Mozilla developer Paul Nickerson reported a variant of a click-hijacking vulnerability discovered in Internet Explorer by Liu Die Yu. The vulnerability allowed an attacker to move the content window while the mouse was being clicked, causing an item to be dragged rather than clicked-on. This issue could potentially be used to force a user to download a file or perform other drag-and-drop actions.
Workaround
open Options/Preferences dialog
go to the "Content" tab
click the "Advanced..." button on the same line as the "Enable JavaScript" checkbox
UN-check the "Move or resize existing windows" box.
{"id": "SECURITYVULNS:DOC:20582", "bulletinFamily": "software", "title": "Mozilla Foundation Security Advisory 2008-40", "description": "Mozilla Foundation Security Advisory 2008-40\r\n\r\nTitle: Forced mouse drag\r\nImpact: Low\r\nAnnounced: September 23, 2008\r\nReporter: Paul Nickerson, Liu Die Yu\r\nProducts: Firefox, SeaMonkey\r\n\r\nFixed in: Firefox 3.0.2\r\n Firefox 2.0.0.17\r\n SeaMonkey 1.1.12\r\nDescription\r\n\r\nMozilla developer Paul Nickerson reported a variant of a click-hijacking vulnerability discovered in Internet Explorer by Liu Die Yu. The vulnerability allowed an attacker to move the content window while the mouse was being clicked, causing an item to be dragged rather than clicked-on. This issue could potentially be used to force a user to download a file or perform other drag-and-drop actions.\r\nWorkaround\r\n\r\n 1. open Options/Preferences dialog\r\n 2. go to the "Content" tab\r\n 3. click the "Advanced..." button on the same line as the "Enable JavaScript" checkbox\r\n 4. UN-check the "Move or resize existing windows" box.\r\n\r\nReferences\r\n\r\n * https://bugzilla.mozilla.org/show_bug.cgi?id=329385\r\n * CVE-2008-3837\r\n", "published": "2008-09-29T00:00:00", "modified": "2008-09-29T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20582", "reporter": "Securityvulns", "references": [], "cvelist": ["CVE-2008-3837"], "type": "securityvulns", "lastseen": "2018-08-31T11:10:27", "edition": 1, "viewCount": 1, "enchantments": {"score": {"value": 6.4, "vector": "NONE", "modified": "2018-08-31T11:10:27", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2008-3837"]}, {"type": "openvas", "idList": ["OPENVAS:860668", "OPENVAS:860814", "OPENVAS:860985", "OPENVAS:860674", "OPENVAS:860452", "OPENVAS:860599", "OPENVAS:1361412562310880265", "OPENVAS:870142", "OPENVAS:860576", "OPENVAS:860578"]}, {"type": "nessus", "idList": ["FEDORA_2008-8425.NASL", "MOZILLA_FIREFOX_302.NASL", "CENTOS_RHSA-2008-0879.NASL", "CENTOS_RHSA-2008-0882.NASL", "FEDORA_2008-8399.NASL", "SUSE_11_0_MOZILLA-XULRUNNER190-081002.NASL", "SL_20080923_FIREFOX_ON_SL4_X.NASL", "FEDORA_2008-8401.NASL", "ORACLELINUX_ELSA-2008-0879.NASL", "FEDORA_2008-8429.NASL"]}, {"type": "oraclelinux", "idList": ["ELSA-2008-0879", "ELSA-2008-0882"]}, {"type": "centos", "idList": ["CESA-2008:0879", "CESA-2008:0882", "CESA-2008:0882-01"]}, {"type": "redhat", "idList": ["RHSA-2008:0879", "RHSA-2008:0882"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:9310"]}, {"type": "ubuntu", "idList": ["USN-645-3", "USN-645-1"]}, {"type": "freebsd", "idList": ["2273879E-8A2F-11DD-A6FE-0030843D3802"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1649-1:279A7"]}], "modified": "2018-08-31T11:10:27", "rev": 2}, "vulnersScore": 6.4}, "affectedSoftware": []}
{"cve": [{"lastseen": "2021-02-02T05:35:16", "description": "Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, and SeaMonkey before 1.1.12, allow user-assisted remote attackers to move a window during a mouse click, and possibly force a file download or unspecified other drag-and-drop action, via a crafted onmousedown action that calls window.moveBy, a variant of CVE-2003-0823.", "edition": 6, "cvss3": {}, "published": "2008-09-24T20:37:00", "title": "CVE-2008-3837", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-3837"], "modified": "2018-11-01T15:14:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:7.10", "cpe:/o:debian:debian_linux:4.0", "cpe:/o:canonical:ubuntu_linux:6.06", "cpe:/o:canonical:ubuntu_linux:8.04", "cpe:/o:canonical:ubuntu_linux:7.04"], "id": "CVE-2008-3837", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3837", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:lts:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*"]}], "fedora": [{"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2008-3837", "CVE-2008-4058", "CVE-2008-4060", "CVE-2008-4061", "CVE-2008-4063", "CVE-2008-4064", "CVE-2008-4065", "CVE-2008-4067", "CVE-2008-4068"], "description": "This is an evolution plugin which enables evolution to read rss feeds. ", "modified": "2008-09-28T18:40:57", "published": "2008-09-28T18:40:57", "id": "FEDORA:C59DC208DC3", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 8 Update: evolution-rss-0.0.8-12.fc8", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2008-3837", "CVE-2008-4058", "CVE-2008-4060", "CVE-2008-4061", "CVE-2008-4063", "CVE-2008-4064", "CVE-2008-4065", "CVE-2008-4067", "CVE-2008-4068"], "description": "Kazehakase is a Web browser which aims to provide a user interface that is truly user-friendly & fully customizable. This package uses Gecko for HTML rendering engine. ", "modified": "2008-09-28T18:40:57", "published": "2008-09-28T18:40:57", "id": "FEDORA:E75A5208DDB", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 8 Update: kazehakase-0.5.5-1.fc8.1", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2008-3837", "CVE-2008-4058", "CVE-2008-4060", "CVE-2008-4061", "CVE-2008-4063", "CVE-2008-4064", "CVE-2008-4065", "CVE-2008-4067", "CVE-2008-4068"], "description": "Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability. ", "modified": "2008-09-28T18:40:57", "published": "2008-09-28T18:40:57", "id": "FEDORA:9EBF0208DA9", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 8 Update: firefox-2.0.0.17-1.fc8", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2008-3837", "CVE-2008-4058", "CVE-2008-4060", "CVE-2008-4061", "CVE-2008-4063", "CVE-2008-4064", "CVE-2008-4065", "CVE-2008-4067", "CVE-2008-4068"], "description": "The gnome-python-extra package contains the source packages for additional Python bindings for GNOME. It should be used together with gnome-python. ", "modified": "2008-09-28T18:40:02", "published": "2008-09-28T18:40:02", "id": "FEDORA:EB633208DC9", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 9 Update: gnome-python2-extras-2.19.1-18.fc9", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2008-3837", "CVE-2008-4058", "CVE-2008-4060", "CVE-2008-4061", "CVE-2008-4063", "CVE-2008-4064", "CVE-2008-4065", "CVE-2008-4067", "CVE-2008-4068"], "description": "This package provides a C++/gtkmm wrapper for GtkMozEmbed from Mozilla 1.4.x to 1.7.x. The wrapper provides a convenient interface for C++ programmers to use the Gtkmozembed HTML-rendering widget inside their software. ", "modified": "2008-09-28T18:40:02", "published": "2008-09-28T18:40:02", "id": "FEDORA:F0F4E208DCD", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 9 Update: gtkmozembedmm-1.4.2.cvs20060817-21.fc9", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2008-3837", "CVE-2008-4058", "CVE-2008-4060", "CVE-2008-4061", "CVE-2008-4063", "CVE-2008-4064", "CVE-2008-4065", "CVE-2008-4067", "CVE-2008-4068"], "description": "Totem is simple movie player for the Gnome desktop. It features a simple playlist, a full-screen mode, seek and volume controls, as well as a pretty complete keyboard navigation. ", "modified": "2008-09-28T18:40:02", "published": "2008-09-28T18:40:02", "id": "FEDORA:22D2F208DD1", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 9 Update: totem-2.23.2-7.fc9", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2008-3837", "CVE-2008-4058", "CVE-2008-4060", "CVE-2008-4061", "CVE-2008-4063", "CVE-2008-4064", "CVE-2008-4065", "CVE-2008-4067", "CVE-2008-4068"], "description": "An light eye-candy fully themable animated dock for any Linux desktop. It has a family-likeness with OSX dock, but with more options. ", "modified": "2008-09-28T18:40:57", "published": "2008-09-28T18:40:57", "id": "FEDORA:AD43C208DAB", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 8 Update: cairo-dock-1.6.2.3-1.fc8.1", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2008-3837", "CVE-2008-4058", "CVE-2008-4060", "CVE-2008-4061", "CVE-2008-4063", "CVE-2008-4064", "CVE-2008-4065", "CVE-2008-4067", "CVE-2008-4068"], "description": "Miro is a free application that turns your computer into an internet TV video player. This release is still a beta version, which means that there are some bugs, but we're moving quickly to fix them and will be releasing bug fixes on a regular basis. ", "modified": "2008-09-28T18:40:02", "published": "2008-09-28T18:40:02", "id": "FEDORA:0439B208DCF", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 9 Update: Miro-1.2.4-3.fc9", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2008-3837", "CVE-2008-4058", "CVE-2008-4060", "CVE-2008-4061", "CVE-2008-4063", "CVE-2008-4064", "CVE-2008-4065", "CVE-2008-4067", "CVE-2008-4068"], "description": "A gtk2 chm document viewer. It uses chmlib to extract files. It uses gecko to display pages. It supports displaying multilingual pages due to gecko. It features bookmarks and tabs. The tabs could be used to jump inside the chm file conveniently. Its UI is clean and handy, also is well localized. It is actively developed and maintained. The author of chmsee is Jungle Ji and several other great peopl e. Hint * Unlike other chm viewers, chmsee extracts files from chm file, and then r ead and display them. The extracted files could be found in $HOME/.chmsee/books helf directory. You can clean those files at any time and there is a special con fig option for that. * The bookmark is related to each file so not all bookmarks will be loaded, only current file's. * Try to remove $HOME/.chmsee if you encounter any problem after an upgrade. ", "modified": "2008-09-28T18:40:02", "published": "2008-09-28T18:40:02", "id": "FEDORA:D32D3208DB5", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 9 Update: chmsee-1.0.1-5.fc9", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2008-3837", "CVE-2008-4058", "CVE-2008-4060", "CVE-2008-4061", "CVE-2008-4063", "CVE-2008-4064", "CVE-2008-4065", "CVE-2008-4067", "CVE-2008-4068"], "description": "This package provides a C++/gtkmm wrapper for GtkMozEmbed from Mozilla 1.4.x to 1.7.x. The wrapper provides a convenient interface for C++ programmers to use the Gtkmozembed HTML-rendering widget inside their software. ", "modified": "2008-09-28T18:40:57", "published": "2008-09-28T18:40:57", "id": "FEDORA:E1F55208DDA", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 8 Update: gtkmozembedmm-1.4.2.cvs20060817-23.fc8", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2021-01-12T10:06:41", "description": "Mozilla Firefox is an open source Web browser. Several flaws were\nfound in the processing of malformed web content. A web page\ncontaining malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code as the user running Firefox.\n(CVE-2008-4058, CVE-2008-4060, CVE-2008-4061, CVE-2008-4062,\nCVE-2008-4063, CVE-2008-4064) Several flaws were found in the way\nmalformed web content was displayed. A web page containing specially\ncrafted content could potentially trick a Firefox user into\nsurrendering sensitive information. (CVE-2008-4067, CVE-2008-4068) A\nflaw was found in the way Firefox handles mouse click events. A web\npage containing specially crafted JavaScript code could move the\ncontent window while a mouse-button was pressed, causing any item\nunder the pointer to be dragged. This could, potentially, cause the\nuser to perform an unsafe drag-and-drop action. (CVE-2008-3837) A flaw\nwas found in Firefox that caused certain characters to be stripped\nfrom JavaScript code. This flaw could allow malicious JavaScript to\nbypass or evade script filters. (CVE-2008-4065) For technical details\nregarding these flaws, please see the Mozilla security advisories for\nFirefox 3.0.2.[1] All Firefox users should upgrade to these updated\npackages, which contain patches that correct these issues. [1]\nhttp://www.mozilla.org/security/known-\nvulnerabilities/firefox30.html#firefox3.0.2\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 22, "published": "2008-09-29T00:00:00", "title": "Fedora 8 : Miro-1.2.3-4.fc8 / blam-1.8.3-18.fc8 / cairo-dock-1.6.2.3-1.fc8.1 / chmsee-1.0.0-4.31.fc8 / etc (2008-8399)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-4063", "CVE-2008-4067", "CVE-2008-3837", "CVE-2008-4062", "CVE-2008-4060", "CVE-2008-4058", "CVE-2008-4068", "CVE-2008-4064", "CVE-2008-4061", "CVE-2008-4065"], "modified": "2008-09-29T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:firefox", "p-cpe:/a:fedoraproject:fedora:openvrml", "p-cpe:/a:fedoraproject:fedora:epiphany", "p-cpe:/a:fedoraproject:fedora:chmsee", "p-cpe:/a:fedoraproject:fedora:cairo-dock", "cpe:/o:fedoraproject:fedora:8", "p-cpe:/a:fedoraproject:fedora:ruby-gnome2", "p-cpe:/a:fedoraproject:fedora:evolution-rss", "p-cpe:/a:fedoraproject:fedora:kazehakase", "p-cpe:/a:fedoraproject:fedora:gnome-python2-extras", "p-cpe:/a:fedoraproject:fedora:epiphany-extensions", "p-cpe:/a:fedoraproject:fedora:blam", "p-cpe:/a:fedoraproject:fedora:gnome-web-photo", "p-cpe:/a:fedoraproject:fedora:galeon", "p-cpe:/a:fedoraproject:fedora:devhelp", "p-cpe:/a:fedoraproject:fedora:Miro", "p-cpe:/a:fedoraproject:fedora:liferea", "p-cpe:/a:fedoraproject:fedora:gtkmozembedmm", "p-cpe:/a:fedoraproject:fedora:yelp"], "id": "FEDORA_2008-8399.NASL", "href": "https://www.tenable.com/plugins/nessus/34306", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2008-8399.