial of Service. It is also possible for an attacker to trick a user to upload arbitrary files when submitting a form, to corrupt saved passwords for other sites, to steal login credentials, or to conduct Cross-Site Scripting and Cross-Site Request Forgery attacks. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll Mozilla Firefox users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/mozilla-firefox-2.0.0.14\"\n\nAll Mozilla Firefox binary users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/mozilla-firefox-bin-2.0.0.14\"\n\nAll Mozilla Thunderbird users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=mail-client/mozilla-thunderbird-2.0.0.14\"\n\nAll Mozilla Thunderbird binary users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=mail-client/mozilla-thunderbird-bin-2.0.0.14\"\n\nAll SeaMonkey users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/seamonkey-1.1.9-r1\"\n\nAll SeaMonkey binary users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/seamonkey-bin-1.1.9\"\n\nAll XULRunner users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-libs/xulrunner-1.8.1.14\"\n\nNOTE: The crash vulnerability (CVE-2008-1380) is currently unfixed in the SeaMonkey binary ebuild, as no precompiled packages have been released. Until an update is available, we recommend all SeaMonkey users to disable JavaScript, use Firefox for JavaScript-enabled browsing, or switch to the SeaMonkey source ebuild.", "cvss3": {}, "published": "2008-05-20T00:00:00", "type": "gentoo", "title": "Mozilla products: Multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-4879", "CVE-2008-0304", "CVE-2008-0412", "CVE-2008-0413", "CVE-2008-0414", "CVE-2008-0415", "CVE-2008-0416", "CVE-2008-0417", "CVE-2008-0418", "CVE-2008-0419", "CVE-2008-0420", "CVE-2008-0591", "CVE-2008-0592", "CVE-2008-0593", "CVE-2008-0594", "CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1236", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1240", "CVE-2008-1241", "CVE-2008-1380"], "modified": "2008-05-20T00:00:00", "id": "GLSA-200805-18", "href": "https://security.gentoo.org/glsa/200805-18", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}]}

Mozilla Foundation Security Advisory 2008-17

Description

Related