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(34306);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_xref(name:\"FEDORA\", value:\"2008-8399\");\n\n script_name(english:\"Fedora 8 : Miro-1.2.3-4.fc8 / blam-1.8.3-18.fc8 / cairo-dock-1.6.2.3-1.fc8.1 / chmsee-1.0.0-4.31.fc8 / etc (2008-8399)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Mozilla Firefox is an open source Web browser. Several flaws were\nfound in the processing of malformed web content. A web page\ncontaining malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code as the user running Firefox.\n(CVE-2008-4058, CVE-2008-4060, CVE-2008-4061, CVE-2008-4062,\nCVE-2008-4063, CVE-2008-4064) Several flaws were found in the way\nmalformed web content was displayed. A web page containing specially\ncrafted content could potentially trick a Firefox user into\nsurrendering sensitive information. (CVE-2008-4067, CVE-2008-4068) A\nflaw was found in the way Firefox handles mouse click events. A web\npage containing specially crafted JavaScript code could move the\ncontent window while a mouse-button was pressed, causing any item\nunder the pointer to be dragged. This could, potentially, cause the\nuser to perform an unsafe drag-and-drop action. (CVE-2008-3837) A flaw\nwas found in Firefox that caused certain characters to be stripped\nfrom JavaScript code. This flaw could allow malicious JavaScript to\nbypass or evade script filters. (CVE-2008-4065) For technical details\nregarding these flaws, please see the Mozilla security advisories for\nFirefox 3.0.2.[1] All Firefox users should upgrade to these updated\npackages, which contain patches that correct these issues. [1]\nhttp://www.mozilla.org/security/known-\nvulnerabilities/firefox30.html#firefox3.0.2\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # http://www.mozilla.org/security/known-\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/known-\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-September/014892.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c516f095\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-September/014893.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7982fe32\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-September/014894.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a7882e5a\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-September/014895.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f4ca227c\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-September/014896.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f6d89a51\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-September/014897.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b2071fd4\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-September/014898.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?69a1905c\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-September/014899.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?988e68dc\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-September/014900.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3ff0226d\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-September/014901.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c15e2d72\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-September/014902.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?44bb6340\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-September/014903.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ba4f29ef\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-September/014904.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?459d9fad\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-September/014905.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3b8f4eb6\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-September/014906.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ea5a052a\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-September/014907.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?12a1556f\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-September/014908.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f361f20a\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-September/014909.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?47e9f8dd\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_attribute(attribute:\"risk_factor\", value:\"High\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:Miro\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:blam\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:cairo-dock\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:chmsee\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:devhelp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:epiphany\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:epiphany-extensions\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:evolution-rss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:galeon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:gnome-python2-extras\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:gnome-web-photo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:gtkmozembedmm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kazehakase\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:liferea\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:openvrml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:ruby-gnome2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:yelp\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:8\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/09/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/09/29\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 8.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC8\", reference:\"Miro-1.2.3-4.fc8\")) flag++;\nif (rpm_check(release:\"FC8\", reference:\"blam-1.8.3-18.fc8\")) flag++;\nif (rpm_check(release:\"FC8\", reference:\"cairo-dock-1.6.2.3-1.fc8.1\")) flag++;\nif (rpm_check(release:\"FC8\", reference:\"chmsee-1.0.0-4.31.fc8\")) flag++;\nif (rpm_check(release:\"FC8\", reference:\"devhelp-0.16.1-10.fc8\")) flag++;\nif (rpm_check(release:\"FC8\", reference:\"epiphany-2.20.3-7.fc8\")) flag++;\nif (rpm_check(release:\"FC8\", reference:\"epiphany-extensions-2.20.1-10.fc8\")) flag++;\nif (rpm_check(release:\"FC8\", reference:\"evolution-rss-0.0.8-12.fc8\")) flag++;\nif (rpm_check(release:\"FC8\", reference:\"firefox-2.0.0.17-1.fc8\")) flag++;\nif (rpm_check(release:\"FC8\", reference:\"galeon-2.0.4-5.fc8.3\")) flag++;\nif (rpm_check(release:\"FC8\", reference:\"gnome-python2-extras-2.19.1-17.fc8\")) flag++;\nif (rpm_check(release:\"FC8\", reference:\"gnome-web-photo-0.3-13.fc8\")) flag++;\nif (rpm_check(release:\"FC8\", reference:\"gtkmozembedmm-1.4.2.cvs20060817-23.fc8\")) flag++;\nif (rpm_check(release:\"FC8\", reference:\"kazehakase-0.5.5-1.fc8.1\")) flag++;\nif (rpm_check(release:\"FC8\", reference:\"liferea-1.4.15-4.fc8\")) flag++;\nif (rpm_check(release:\"FC8\", reference:\"openvrml-0.17.8-2.0.fc8\")) flag++;\nif (rpm_check(release:\"FC8\", reference:\"ruby-gnome2-0.17.0-2.fc8\")) flag++;\nif (rpm_check(release:\"FC8\", reference:\"yelp-2.20.0-13.fc8\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Miro / blam / cairo-dock / chmsee / devhelp / epiphany / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-12T10:06:41", "description": "Mozilla Firefox is an open source Web browser. Several flaws were\nfound in the processing of malformed web content. A web page\ncontaining malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code as the user running Firefox.\n(CVE-2008-4058, CVE-2008-4060, CVE-2008-4061, CVE-2008-4062,\nCVE-2008-4063, CVE-2008-4064) Several flaws were found in the way\nmalformed web content was displayed. A web page containing specially\ncrafted content could potentially trick a Firefox user into\nsurrendering sensitive information. (CVE-2008-4067, CVE-2008-4068) A\nflaw was found in the way Firefox handles mouse click events. A web\npage containing specially crafted JavaScript code could move the\ncontent window while a mouse-button was pressed, causing any item\nunder the pointer to be dragged. This could, potentially, cause the\nuser to perform an unsafe drag-and-drop action. (CVE-2008-3837) A flaw\nwas found in Firefox that caused certain characters to be stripped\nfrom JavaScript code. This flaw could allow malicious JavaScript to\nbypass or evade script filters. (CVE-2008-4065) For technical details\nregarding these flaws, please see the Mozilla security advisories for\nFirefox 3.0.2.[1] All Firefox users should upgrade to these updated\npackages, which contain patches that correct these issues. [1]\nhttp://www.mozilla.org/security/known-\nvulnerabilities/firefox30.html#firefox3.0.2\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 25, "published": "2008-09-29T00:00:00", "title": "Fedora 9 : Miro-1.2.4-3.fc9 / blam-1.8.5-2.fc9 / cairo-dock-1.6.2.3-1.fc9.1 / chmsee-1.0.1-5.fc9 / etc (2008-8425)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-4063", "CVE-2008-4067", "CVE-2008-3837", "CVE-2008-4062", "CVE-2008-4060", "CVE-2008-4058", "CVE-2008-4068", "CVE-2008-4064", "CVE-2008-4061", "CVE-2008-4065"], "modified": "2008-09-29T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:google-gadgets", "p-cpe:/a:fedoraproject:fedora:xulrunner", "p-cpe:/a:fedoraproject:fedora:firefox", "p-cpe:/a:fedoraproject:fedora:epiphany", "p-cpe:/a:fedoraproject:fedora:chmsee", "p-cpe:/a:fedoraproject:fedora:totem", "p-cpe:/a:fedoraproject:fedora:cairo-dock", "p-cpe:/a:fedoraproject:fedora:ruby-gnome2", "p-cpe:/a:fedoraproject:fedora:evolution-rss", "cpe:/o:fedoraproject:fedora:9", "p-cpe:/a:fedoraproject:fedora:mugshot", "p-cpe:/a:fedoraproject:fedora:kazehakase", "p-cpe:/a:fedoraproject:fedora:gnome-python2-extras", "p-cpe:/a:fedoraproject:fedora:epiphany-extensions", "p-cpe:/a:fedoraproject:fedora:blam", "p-cpe:/a:fedoraproject:fedora:gnome-web-photo", "p-cpe:/a:fedoraproject:fedora:galeon", "p-cpe:/a:fedoraproject:fedora:devhelp", "p-cpe:/a:fedoraproject:fedora:Miro", "p-cpe:/a:fedoraproject:fedora:mozvoikko", "p-cpe:/a:fedoraproject:fedora:gtkmozembedmm", "p-cpe:/a:fedoraproject:fedora:yelp"], "id": "FEDORA_2008-8425.NASL", "href": "https://www.tenable.com/plugins/nessus/34308", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2008-8425.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(34308);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2008-3837\", \"CVE-2008-4058\", \"CVE-2008-4060\", \"CVE-2008-4061\", \"CVE-2008-4062\", \"CVE-2008-4063\", \"CVE-2008-4064\", \"CVE-2008-4065\", \"CVE-2008-4067\", \"CVE-2008-4068\");\n script_xref(name:\"FEDORA\", value:\"2008-8425\");\n\n script_name(english:\"Fedora 9 : Miro-1.2.4-3.fc9 / blam-1.8.5-2.fc9 / cairo-dock-1.6.2.3-1.fc9.1 / chmsee-1.0.1-5.fc9 / etc (2008-8425)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Mozilla Firefox is an open source Web browser. Several flaws were\nfound in the processing of malformed web content. A web page\ncontaining malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code as the user running Firefox.\n(CVE-2008-4058, CVE-2008-4060, CVE-2008-4061, CVE-2008-4062,\nCVE-2008-4063, CVE-2008-4064) Several flaws were found in the way\nmalformed web content was displayed. A web page containing specially\ncrafted content could potentially trick a Firefox user into\nsurrendering sensitive information. (CVE-2008-4067, CVE-2008-4068) A\nflaw was found in the way Firefox handles mouse click events. A web\npage containing specially crafted JavaScript code could move the\ncontent window while a mouse-button was pressed, causing any item\nunder the pointer to be dragged. This could, potentially, cause the\nuser to perform an unsafe drag-and-drop action. (CVE-2008-3837) A flaw\nwas found in Firefox that caused certain characters to be stripped\nfrom JavaScript code. This flaw could allow malicious JavaScript to\nbypass or evade script filters. (CVE-2008-4065) For technical details\nregarding these flaws, please see the Mozilla security advisories for\nFirefox 3.0.2.[1] All Firefox users should upgrade to these updated\npackages, which contain patches that correct these issues. [1]\nhttp://www.mozilla.org/security/known-\nvulnerabilities/firefox30.html#firefox3.0.2\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # http://www.mozilla.org/security/known-\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/known-\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=449279\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-September/014865.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e49007fa\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-September/014866.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0b8f062c\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-September/014867.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?868e3751\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-September/014868.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7cbb557a\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-September/014869.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7a97020a\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-September/014870.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?9e9ad788\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-September/014871.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?39f412e5\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-September/014872.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?381c8f3b\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-September/014873.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?807ed49c\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-September/014874.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f02b8822\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-September/014875.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?95a3925b\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-September/014876.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?859df869\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-September/014877.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3c562682\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-September/014878.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?27efaa31\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-September/014879.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2297c7ec\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-September/014880.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5e12c3c6\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-September/014881.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?17e217fa\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-September/014882.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?70f80df7\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-September/014883.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?9aadc226\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-September/014884.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?cb101b51\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-September/014885.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3a936866\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(22, 79, 189, 264, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:Miro\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:blam\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:cairo-dock\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:chmsee\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:devhelp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:epiphany\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:epiphany-extensions\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:evolution-rss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:galeon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:gnome-python2-extras\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:gnome-web-photo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:google-gadgets\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:gtkmozembedmm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kazehakase\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mozvoikko\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mugshot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:ruby-gnome2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:totem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:xulrunner\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:yelp\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:9\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/09/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/09/29\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^9([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 9.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC9\", reference:\"Miro-1.2.4-3.fc9\")) flag++;\nif (rpm_check(release:\"FC9\", reference:\"blam-1.8.5-2.fc9\")) flag++;\nif (rpm_check(release:\"FC9\", reference:\"cairo-dock-1.6.2.3-1.fc9.1\")) flag++;\nif (rpm_check(release:\"FC9\", reference:\"chmsee-1.0.1-5.fc9\")) flag++;\nif (rpm_check(release:\"FC9\", reference:\"devhelp-0.19.1-4.fc9\")) flag++;\nif (rpm_check(release:\"FC9\", reference:\"epiphany-2.22.2-4.fc9\")) flag++;\nif (rpm_check(release:\"FC9\", reference:\"epiphany-extensions-2.22.1-4.fc9\")) flag++;\nif (rpm_check(release:\"FC9\", reference:\"evolution-rss-0.1.0-3.fc9\")) flag++;\nif (rpm_check(release:\"FC9\", reference:\"firefox-3.0.2-1.fc9\")) flag++;\nif (rpm_check(release:\"FC9\", reference:\"galeon-2.0.5-3.fc9\")) flag++;\nif (rpm_check(release:\"FC9\", reference:\"gnome-python2-extras-2.19.1-18.fc9\")) flag++;\nif (rpm_check(release:\"FC9\", reference:\"gnome-web-photo-0.3-14.fc9\")) flag++;\nif (rpm_check(release:\"FC9\", reference:\"google-gadgets-0.10.1-5.fc9\")) flag++;\nif (rpm_check(release:\"FC9\", reference:\"gtkmozembedmm-1.4.2.cvs20060817-21.fc9\")) flag++;\nif (rpm_check(release:\"FC9\", reference:\"kazehakase-0.5.5-1.fc9.1\")) flag++;\nif (rpm_check(release:\"FC9\", reference:\"mozvoikko-0.9.5-3.fc9\")) flag++;\nif (rpm_check(release:\"FC9\", reference:\"mugshot-1.2.2-2.fc9\")) flag++;\nif (rpm_check(release:\"FC9\", reference:\"ruby-gnome2-0.17.0-2.fc9\")) flag++;\nif (rpm_check(release:\"FC9\", reference:\"totem-2.23.2-7.fc9\")) flag++;\nif (rpm_check(release:\"FC9\", reference:\"xulrunner-1.9.0.2-1.fc9\")) flag++;\nif (rpm_check(release:\"FC9\", reference:\"yelp-2.22.1-5.fc9\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Miro / blam / cairo-dock / chmsee / devhelp / epiphany / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-06T09:25:24", "description": "An updated firefox package that fixes various security issues is now\navailable for Red Hat Enterprise Linux 4 and 5.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nMozilla Firefox is an open source Web browser.\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code as the user running Firefox.\n(CVE-2008-4058, CVE-2008-4060, CVE-2008-4061, CVE-2008-4062,\nCVE-2008-4063, CVE-2008-4064)\n\nSeveral flaws were found in the way malformed web content was\ndisplayed. A web page containing specially crafted content could\npotentially trick a Firefox user into surrendering sensitive\ninformation. (CVE-2008-4067, CVE-2008-4068)\n\nA flaw was found in the way Firefox handles mouse click events. A web\npage containing specially crafted JavaScript code could move the\ncontent window while a mouse-button was pressed, causing any item\nunder the pointer to be dragged. This could, potentially, cause the\nuser to perform an unsafe drag-and-drop action. (CVE-2008-3837)\n\nA flaw was found in Firefox that caused certain characters to be\nstripped from JavaScript code. This flaw could allow malicious\nJavaScript to bypass or evade script filters. (CVE-2008-4065)\n\nFor technical details regarding these flaws, please see the Mozilla\nsecurity advisories for Firefox 3.0.2. You can find a link to the\nMozilla advisories in the References section.\n\nAll firefox users should upgrade to this updated package, which\ncontains backported patches that correct these issues.", "edition": 27, "published": "2010-01-06T00:00:00", "title": "CentOS 4 / 5 : firefox (CESA-2008:0879)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-4063", "CVE-2008-4067", "CVE-2008-3837", "CVE-2008-4062", "CVE-2008-4060", "CVE-2008-4058", "CVE-2008-4068", "CVE-2008-4064", "CVE-2008-4061", "CVE-2008-4065"], "modified": "2010-01-06T00:00:00", "cpe": ["p-cpe:/a:centos:centos:devhelp-devel", "p-cpe:/a:centos:centos:nss-devel", "p-cpe:/a:centos:centos:xulrunner-devel", "p-cpe:/a:centos:centos:nss-pkcs11-devel", "cpe:/o:centos:centos:4", "p-cpe:/a:centos:centos:xulrunner-devel-unstable", "p-cpe:/a:centos:centos:xulrunner", "p-cpe:/a:centos:centos:firefox", "p-cpe:/a:centos:centos:yelp", "p-cpe:/a:centos:centos:nss-tools", "p-cpe:/a:centos:centos:devhelp", "p-cpe:/a:centos:centos:nss", "cpe:/o:centos:centos:5"], "id": "CENTOS_RHSA-2008-0879.NASL", "href": "https://www.tenable.com/plugins/nessus/43709", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2008:0879 and \n# CentOS Errata and Security Advisory 2008:0879 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(43709);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2008-3837\", \"CVE-2008-4058\", \"CVE-2008-4060\", \"CVE-2008-4061\", \"CVE-2008-4062\", \"CVE-2008-4063\", \"CVE-2008-4064\", \"CVE-2008-4065\", \"CVE-2008-4067\", \"CVE-2008-4068\");\n script_bugtraq_id(31346);\n script_xref(name:\"RHSA\", value:\"2008:0879\");\n\n script_name(english:\"CentOS 4 / 5 : firefox (CESA-2008:0879)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated firefox package that fixes various security issues is now\navailable for Red Hat Enterprise Linux 4 and 5.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nMozilla Firefox is an open source Web browser.\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code as the user running Firefox.\n(CVE-2008-4058, CVE-2008-4060, CVE-2008-4061, CVE-2008-4062,\nCVE-2008-4063, CVE-2008-4064)\n\nSeveral flaws were found in the way malformed web content was\ndisplayed. A web page containing specially crafted content could\npotentially trick a Firefox user into surrendering sensitive\ninformation. (CVE-2008-4067, CVE-2008-4068)\n\nA flaw was found in the way Firefox handles mouse click events. A web\npage containing specially crafted JavaScript code could move the\ncontent window while a mouse-button was pressed, causing any item\nunder the pointer to be dragged. This could, potentially, cause the\nuser to perform an unsafe drag-and-drop action. (CVE-2008-3837)\n\nA flaw was found in Firefox that caused certain characters to be\nstripped from JavaScript code. This flaw could allow malicious\nJavaScript to bypass or evade script filters. (CVE-2008-4065)\n\nFor technical details regarding these flaws, please see the Mozilla\nsecurity advisories for Firefox 3.0.2. You can find a link to the\nMozilla advisories in the References section.\n\nAll firefox users should upgrade to this updated package, which\ncontains backported patches that correct these issues.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2008-September/015266.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?881a32b4\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2008-September/015267.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?48608290\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2008-September/015271.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1aabe779\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2008-September/015272.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f2846e25\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2008-September/015277.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f98e4c12\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected firefox packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(22, 79, 189, 264, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:devhelp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:devhelp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:nss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:nss-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:nss-pkcs11-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:nss-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:xulrunner\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:xulrunner-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:xulrunner-devel-unstable\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:yelp\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/09/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/09/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/01/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 4.x / 5.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"devhelp-0.10-0.10.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"devhelp-0.10-0.10.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"devhelp-devel-0.10-0.10.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"devhelp-devel-0.10-0.10.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"firefox-3.0.2-3.el4.centos\")) flag++;\n\nif (rpm_check(release:\"CentOS-5\", reference:\"devhelp-0.12-19.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"devhelp-devel-0.12-19.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"firefox-3.0.2-3.el5.centos\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"nss-3.12.1.1-1.el5.centos.1\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"nss-devel-3.12.1.1-1.el5.centos.1\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"nss-pkcs11-devel-3.12.1.1-1.el5.centos.1\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"nss-tools-3.12.1.1-1.el5.centos.1\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"xulrunner-1.9.0.2-5.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"xulrunner-devel-1.9.0.2-5.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"xulrunner-devel-unstable-1.9.0.2-5.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"yelp-2.16.0-21.el5\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"devhelp / devhelp-devel / firefox / nss / nss-devel / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T13:44:00", "description": "Several flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code as the user running Firefox.\n(CVE-2008-4058, CVE-2008-4060, CVE-2008-4061, CVE-2008-4062,\nCVE-2008-4063, CVE-2008-4064)\n\nSeveral flaws were found in the way malformed web content was\ndisplayed. A web page containing specially crafted content could\npotentially trick a Firefox user into surrendering sensitive\ninformation. (CVE-2008-4067, CVE-2008-4068)\n\nA flaw was found in the way Firefox handles mouse click events. A web\npage containing specially crafted JavaScript code could move the\ncontent window while a mouse-button was pressed, causing any item\nunder the pointer to be dragged. This could, potentially, cause the\nuser to perform an unsafe drag-and-drop action. (CVE-2008-3837)\n\nA flaw was found in Firefox that caused certain characters to be\nstripped from JavaScript code. This flaw could allow malicious\nJavaScript to bypass or evade script filters. (CVE-2008-4065)\n\nFor technical details regarding these flaws, please see the Mozilla\nsecurity advisories for Firefox 3.0.2. You can find a link to the\nMozilla advisories in the References section.", "edition": 25, "published": "2012-08-01T00:00:00", "title": "Scientific Linux Security Update : firefox on SL4.x, SL5.x i386/x86_64", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-4063", "CVE-2008-4067", "CVE-2008-3837", "CVE-2008-4062", "CVE-2008-4060", "CVE-2008-4058", "CVE-2008-4068", "CVE-2008-4064", "CVE-2008-4061", "CVE-2008-4065"], "modified": "2012-08-01T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20080923_FIREFOX_ON_SL4_X.NASL", "href": "https://www.tenable.com/plugins/nessus/60475", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(60475);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-3837\", \"CVE-2008-4058\", \"CVE-2008-4060\", \"CVE-2008-4061\", \"CVE-2008-4062\", \"CVE-2008-4063\", \"CVE-2008-4064\", \"CVE-2008-4065\", \"CVE-2008-4067\", \"CVE-2008-4068\");\n\n script_name(english:\"Scientific Linux Security Update : firefox on SL4.x, SL5.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code as the user running Firefox.\n(CVE-2008-4058, CVE-2008-4060, CVE-2008-4061, CVE-2008-4062,\nCVE-2008-4063, CVE-2008-4064)\n\nSeveral flaws were found in the way malformed web content was\ndisplayed. A web page containing specially crafted content could\npotentially trick a Firefox user into surrendering sensitive\ninformation. (CVE-2008-4067, CVE-2008-4068)\n\nA flaw was found in the way Firefox handles mouse click events. A web\npage containing specially crafted JavaScript code could move the\ncontent window while a mouse-button was pressed, causing any item\nunder the pointer to be dragged. This could, potentially, cause the\nuser to perform an unsafe drag-and-drop action. (CVE-2008-3837)\n\nA flaw was found in Firefox that caused certain characters to be\nstripped from JavaScript code. This flaw could allow malicious\nJavaScript to bypass or evade script filters. (CVE-2008-4065)\n\nFor technical details regarding these flaws, please see the Mozilla\nsecurity advisories for Firefox 3.0.2. You can find a link to the\nMozilla advisories in the References section.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind0809&L=scientific-linux-errata&T=0&P=1049\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f15bc8bb\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(22, 79, 189, 264, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/09/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL4\", reference:\"firefox-3.0.2-3.el4\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"nspr-4.7.0.99.2-2.el4\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"nspr-devel-4.7.0.99.2-2.el4\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"nss-3.11.99.5-3.el4\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"nss-devel-3.11.99.5-3.el4\")) flag++;\n\nif (rpm_check(release:\"SL5\", reference:\"devhelp-0.12-19.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"devhelp-devel-0.12-19.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"firefox-3.0.2-3.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"nss-3.12.1.1-1.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"nss-devel-3.12.1.1-1.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"nss-pkcs11-devel-3.12.1.1-1.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"nss-tools-3.12.1.1-1.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"xulrunner-1.9.0.2-5.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"xulrunner-devel-1.9.0.2-5.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"xulrunner-devel-unstable-1.9.0.2-5.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"yelp-2.16.0-21.el5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T13:06:16", "description": "An updated firefox package that fixes various security issues is now\navailable for Red Hat Enterprise Linux 4 and 5.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nMozilla Firefox is an open source Web browser.\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code as the user running Firefox.\n(CVE-2008-4058, CVE-2008-4060, CVE-2008-4061, CVE-2008-4062,\nCVE-2008-4063, CVE-2008-4064)\n\nSeveral flaws were found in the way malformed web content was\ndisplayed. A web page containing specially crafted content could\npotentially trick a Firefox user into surrendering sensitive\ninformation. (CVE-2008-4067, CVE-2008-4068)\n\nA flaw was found in the way Firefox handles mouse click events. A web\npage containing specially crafted JavaScript code could move the\ncontent window while a mouse-button was pressed, causing any item\nunder the pointer to be dragged. This could, potentially, cause the\nuser to perform an unsafe drag-and-drop action. (CVE-2008-3837)\n\nA flaw was found in Firefox that caused certain characters to be\nstripped from JavaScript code. This flaw could allow malicious\nJavaScript to bypass or evade script filters. (CVE-2008-4065)\n\nFor technical details regarding these flaws, please see the Mozilla\nsecurity advisories for Firefox 3.0.2. You can find a link to the\nMozilla advisories in the References section.\n\nAll firefox users should upgrade to this updated package, which\ncontains backported patches that correct these issues.", "edition": 28, "published": "2008-09-24T00:00:00", "title": "RHEL 4 / 5 : firefox (RHSA-2008:0879)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-4063", "CVE-2008-4067", "CVE-2008-3837", "CVE-2008-4062", "CVE-2008-4060", "CVE-2008-4058", "CVE-2008-4068", "CVE-2008-4064", "CVE-2008-4061", "CVE-2008-4065"], "modified": "2008-09-24T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:4", "p-cpe:/a:redhat:enterprise_linux:xulrunner-devel-unstable", "cpe:/o:redhat:enterprise_linux:5", "p-cpe:/a:redhat:enterprise_linux:yelp", "p-cpe:/a:redhat:enterprise_linux:nss-devel", "p-cpe:/a:redhat:enterprise_linux:nss-pkcs11-devel", "p-cpe:/a:redhat:enterprise_linux:xulrunner", "p-cpe:/a:redhat:enterprise_linux:firefox", "p-cpe:/a:redhat:enterprise_linux:nss-tools", "cpe:/o:redhat:enterprise_linux:5.2", "p-cpe:/a:redhat:enterprise_linux:xulrunner-devel", "p-cpe:/a:redhat:enterprise_linux:devhelp-devel", "cpe:/o:redhat:enterprise_linux:4.7", "p-cpe:/a:redhat:enterprise_linux:nss", "p-cpe:/a:redhat:enterprise_linux:devhelp"], "id": "REDHAT-RHSA-2008-0879.NASL", "href": "https://www.tenable.com/plugins/nessus/34274", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2008:0879. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(34274);\n script_version(\"1.27\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-3837\", \"CVE-2008-4058\", \"CVE-2008-4060\", \"CVE-2008-4061\", \"CVE-2008-4062\", \"CVE-2008-4063\", \"CVE-2008-4064\", \"CVE-2008-4065\", \"CVE-2008-4067\", \"CVE-2008-4068\");\n script_bugtraq_id(31346);\n script_xref(name:\"RHSA\", value:\"2008:0879\");\n\n script_name(english:\"RHEL 4 / 5 : firefox (RHSA-2008:0879)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated firefox package that fixes various security issues is now\navailable for Red Hat Enterprise Linux 4 and 5.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nMozilla Firefox is an open source Web browser.\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code as the user running Firefox.\n(CVE-2008-4058, CVE-2008-4060, CVE-2008-4061, CVE-2008-4062,\nCVE-2008-4063, CVE-2008-4064)\n\nSeveral flaws were found in the way malformed web content was\ndisplayed. A web page containing specially crafted content could\npotentially trick a Firefox user into surrendering sensitive\ninformation. (CVE-2008-4067, CVE-2008-4068)\n\nA flaw was found in the way Firefox handles mouse click events. A web\npage containing specially crafted JavaScript code could move the\ncontent window while a mouse-button was pressed, causing any item\nunder the pointer to be dragged. This could, potentially, cause the\nuser to perform an unsafe drag-and-drop action. (CVE-2008-3837)\n\nA flaw was found in Firefox that caused certain characters to be\nstripped from JavaScript code. This flaw could allow malicious\nJavaScript to bypass or evade script filters. (CVE-2008-4065)\n\nFor technical details regarding these flaws, please see the Mozilla\nsecurity advisories for Firefox 3.0.2. You can find a link to the\nMozilla advisories in the References section.\n\nAll firefox users should upgrade to this updated package, which\ncontains backported patches that correct these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-3837\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-4058\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-4060\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-4061\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-4062\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-4063\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-4064\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-4065\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-4067\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-4068\"\n );\n # http://www.mozilla.org/security/known-vulnerabilities/firefox30.html#\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d7d74da4\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2008:0879\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(22, 79, 189, 264, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:devhelp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:devhelp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nss-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nss-pkcs11-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nss-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xulrunner\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xulrunner-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xulrunner-devel-unstable\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:yelp\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4.7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/09/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/09/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/09/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x / 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2008:0879\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL4\", reference:\"firefox-3.0.2-3.el4\")) flag++;\n\n\n if (rpm_check(release:\"RHEL5\", reference:\"devhelp-0.12-19.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"devhelp-devel-0.12-19.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"firefox-3.0.2-3.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"nss-3.12.1.1-1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"nss-devel-3.12.1.1-1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"nss-pkcs11-devel-3.12.1.1-1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"nss-tools-3.12.1.1-1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"nss-tools-3.12.1.1-1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"nss-tools-3.12.1.1-1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"xulrunner-1.9.0.2-5.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"xulrunner-devel-1.9.0.2-5.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"xulrunner-devel-unstable-1.9.0.2-5.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"xulrunner-devel-unstable-1.9.0.2-5.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"xulrunner-devel-unstable-1.9.0.2-5.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"yelp-2.16.0-21.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"yelp-2.16.0-21.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"yelp-2.16.0-21.el5\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"devhelp / devhelp-devel / firefox / nss / nss-devel / etc\");\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T12:44:14", "description": "From Red Hat Security Advisory 2008:0879 :\n\nAn updated firefox package that fixes various security issues is now\navailable for Red Hat Enterprise Linux 4 and 5.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nMozilla Firefox is an open source Web browser.\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code as the user running Firefox.\n(CVE-2008-4058, CVE-2008-4060, CVE-2008-4061, CVE-2008-4062,\nCVE-2008-4063, CVE-2008-4064)\n\nSeveral flaws were found in the way malformed web content was\ndisplayed. A web page containing specially crafted content could\npotentially trick a Firefox user into surrendering sensitive\ninformation. (CVE-2008-4067, CVE-2008-4068)\n\nA flaw was found in the way Firefox handles mouse click events. A web\npage containing specially crafted JavaScript code could move the\ncontent window while a mouse-button was pressed, causing any item\nunder the pointer to be dragged. This could, potentially, cause the\nuser to perform an unsafe drag-and-drop action. (CVE-2008-3837)\n\nA flaw was found in Firefox that caused certain characters to be\nstripped from JavaScript code. This flaw could allow malicious\nJavaScript to bypass or evade script filters. (CVE-2008-4065)\n\nFor technical details regarding these flaws, please see the Mozilla\nsecurity advisories for Firefox 3.0.2. You can find a link to the\nMozilla advisories in the References section.\n\nAll firefox users should upgrade to this updated package, which\ncontains backported patches that correct these issues.", "edition": 25, "published": "2013-07-12T00:00:00", "title": "Oracle Linux 5 : firefox (ELSA-2008-0879)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-4063", "CVE-2008-4067", "CVE-2008-3837", "CVE-2008-4062", "CVE-2008-4060", "CVE-2008-4058", "CVE-2008-4068", "CVE-2008-4064", "CVE-2008-4061", "CVE-2008-4065"], "modified": "2013-07-12T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:xulrunner", "p-cpe:/a:oracle:linux:firefox", "p-cpe:/a:oracle:linux:nss-pkcs11-devel", "p-cpe:/a:oracle:linux:yelp", "p-cpe:/a:oracle:linux:devhelp", "p-cpe:/a:oracle:linux:xulrunner-devel-unstable", "cpe:/o:oracle:linux:5", "p-cpe:/a:oracle:linux:nss-devel", "p-cpe:/a:oracle:linux:nss", "p-cpe:/a:oracle:linux:devhelp-devel", "p-cpe:/a:oracle:linux:nss-tools", "p-cpe:/a:oracle:linux:xulrunner-devel"], "id": "ORACLELINUX_ELSA-2008-0879.NASL", "href": "https://www.tenable.com/plugins/nessus/67744", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2008:0879 and \n# Oracle Linux Security Advisory ELSA-2008-0879 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(67744);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-3837\", \"CVE-2008-4058\", \"CVE-2008-4060\", \"CVE-2008-4061\", \"CVE-2008-4062\", \"CVE-2008-4063\", \"CVE-2008-4064\", \"CVE-2008-4065\", \"CVE-2008-4067\", \"CVE-2008-4068\");\n script_bugtraq_id(31346);\n script_xref(name:\"RHSA\", value:\"2008:0879\");\n\n script_name(english:\"Oracle Linux 5 : firefox (ELSA-2008-0879)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2008:0879 :\n\nAn updated firefox package that fixes various security issues is now\navailable for Red Hat Enterprise Linux 4 and 5.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nMozilla Firefox is an open source Web browser.\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code as the user running Firefox.\n(CVE-2008-4058, CVE-2008-4060, CVE-2008-4061, CVE-2008-4062,\nCVE-2008-4063, CVE-2008-4064)\n\nSeveral flaws were found in the way malformed web content was\ndisplayed. A web page containing specially crafted content could\npotentially trick a Firefox user into surrendering sensitive\ninformation. (CVE-2008-4067, CVE-2008-4068)\n\nA flaw was found in the way Firefox handles mouse click events. A web\npage containing specially crafted JavaScript code could move the\ncontent window while a mouse-button was pressed, causing any item\nunder the pointer to be dragged. This could, potentially, cause the\nuser to perform an unsafe drag-and-drop action. (CVE-2008-3837)\n\nA flaw was found in Firefox that caused certain characters to be\nstripped from JavaScript code. This flaw could allow malicious\nJavaScript to bypass or evade script filters. (CVE-2008-4065)\n\nFor technical details regarding these flaws, please see the Mozilla\nsecurity advisories for Firefox 3.0.2. You can find a link to the\nMozilla advisories in the References section.\n\nAll firefox users should upgrade to this updated package, which\ncontains backported patches that correct these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2008-September/000741.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected firefox packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(22, 79, 189, 264, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:devhelp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:devhelp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:nss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:nss-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:nss-pkcs11-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:nss-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:xulrunner\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:xulrunner-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:xulrunner-devel-unstable\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:yelp\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/09/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/09/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL5\", reference:\"devhelp-0.12-19.el5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"devhelp-devel-0.12-19.el5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"firefox-3.0.2-3.0.1.el5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"nss-3.12.1.1-1.el5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"nss-devel-3.12.1.1-1.el5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"nss-pkcs11-devel-3.12.1.1-1.el5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"nss-tools-3.12.1.1-1.el5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"xulrunner-1.9.0.2-5.0.1.el5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"xulrunner-devel-1.9.0.2-5.0.1.el5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"xulrunner-devel-unstable-1.9.0.2-5.0.1.el5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"yelp-2.16.0-21.el5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"devhelp / devhelp-devel / firefox / nss / nss-devel / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T14:03:35", "description": "This update brings the mozilla-xulrunner190 engine to version 1.9.0.3,\nfixing a number of bugs and security problems :\n\nMFSA 2008-44 / CVE-2008-4067 / CVE-2008-4068: resource: traversal\nvulnerabilities\n\nMFSA 2008-43: BOM characters stripped from JavaScript before execution\nCVE-2008-4065: Stripped BOM characters bug CVE-2008-4066: HTML escaped\nlow surrogates bug\n\nMFSA 2008-42 Crashes with evidence of memory corruption\n(rv:1.9.0.2/1.8.1.17): CVE-2008-4061: Jesse Ruderman reported a crash\nin the layout engine. CVE-2008-4062: Igor Bukanov, Philip Taylor,\nGeorgi Guninski, and Antoine Labour reported crashes in the JavaScript\nengine. CVE-2008-4063: Jesse Ruderman, Bob Clary, and Martijn Wargers\nreported crashes in the layout engine which only affected Firefox 3.\nCVE-2008-4064: David Maciejak and Drew Yao reported crashes in\ngraphics rendering which only affected Firefox 3.\n\nMFSA 2008-41 Privilege escalation via XPCnativeWrapper pollution\nCVE-2008-4058: XPCnativeWrapper pollution bugs CVE-2008-4059:\nXPCnativeWrapper pollution (Firefox 2) CVE-2008-4060: Documents\nwithout script handling objects\n\nMFSA 2008-40 / CVE-2008-3837: Forced mouse drag", "edition": 24, "published": "2009-07-21T00:00:00", "title": "openSUSE Security Update : mozilla-xulrunner190 (mozilla-xulrunner190-234)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-4063", "CVE-2008-4067", "CVE-2008-4066", "CVE-2008-4059", "CVE-2008-3837", "CVE-2008-4062", "CVE-2008-4060", "CVE-2008-4058", "CVE-2008-4068", "CVE-2008-4064", "CVE-2008-4061", "CVE-2008-4065"], "modified": "2009-07-21T00:00:00", "cpe": ["cpe:/o:novell:opensuse:11.0", "p-cpe:/a:novell:opensuse:mozilla-xulrunner190-gnomevfs-32bit", "p-cpe:/a:novell:opensuse:mozilla-xulrunner190-32bit", "p-cpe:/a:novell:opensuse:mozilla-xulrunner190-translations-32bit", "p-cpe:/a:novell:opensuse:mozilla-xulrunner190-devel", "p-cpe:/a:novell:opensuse:mozilla-xulrunner190-translations", "p-cpe:/a:novell:opensuse:mozilla-xulrunner190", "p-cpe:/a:novell:opensuse:mozilla-xulrunner190-gnomevfs"], "id": "SUSE_11_0_MOZILLA-XULRUNNER190-081002.NASL", "href": "https://www.tenable.com/plugins/nessus/40074", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update mozilla-xulrunner190-234.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(40074);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-3837\", \"CVE-2008-4058\", \"CVE-2008-4059\", \"CVE-2008-4060\", \"CVE-2008-4061\", \"CVE-2008-4062\", \"CVE-2008-4063\", \"CVE-2008-4064\", \"CVE-2008-4065\", \"CVE-2008-4066\", \"CVE-2008-4067\", \"CVE-2008-4068\");\n\n script_name(english:\"openSUSE Security Update : mozilla-xulrunner190 (mozilla-xulrunner190-234)\");\n script_summary(english:\"Check for the mozilla-xulrunner190-234 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update brings the mozilla-xulrunner190 engine to version 1.9.0.3,\nfixing a number of bugs and security problems :\n\nMFSA 2008-44 / CVE-2008-4067 / CVE-2008-4068: resource: traversal\nvulnerabilities\n\nMFSA 2008-43: BOM characters stripped from JavaScript before execution\nCVE-2008-4065: Stripped BOM characters bug CVE-2008-4066: HTML escaped\nlow surrogates bug\n\nMFSA 2008-42 Crashes with evidence of memory corruption\n(rv:1.9.0.2/1.8.1.17): CVE-2008-4061: Jesse Ruderman reported a crash\nin the layout engine. CVE-2008-4062: Igor Bukanov, Philip Taylor,\nGeorgi Guninski, and Antoine Labour reported crashes in the JavaScript\nengine. CVE-2008-4063: Jesse Ruderman, Bob Clary, and Martijn Wargers\nreported crashes in the layout engine which only affected Firefox 3.\nCVE-2008-4064: David Maciejak and Drew Yao reported crashes in\ngraphics rendering which only affected Firefox 3.\n\nMFSA 2008-41 Privilege escalation via XPCnativeWrapper pollution\nCVE-2008-4058: XPCnativeWrapper pollution bugs CVE-2008-4059:\nXPCnativeWrapper pollution (Firefox 2) CVE-2008-4060: Documents\nwithout script handling objects\n\nMFSA 2008-40 / CVE-2008-3837: Forced mouse drag\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=429179\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mozilla-xulrunner190 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(22, 79, 189, 264, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner190\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner190-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner190-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner190-gnomevfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner190-gnomevfs-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner190-translations\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner190-translations-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/10/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/07/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.0\", reference:\"mozilla-xulrunner190-1.9.0.3-1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"mozilla-xulrunner190-devel-1.9.0.3-1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"mozilla-xulrunner190-gnomevfs-1.9.0.3-1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"mozilla-xulrunner190-translations-1.9.0.3-1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", cpu:\"x86_64\", reference:\"mozilla-xulrunner190-32bit-1.9.0.3-1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", cpu:\"x86_64\", reference:\"mozilla-xulrunner190-gnomevfs-32bit-1.9.0.3-1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", cpu:\"x86_64\", reference:\"mozilla-xulrunner190-translations-32bit-1.9.0.3-1.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mozilla-xulrunner190\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T14:02:50", "description": "This update brings MozillaFirefox to version 3.0.3, fixing a number of\nbugs and security problems :\n\nMFSA 2008-44 / CVE-2008-4067 / CVE-2008-4068: resource: traversal\nvulnerabilities\n\nMFSA 2008-43: BOM characters stripped from JavaScript before execution\nCVE-2008-4065: Stripped BOM characters bug CVE-2008-4066: HTML escaped\nlow surrogates bug\n\nMFSA 2008-42 Crashes with evidence of memory corruption\n(rv:1.9.0.2/1.8.1.17): CVE-2008-4061: Jesse Ruderman reported a crash\nin the layout engine. CVE-2008-4062: Igor Bukanov, Philip Taylor,\nGeorgi Guninski, and Antoine Labour reported crashes in the JavaScript\nengine. CVE-2008-4063: Jesse Ruderman, Bob Clary, and Martijn Wargers\nreported crashes in the layout engine which only affected Firefox 3.\nCVE-2008-4064: David Maciejak and Drew Yao reported crashes in\ngraphics rendering which only affected Firefox 3.\n\nMFSA 2008-41 Privilege escalation via XPCnativeWrapper pollution\nCVE-2008-4058: XPCnativeWrapper pollution bugs CVE-2008-4059:\nXPCnativeWrapper pollution (Firefox 2) CVE-2008-4060: Documents\nwithout script handling objects\n\nMFSA 2008-40 / CVE-2008-3837: Forced mouse drag", "edition": 24, "published": "2009-07-21T00:00:00", "title": "openSUSE Security Update : MozillaFirefox (MozillaFirefox-233)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-4063", "CVE-2008-4067", "CVE-2008-4066", "CVE-2008-4059", "CVE-2008-3837", "CVE-2008-4062", "CVE-2008-4060", "CVE-2008-4058", "CVE-2008-4068", "CVE-2008-4064", "CVE-2008-4061", "CVE-2008-4065"], "modified": "2009-07-21T00:00:00", "cpe": ["cpe:/o:novell:opensuse:11.0", "p-cpe:/a:novell:opensuse:MozillaFirefox-translations", "p-cpe:/a:novell:opensuse:MozillaFirefox"], "id": "SUSE_11_0_MOZILLAFIREFOX-081002.NASL", "href": "https://www.tenable.com/plugins/nessus/39883", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update MozillaFirefox-233.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(39883);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-3837\", \"CVE-2008-4058\", \"CVE-2008-4059\", \"CVE-2008-4060\", \"CVE-2008-4061\", \"CVE-2008-4062\", \"CVE-2008-4063\", \"CVE-2008-4064\", \"CVE-2008-4065\", \"CVE-2008-4066\", \"CVE-2008-4067\", \"CVE-2008-4068\");\n\n script_name(english:\"openSUSE Security Update : MozillaFirefox (MozillaFirefox-233)\");\n script_summary(english:\"Check for the MozillaFirefox-233 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update brings MozillaFirefox to version 3.0.3, fixing a number of\nbugs and security problems :\n\nMFSA 2008-44 / CVE-2008-4067 / CVE-2008-4068: resource: traversal\nvulnerabilities\n\nMFSA 2008-43: BOM characters stripped from JavaScript before execution\nCVE-2008-4065: Stripped BOM characters bug CVE-2008-4066: HTML escaped\nlow surrogates bug\n\nMFSA 2008-42 Crashes with evidence of memory corruption\n(rv:1.9.0.2/1.8.1.17): CVE-2008-4061: Jesse Ruderman reported a crash\nin the layout engine. CVE-2008-4062: Igor Bukanov, Philip Taylor,\nGeorgi Guninski, and Antoine Labour reported crashes in the JavaScript\nengine. CVE-2008-4063: Jesse Ruderman, Bob Clary, and Martijn Wargers\nreported crashes in the layout engine which only affected Firefox 3.\nCVE-2008-4064: David Maciejak and Drew Yao reported crashes in\ngraphics rendering which only affected Firefox 3.\n\nMFSA 2008-41 Privilege escalation via XPCnativeWrapper pollution\nCVE-2008-4058: XPCnativeWrapper pollution bugs CVE-2008-4059:\nXPCnativeWrapper pollution (Firefox 2) CVE-2008-4060: Documents\nwithout script handling objects\n\nMFSA 2008-40 / CVE-2008-3837: Forced mouse drag\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=429179\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected MozillaFirefox packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(22, 79, 189, 264, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-translations\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/10/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/07/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.0\", reference:\"MozillaFirefox-3.0.3-1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"MozillaFirefox-translations-3.0.3-1.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MozillaFirefox\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-12T10:06:41", "description": "Updated seamonkey packages that fix several security issues are now\navailable for Fedora 8 and Fedora 9. This update has been rated as\nhaving critical security impact by the Red Hat Security Response Team.\nSeaMonkey is an open source Web browser, advanced email and newsgroup\nclient, IRC chat client, and HTML editor. Several flaws were found in\nthe processing of malformed web content. A web page containing\nmalicious content could cause SeaMonkey to crash or, potentially,\nexecute arbitrary code as the user running SeaMonkey. (CVE-2008-0016,\nCVE-2008-4058, CVE-2008-4059, CVE-2008-4060, CVE-2008-4061,\nCVE-2008-4062) Several flaws were found in the way malformed web\ncontent was displayed. A web page containing specially crafted content\ncould potentially trick a SeaMonkey user into surrendering sensitive\ninformation. (CVE-2008-3835, CVE-2008-4067, CVE-2008-4068,\nCVE-2008-4069) A flaw was found in the way SeaMonkey handles mouse\nclick events. A web page containing specially crafted JavaScript code\ncould move the content window while a mouse-button was pressed,\ncausing any item under the pointer to be dragged. This could,\npotentially, cause the user to perform an unsafe drag-and-drop action.\n(CVE-2008-3837) A flaw was found in SeaMonkey that caused certain\ncharacters to be stripped from JavaScript code. This flaw could allow\nmalicious JavaScript to bypass or evade script filters.\n(CVE-2008-4065, CVE-2008-4066) All SeaMonkey users should upgrade to\nthese updated packages, which contain patches to resolve these issues.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 24, "published": "2008-09-29T00:00:00", "title": "Fedora 9 : seamonkey-1.1.12-1.fc9 (2008-8429)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-3835", "CVE-2008-4067", "CVE-2008-4066", "CVE-2008-4069", "CVE-2008-0016", "CVE-2008-4059", "CVE-2008-3837", "CVE-2008-4062", "CVE-2008-4060", "CVE-2008-4058", "CVE-2008-4068", "CVE-2008-4061", "CVE-2008-4065"], "modified": "2008-09-29T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:9", "p-cpe:/a:fedoraproject:fedora:seamonkey"], "id": "FEDORA_2008-8429.NASL", "href": "https://www.tenable.com/plugins/nessus/34309", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2008-8429.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(34309);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2008-0016\", \"CVE-2008-3835\", \"CVE-2008-3837\", \"CVE-2008-4058\", \"CVE-2008-4059\", \"CVE-2008-4060\", \"CVE-2008-4061\", \"CVE-2008-4062\", \"CVE-2008-4065\", \"CVE-2008-4066\", \"CVE-2008-4067\", \"CVE-2008-4068\", \"CVE-2008-4069\");\n script_xref(name:\"FEDORA\", value:\"2008-8429\");\n\n script_name(english:\"Fedora 9 : seamonkey-1.1.12-1.fc9 (2008-8429)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated seamonkey packages that fix several security issues are now\navailable for Fedora 8 and Fedora 9. This update has been rated as\nhaving critical security impact by the Red Hat Security Response Team.\nSeaMonkey is an open source Web browser, advanced email and newsgroup\nclient, IRC chat client, and HTML editor. Several flaws were found in\nthe processing of malformed web content. A web page containing\nmalicious content could cause SeaMonkey to crash or, potentially,\nexecute arbitrary code as the user running SeaMonkey. (CVE-2008-0016,\nCVE-2008-4058, CVE-2008-4059, CVE-2008-4060, CVE-2008-4061,\nCVE-2008-4062) Several flaws were found in the way malformed web\ncontent was displayed. A web page containing specially crafted content\ncould potentially trick a SeaMonkey user into surrendering sensitive\ninformation. (CVE-2008-3835, CVE-2008-4067, CVE-2008-4068,\nCVE-2008-4069) A flaw was found in the way SeaMonkey handles mouse\nclick events. A web page containing specially crafted JavaScript code\ncould move the content window while a mouse-button was pressed,\ncausing any item under the pointer to be dragged. This could,\npotentially, cause the user to perform an unsafe drag-and-drop action.\n(CVE-2008-3837) A flaw was found in SeaMonkey that caused certain\ncharacters to be stripped from JavaScript code. This flaw could allow\nmalicious JavaScript to bypass or evade script filters.\n(CVE-2008-4065, CVE-2008-4066) All SeaMonkey users should upgrade to\nthese updated packages, which contain patches to resolve these issues.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-September/014934.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6cec37da\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected seamonkey package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(22, 79, 119, 189, 200, 264, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:seamonkey\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:9\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/09/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/09/29\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^9([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 9.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC9\", reference:\"seamonkey-1.1.12-1.fc9\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"seamonkey\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-12T10:06:41", "description": "Updated seamonkey packages that fix several security issues are now\navailable for Fedora 8 and Fedora 9. This update has been rated as\nhaving critical security impact by the Red Hat Security Response Team.\nSeaMonkey is an open source Web browser, advanced email and newsgroup\nclient, IRC chat client, and HTML editor. Several flaws were found in\nthe processing of malformed web content. A web page containing\nmalicious content could cause SeaMonkey to crash or, potentially,\nexecute arbitrary code as the user running SeaMonkey. (CVE-2008-0016,\nCVE-2008-4058, CVE-2008-4059, CVE-2008-4060, CVE-2008-4061,\nCVE-2008-4062) Several flaws were found in the way malformed web\ncontent was displayed. A web page containing specially crafted content\ncould potentially trick a SeaMonkey user into surrendering sensitive\ninformation. (CVE-2008-3835, CVE-2008-4067, CVE-2008-4068,\nCVE-2008-4069) A flaw was found in the way SeaMonkey handles mouse\nclick events. A web page containing specially crafted JavaScript code\ncould move the content window while a mouse-button was pressed,\ncausing any item under the pointer to be dragged. This could,\npotentially, cause the user to perform an unsafe drag-and-drop action.\n(CVE-2008-3837) A flaw was found in SeaMonkey that caused certain\ncharacters to be stripped from JavaScript code. This flaw could allow\nmalicious JavaScript to bypass or evade script filters.\n(CVE-2008-4065, CVE-2008-4066) All SeaMonkey users should upgrade to\nthese updated packages, which contain patches to resolve these issues.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 24, "published": "2008-09-29T00:00:00", "title": "Fedora 8 : seamonkey-1.1.12-1.fc8 (2008-8401)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-3835", "CVE-2008-4067", "CVE-2008-4066", "CVE-2008-4069", "CVE-2008-0016", "CVE-2008-4059", "CVE-2008-3837", "CVE-2008-4062", "CVE-2008-4060", "CVE-2008-4058", "CVE-2008-4068", "CVE-2008-4061", "CVE-2008-4065"], "modified": "2008-09-29T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:8", "p-cpe:/a:fedoraproject:fedora:seamonkey"], "id": "FEDORA_2008-8401.NASL", "href": "https://www.tenable.com/plugins/nessus/34307", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2008-8401.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(34307);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2008-0016\", \"CVE-2008-3835\", \"CVE-2008-3837\", \"CVE-2008-4058\", \"CVE-2008-4059\", \"CVE-2008-4060\", \"CVE-2008-4061\", \"CVE-2008-4062\", \"CVE-2008-4065\", \"CVE-2008-4066\", \"CVE-2008-4067\", \"CVE-2008-4068\", \"CVE-2008-4069\");\n script_xref(name:\"FEDORA\", value:\"2008-8401\");\n\n script_name(english:\"Fedora 8 : seamonkey-1.1.12-1.fc8 (2008-8401)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated seamonkey packages that fix several security issues are now\navailable for Fedora 8 and Fedora 9. This update has been rated as\nhaving critical security impact by the Red Hat Security Response Team.\nSeaMonkey is an open source Web browser, advanced email and newsgroup\nclient, IRC chat client, and HTML editor. Several flaws were found in\nthe processing of malformed web content. A web page containing\nmalicious content could cause SeaMonkey to crash or, potentially,\nexecute arbitrary code as the user running SeaMonkey. (CVE-2008-0016,\nCVE-2008-4058, CVE-2008-4059, CVE-2008-4060, CVE-2008-4061,\nCVE-2008-4062) Several flaws were found in the way malformed web\ncontent was displayed. A web page containing specially crafted content\ncould potentially trick a SeaMonkey user into surrendering sensitive\ninformation. (CVE-2008-3835, CVE-2008-4067, CVE-2008-4068,\nCVE-2008-4069) A flaw was found in the way SeaMonkey handles mouse\nclick events. A web page containing specially crafted JavaScript code\ncould move the content window while a mouse-button was pressed,\ncausing any item under the pointer to be dragged. This could,\npotentially, cause the user to perform an unsafe drag-and-drop action.\n(CVE-2008-3837) A flaw was found in SeaMonkey that caused certain\ncharacters to be stripped from JavaScript code. This flaw could allow\nmalicious JavaScript to bypass or evade script filters.\n(CVE-2008-4065, CVE-2008-4066) All SeaMonkey users should upgrade to\nthese updated packages, which contain patches to resolve these issues.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-September/014915.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?bafd2623\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected seamonkey package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(22, 79, 119, 189, 200, 264, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:seamonkey\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:8\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/09/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/09/29\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 8.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC8\", reference:\"seamonkey-1.1.12-1.fc8\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"seamonkey\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2017-07-25T10:56:21", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-4063", "CVE-2008-4067", "CVE-2008-3837", "CVE-2008-4062", "CVE-2008-4060", "CVE-2008-4058", "CVE-2008-4068", "CVE-2008-4064", "CVE-2008-4061", "CVE-2008-4065"], "description": "Check for the Version of ruby-gnome2", "modified": "2017-07-10T00:00:00", "published": "2009-02-17T00:00:00", "id": "OPENVAS:860578", "href": "http://plugins.openvas.org/nasl.php?oid=860578", "type": "openvas", "title": "Fedora Update for ruby-gnome2 FEDORA-2008-8425", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for ruby-gnome2 FEDORA-2008-8425\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"ruby-gnome2 on Fedora 9\";\ntag_insight = \"This is a set of bindings for the GNOME-2.x libraries for use from Ruby.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01353.html\");\n script_id(860578);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-17 17:05:11 +0100 (Tue, 17 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2008-8425\");\n script_cve_id(\"CVE-2008-4058\", \"CVE-2008-4060\", \"CVE-2008-4061\", \"CVE-2008-4062\", \"CVE-2008-4063\", \"CVE-2008-4064\", \"CVE-2008-4067\", \"CVE-2008-4068\", \"CVE-2008-3837\", \"CVE-2008-4065\");\n script_name( \"Fedora Update for ruby-gnome2 FEDORA-2008-8425\");\n\n script_summary(\"Check for the Version of ruby-gnome2\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC9\")\n{\n\n if ((res = isrpmvuln(pkg:\"ruby-gnome2\", rpm:\"ruby-gnome2~0.17.0~2.fc9\", rls:\"FC9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:56:53", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-4063", "CVE-2008-4067", "CVE-2008-3837", "CVE-2008-4062", "CVE-2008-4060", "CVE-2008-4058", "CVE-2008-4068", "CVE-2008-4064", "CVE-2008-4061", "CVE-2008-4065"], "description": "Check for the Version of firefox", "modified": "2017-07-10T00:00:00", "published": "2009-02-17T00:00:00", "id": "OPENVAS:860662", "href": "http://plugins.openvas.org/nasl.php?oid=860662", "type": "openvas", "title": "Fedora Update for firefox FEDORA-2008-8425", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for firefox FEDORA-2008-8425\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"firefox on Fedora 9\";\ntag_insight = \"Mozilla Firefox is an open-source web browser, designed for standards\n compliance, performance and portability.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01334.html\");\n script_id(860662);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-17 17:05:11 +0100 (Tue, 17 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2008-8425\");\n script_cve_id(\"CVE-2008-4058\", \"CVE-2008-4060\", \"CVE-2008-4061\", \"CVE-2008-4062\", \"CVE-2008-4063\", \"CVE-2008-4064\", \"CVE-2008-4067\", \"CVE-2008-4068\", \"CVE-2008-3837\", \"CVE-2008-4065\");\n script_name( \"Fedora Update for firefox FEDORA-2008-8425\");\n\n script_summary(\"Check for the Version of firefox\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC9\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~3.0.2~1.fc9\", rls:\"FC9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:56:45", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-4063", "CVE-2008-4067", "CVE-2008-3837", "CVE-2008-4062", "CVE-2008-4060", "CVE-2008-4058", "CVE-2008-4068", "CVE-2008-4064", "CVE-2008-4061", "CVE-2008-4065"], "description": "Check for the Version of chmsee", "modified": "2017-07-10T00:00:00", "published": "2009-02-17T00:00:00", "id": "OPENVAS:860450", "href": "http://plugins.openvas.org/nasl.php?oid=860450", "type": "openvas", "title": "Fedora Update for chmsee FEDORA-2008-8425", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for chmsee FEDORA-2008-8425\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A gtk2 chm document viewer.\n\n It uses chmlib to extract files. It uses gecko to display pages. It supports\n displaying multilingual pages due to gecko. It features bookmarks and tabs.\n The tabs could be used to jump inside the chm file conveniently. Its UI is\n clean and handy, also is well localized. It is actively developed and\n maintained. The author of chmsee is Jungle Ji and several other great people.\n \n Hint\n * Unlike other chm viewers, chmsee extracts files from chm file, and then read\n and display them. The extracted files could be found in $HOME/.chmsee/bookshelf\n directory. You can clean those files at any time and there is a special config\n option for that.\n * The bookmark is related to each file so not all bookmarks will be loaded,\n only current file's.\n * Try to remove $HOME/.chmsee if you encounter any problem after an upgrade.\";\n\ntag_affected = \"chmsee on Fedora 9\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01340.html\");\n script_id(860450);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-17 17:05:11 +0100 (Tue, 17 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2008-8425\");\n script_cve_id(\"CVE-2008-4058\", \"CVE-2008-4060\", \"CVE-2008-4061\", \"CVE-2008-4062\", \"CVE-2008-4063\", \"CVE-2008-4064\", \"CVE-2008-4067\", \"CVE-2008-4068\", \"CVE-2008-3837\", \"CVE-2008-4065\");\n script_name( \"Fedora Update for chmsee FEDORA-2008-8425\");\n\n script_summary(\"Check for the Version of chmsee\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC9\")\n{\n\n if ((res = isrpmvuln(pkg:\"chmsee\", rpm:\"chmsee~1.0.1~5.fc9\", rls:\"FC9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:56:44", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-4063", "CVE-2008-4067", "CVE-2008-3837", "CVE-2008-4062", "CVE-2008-4060", "CVE-2008-4058", "CVE-2008-4068", "CVE-2008-4064", "CVE-2008-4061", "CVE-2008-4065"], "description": "Check for the Version of chmsee", "modified": "2017-07-10T00:00:00", "published": "2009-02-17T00:00:00", "id": "OPENVAS:860329", "href": "http://plugins.openvas.org/nasl.php?oid=860329", "type": "openvas", "title": "Fedora Update for chmsee FEDORA-2008-8399", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for chmsee FEDORA-2008-8399\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A gtk2 chm document viewer.\n\n It uses chmlib to extract files. It uses gecko to display pages. It supports\n displaying multilingual pages due to gecko. It features bookmarks and tabs.\n The tabs could be used to jump inside the chm file conveniently. Its UI is\n clean and handy, also is well localized. It is actively developed and\n maintained. The author of chmsee is Jungle Ji and several other great people.\n \n Hint\n * Unlike other chm viewers, chmsee extracts files from chm file, and then read\n and display them. The extracted files could be found in $HOME/.chmsee/bookshelf\n directory. You can clean those files at any time and there is a special config\n option for that.\n * The bookmark is related to each file so not all bookmarks will be loaded,\n only current file's.\n * Try to remove $HOME/.chmsee if you encounter any problem after an upgrade.\";\n\ntag_affected = \"chmsee on Fedora 8\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01363.html\");\n script_id(860329);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-17 17:05:11 +0100 (Tue, 17 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2008-8399\");\n script_cve_id(\"CVE-2008-4058\", \"CVE-2008-4060\", \"CVE-2008-4061\", \"CVE-2008-4062\", \"CVE-2008-4063\", \"CVE-2008-4064\", \"CVE-2008-4067\", \"CVE-2008-4068\", \"CVE-2008-3837\", \"CVE-2008-4065\");\n script_name( \"Fedora Update for chmsee FEDORA-2008-8399\");\n\n script_summary(\"Check for the Version of chmsee\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC8\")\n{\n\n if ((res = isrpmvuln(pkg:\"chmsee\", rpm:\"chmsee~1.0.0~4.31.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:57:07", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-4063", "CVE-2008-4067", "CVE-2008-3837", "CVE-2008-4062", "CVE-2008-4060", "CVE-2008-4058", "CVE-2008-4068", "CVE-2008-4064", "CVE-2008-4061", "CVE-2008-4065"], "description": "Check for the Version of gnome-web-photo", "modified": "2017-07-10T00:00:00", "published": "2009-02-17T00:00:00", "id": "OPENVAS:860728", "href": "http://plugins.openvas.org/nasl.php?oid=860728", "type": "openvas", "title": "Fedora Update for gnome-web-photo FEDORA-2008-8425", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for gnome-web-photo FEDORA-2008-8425\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"gnome-web-photo on Fedora 9\";\ntag_insight = \"gnome-web-photo contains a thumbnailer that will be used by GNOME applications,\n including the file manager, to generate screenshots of web pages.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01344.html\");\n script_id(860728);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-17 17:05:11 +0100 (Tue, 17 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2008-8425\");\n script_cve_id(\"CVE-2008-4058\", \"CVE-2008-4060\", \"CVE-2008-4061\", \"CVE-2008-4062\", \"CVE-2008-4063\", \"CVE-2008-4064\", \"CVE-2008-4067\", \"CVE-2008-4068\", \"CVE-2008-3837\", \"CVE-2008-4065\");\n script_name( \"Fedora Update for gnome-web-photo FEDORA-2008-8425\");\n\n script_summary(\"Check for the Version of gnome-web-photo\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC9\")\n{\n\n if ((res = isrpmvuln(pkg:\"gnome-web-photo\", rpm:\"gnome-web-photo~0.3~14.fc9\", rls:\"FC9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:56:45", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-4063", "CVE-2008-4067", "CVE-2008-3837", "CVE-2008-4062", "CVE-2008-4060", "CVE-2008-4058", "CVE-2008-4068", "CVE-2008-4064", "CVE-2008-4061", "CVE-2008-4065"], "description": "Check for the Version of gnome-python2-extras", "modified": "2017-07-10T00:00:00", "published": "2009-02-17T00:00:00", "id": "OPENVAS:860576", "href": "http://plugins.openvas.org/nasl.php?oid=860576", "type": "openvas", "title": "Fedora Update for gnome-python2-extras FEDORA-2008-8425", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for gnome-python2-extras FEDORA-2008-8425\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"gnome-python2-extras on Fedora 9\";\ntag_insight = \"The gnome-python-extra package contains the source packages for additional\n Python bindings for GNOME. It should be used together with gnome-python.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01345.html\");\n script_id(860576);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-17 17:05:11 +0100 (Tue, 17 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2008-8425\");\n script_cve_id(\"CVE-2008-4058\", \"CVE-2008-4060\", \"CVE-2008-4061\", \"CVE-2008-4062\", \"CVE-2008-4063\", \"CVE-2008-4064\", \"CVE-2008-4067\", \"CVE-2008-4068\", \"CVE-2008-3837\", \"CVE-2008-4065\");\n script_name( \"Fedora Update for gnome-python2-extras FEDORA-2008-8425\");\n\n script_summary(\"Check for the Version of gnome-python2-extras\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC9\")\n{\n\n if ((res = isrpmvuln(pkg:\"gnome-python2-extras\", rpm:\"gnome-python2-extras~2.19.1~18.fc9\", rls:\"FC9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:56:18", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-4063", "CVE-2008-4067", "CVE-2008-3837", "CVE-2008-4062", "CVE-2008-4060", "CVE-2008-4058", "CVE-2008-4068", "CVE-2008-4064", "CVE-2008-4061", "CVE-2008-4065"], "description": "Check for the Version of epiphany-extensions", "modified": "2017-07-10T00:00:00", "published": "2009-02-17T00:00:00", "id": "OPENVAS:860674", "href": "http://plugins.openvas.org/nasl.php?oid=860674", "type": "openvas", "title": "Fedora Update for epiphany-extensions FEDORA-2008-8399", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for epiphany-extensions FEDORA-2008-8399\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"epiphany-extensions on Fedora 8\";\ntag_insight = \"Epiphany Extensions is a collection of extensions for Epiphany, the\n GNOME web browser.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01367.html\");\n script_id(860674);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-17 17:05:11 +0100 (Tue, 17 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2008-8399\");\n script_cve_id(\"CVE-2008-4058\", \"CVE-2008-4060\", \"CVE-2008-4061\", \"CVE-2008-4062\", \"CVE-2008-4063\", \"CVE-2008-4064\", \"CVE-2008-4067\", \"CVE-2008-4068\", \"CVE-2008-3837\", \"CVE-2008-4065\");\n script_name( \"Fedora Update for epiphany-extensions FEDORA-2008-8399\");\n\n script_summary(\"Check for the Version of epiphany-extensions\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC8\")\n{\n\n if ((res = isrpmvuln(pkg:\"epiphany-extensions\", rpm:\"epiphany-extensions~2.20.1~10.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:57:11", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-4063", "CVE-2008-4067", "CVE-2008-3837", "CVE-2008-4062", "CVE-2008-4060", "CVE-2008-4058", "CVE-2008-4068", "CVE-2008-4064", "CVE-2008-4061", "CVE-2008-4065"], "description": "Check for the Version of evolution-rss", "modified": "2017-07-10T00:00:00", "published": "2009-02-17T00:00:00", "id": "OPENVAS:860507", "href": "http://plugins.openvas.org/nasl.php?oid=860507", "type": "openvas", "title": "Fedora Update for evolution-rss FEDORA-2008-8399", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for evolution-rss FEDORA-2008-8399\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"evolution-rss on Fedora 8\";\ntag_insight = \"This is an evolution plugin which enables evolution to read rss feeds.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01368.html\");\n script_id(860507);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-17 17:05:11 +0100 (Tue, 17 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2008-8399\");\n script_cve_id(\"CVE-2008-4058\", \"CVE-2008-4060\", \"CVE-2008-4061\", \"CVE-2008-4062\", \"CVE-2008-4063\", \"CVE-2008-4064\", \"CVE-2008-4067\", \"CVE-2008-4068\", \"CVE-2008-3837\", \"CVE-2008-4065\");\n script_name( \"Fedora Update for evolution-rss FEDORA-2008-8399\");\n\n script_summary(\"Check for the Version of evolution-rss\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC8\")\n{\n\n if ((res = isrpmvuln(pkg:\"evolution-rss\", rpm:\"evolution-rss~0.0.8~12.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:56:31", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-4063", "CVE-2008-4067", "CVE-2008-3837", "CVE-2008-4062", "CVE-2008-4060", "CVE-2008-4058", "CVE-2008-4068", "CVE-2008-4064", "CVE-2008-4061", "CVE-2008-4065"], "description": "Check for the Version of totem", "modified": "2017-07-10T00:00:00", "published": "2009-02-17T00:00:00", "id": "OPENVAS:860154", "href": "http://plugins.openvas.org/nasl.php?oid=860154", "type": "openvas", "title": "Fedora Update for totem FEDORA-2008-8425", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for totem FEDORA-2008-8425\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"totem on Fedora 9\";\ntag_insight = \"Totem is simple movie player for the Gnome desktop. It features a\n simple playlist, a full-screen mode, seek and volume controls, as well as\n a pretty complete keyboard navigation.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01352.html\");\n script_id(860154);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-17 17:05:11 +0100 (Tue, 17 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2008-8425\");\n script_cve_id(\"CVE-2008-4058\", \"CVE-2008-4060\", \"CVE-2008-4061\", \"CVE-2008-4062\", \"CVE-2008-4063\", \"CVE-2008-4064\", \"CVE-2008-4067\", \"CVE-2008-4068\", \"CVE-2008-3837\", \"CVE-2008-4065\");\n script_name( \"Fedora Update for totem FEDORA-2008-8425\");\n\n script_summary(\"Check for the Version of totem\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC9\")\n{\n\n if ((res = isrpmvuln(pkg:\"totem\", rpm:\"totem~2.23.2~7.fc9\", rls:\"FC9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:56:19", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-4063", "CVE-2008-4067", "CVE-2008-3837", "CVE-2008-4062", "CVE-2008-4060", "CVE-2008-4058", "CVE-2008-4068", "CVE-2008-4064", "CVE-2008-4061", "CVE-2008-4065"], "description": "Check for the Version of epiphany", "modified": "2017-07-10T00:00:00", "published": "2009-02-17T00:00:00", "id": "OPENVAS:860164", "href": "http://plugins.openvas.org/nasl.php?oid=860164", "type": "openvas", "title": "Fedora Update for epiphany FEDORA-2008-8399", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for epiphany FEDORA-2008-8399\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"epiphany on Fedora 8\";\ntag_insight = \"epiphany is a simple GNOME web browser based on the Mozilla rendering\n engine.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01365.html\");\n script_id(860164);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-17 17:05:11 +0100 (Tue, 17 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2008-8399\");\n script_cve_id(\"CVE-2008-4058\", \"CVE-2008-4060\", \"CVE-2008-4061\", \"CVE-2008-4062\", \"CVE-2008-4063\", \"CVE-2008-4064\", \"CVE-2008-4067\", \"CVE-2008-4068\", \"CVE-2008-3837\", \"CVE-2008-4065\");\n script_name( \"Fedora Update for epiphany FEDORA-2008-8399\");\n\n script_summary(\"Check for the Version of epiphany\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC8\")\n{\n\n if ((res = isrpmvuln(pkg:\"epiphany\", rpm:\"epiphany~2.20.3~7.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "centos": [{"lastseen": "2019-12-20T18:26:15", "bulletinFamily": "unix", "cvelist": ["CVE-2008-4063", "CVE-2008-4067", "CVE-2008-3837", "CVE-2008-4062", "CVE-2008-4060", "CVE-2008-4058", "CVE-2008-4068", "CVE-2008-4064", "CVE-2008-4061", "CVE-2008-4065"], "description": "**CentOS Errata and Security Advisory** CESA-2008:0879\n\n\nMozilla Firefox is an open source Web browser.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code as the user running Firefox.\n(CVE-2008-4058, CVE-2008-4060, CVE-2008-4061, CVE-2008-4062,\nCVE-2008-4063, CVE-2008-4064)\n\nSeveral flaws were found in the way malformed web content was displayed. A\nweb page containing specially crafted content could potentially trick a\nFirefox user into surrendering sensitive information. (CVE-2008-4067,\nCVE-2008-4068)\n\nA flaw was found in the way Firefox handles mouse click events. A web page\ncontaining specially crafted JavaScript code could move the content window\nwhile a mouse-button was pressed, causing any item under the pointer to be\ndragged. This could, potentially, cause the user to perform an unsafe\ndrag-and-drop action. (CVE-2008-3837)\n\nA flaw was found in Firefox that caused certain characters to be stripped\nfrom JavaScript code. This flaw could allow malicious JavaScript to bypass\nor evade script filters. (CVE-2008-4065)\n\nFor technical details regarding these flaws, please see the Mozilla\nsecurity advisories for Firefox 3.0.2. You can find a link to the Mozilla\nadvisories in the References section.\n\nAll firefox users should upgrade to this updated package, which contains\nbackported patches that correct these issues.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2008-September/027304.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-September/027305.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-September/027309.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-September/027310.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-September/027315.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-September/027318.html\n\n**Affected packages:**\ndevhelp\ndevhelp-devel\nfirefox\nnss\nnss-devel\nnss-pkcs11-devel\nnss-tools\nxulrunner\nxulrunner-devel\nxulrunner-devel-unstable\nyelp\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2008-0879.html", "edition": 3, "modified": "2008-09-28T00:42:21", "published": "2008-09-24T14:24:39", "href": "http://lists.centos.org/pipermail/centos-announce/2008-September/027304.html", "id": "CESA-2008:0879", "title": "devhelp, firefox, nss, xulrunner, yelp security update", "type": "centos", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:37:03", "bulletinFamily": "unix", "cvelist": ["CVE-2008-4063", "CVE-2008-4067", "CVE-2008-3837", "CVE-2008-4062", "CVE-2008-4060", "CVE-2008-4058", "CVE-2008-4068", "CVE-2008-4064", "CVE-2008-4061", "CVE-2008-4065"], "description": "devhelp:\n[0.12-19]\n- Rebuild against xulrunner\nfirefox:\n[3.0.2-3.0.1.el5]\n- Added firefox-oracle-default-prefs.js/firefox-oracle-default-bookmarks.html\n- Removed the corresponding files of Red Hat.\n- Added patch oracle-firefox-branding.patch\n- Update firstrun URL\n[3.0.2-3]\n- Update to Firefox 3.0.2 build 6\n[3.0.2-2]\n- Update to Firefox 3.0.2 build 4\n[3.0.2-1]\n- Update to Firefox 3.0.2\n[3.0.1-2]\n- Fixed #447535 - RHEL 5.2 beta / upstream Firefox 3 beta 5\n autoConfig broken\n- Fixed #445304 - HTML/index.html always redirects to en-US/index.html\n parallel compiles and -debuginfo packages\nnss:\n[3.12.1.1-1]\n- Update to NSS_3_12_1_RC2\n[3.12.1.0-1]\n- Update to NSS_3_12_1_RC1\nxulrunner:\n[1.9.0.2-5.0.1]\n- Added xulrunner-oracle-default-prefs.js\n- Remove its corresponding of Red Hat.\n[1.9.0.2-5]\n- Update to 1.9.0.2 build 6\n[1.9.0.2-4]\n- Fixed firefox dependency (#445391)\n[1.9.0.2-3]\n- Update to 1.9.0.2 build 4\n[1.9.0.2-2]\n- Fixed gecko version\n[1.9.0.2-1]\n- Update to 1.9.0.2\n[1.9.0.1-2]\n- Updated provided gecko version\nyelp:\n[2.16.0-21]\n- rebuild against xulrunner", "edition": 4, "modified": "2008-09-24T00:00:00", "published": "2008-09-24T00:00:00", "id": "ELSA-2008-0879", "href": "http://linux.oracle.com/errata/ELSA-2008-0879.html", "title": "firefox security update", "type": "oraclelinux", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "redhat": [{"lastseen": "2019-08-13T18:46:19", "bulletinFamily": "unix", "cvelist": ["CVE-2008-3837", "CVE-2008-4058", "CVE-2008-4060", "CVE-2008-4061", "CVE-2008-4062", "CVE-2008-4063", "CVE-2008-4064", "CVE-2008-4065", "CVE-2008-4067", "CVE-2008-4068"], "description": "Mozilla Firefox is an open source Web browser.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code as the user running Firefox.\n(CVE-2008-4058, CVE-2008-4060, CVE-2008-4061, CVE-2008-4062,\nCVE-2008-4063, CVE-2008-4064)\n\nSeveral flaws were found in the way malformed web content was displayed. A\nweb page containing specially crafted content could potentially trick a\nFirefox user into surrendering sensitive information. (CVE-2008-4067,\nCVE-2008-4068)\n\nA flaw was found in the way Firefox handles mouse click events. A web page\ncontaining specially crafted JavaScript code could move the content window\nwhile a mouse-button was pressed, causing any item under the pointer to be\ndragged. This could, potentially, cause the user to perform an unsafe\ndrag-and-drop action. (CVE-2008-3837)\n\nA flaw was found in Firefox that caused certain characters to be stripped\nfrom JavaScript code. This flaw could allow malicious JavaScript to bypass\nor evade script filters. (CVE-2008-4065)\n\nFor technical details regarding these flaws, please see the Mozilla\nsecurity advisories for Firefox 3.0.2. You can find a link to the Mozilla\nadvisories in the References section.\n\nAll firefox users should upgrade to this updated package, which contains\nbackported patches that correct these issues.\n", "modified": "2017-09-08T12:08:12", "published": "2008-09-23T04:00:00", "id": "RHSA-2008:0879", "href": "https://access.redhat.com/errata/RHSA-2008:0879", "type": "redhat", "title": "(RHSA-2008:0879) Critical: firefox security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}