{"id": "SECURITYVULNS:DOC:21046", "bulletinFamily": "software", "title": "Mozilla Foundation Security Advisory 2008-63", "description": "Mozilla Foundation Security Advisory 2008-63\r\n\r\nTitle: User tracking via XUL persist attribute\r\nImpact: Low\r\nAnnounced: December 16, 2008\r\nReporter: Hish\r\nProducts: Firefox\r\n\r\nFixed in: Firefox 3.0.5\r\nDescription\r\n\r\nSecurity researcher Hish reported that the persist attribute in XUL elements can be used to store cookie-like information on a user's computer which could later be read by a website. This creates a privacy issue for users who have a non-standard cookie preference and wish to prevent sites from setting cookies on their machine. Even with cookies turned off, this issue could be used by a website to write persistent data in a user's browser and track the user across browsing sessions. Additionally, this issue could allow a website to bypass the limits normally placed on cookie size and number.\r\nReferences\r\n\r\n * https://bugzilla.mozilla.org/show_bug.cgi?id=295994\r\n * CVE-2008-5505\r\n", "published": "2008-12-18T00:00:00", "modified": "2008-12-18T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:21046", "reporter": "Securityvulns", "references": [], "cvelist": ["CVE-2008-5505"], "type": "securityvulns", "lastseen": "2018-08-31T11:10:28", "edition": 1, "viewCount": 4, "enchantments": {"score": {"value": 6.2, "vector": "NONE", "modified": "2018-08-31T11:10:28", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2008-5505"]}, {"type": "openvas", "idList": ["OPENVAS:860444", "OPENVAS:860942", "OPENVAS:860880", "OPENVAS:860085", "OPENVAS:860970", "OPENVAS:860081", "OPENVAS:860707", "OPENVAS:860777", "OPENVAS:860969", "OPENVAS:860771"]}, {"type": "centos", "idList": ["CESA-2008:1036"]}, {"type": "redhat", "idList": ["RHSA-2008:1036"]}, {"type": "oraclelinux", "idList": ["ELSA-2008-1036"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:9527"]}, {"type": "suse", "idList": ["SUSE-SA:2009:002", "SUSE-SA:2008:058"]}, {"type": "nessus", "idList": ["UBUNTU_USN-690-1.NASL", "SUSE_11_0_MOZILLAFIREFOX-081218.NASL", "FEDORA_2008-11598.NASL", "UBUNTU_USN-690-2.NASL", "MANDRIVA_MDVSA-2008-245.NASL", "UBUNTU_USN-690-3.NASL", "FREEBSD_PKG_29F5BFC5CE0411DDA7210030843D3802.NASL", "CENTOS_RHSA-2008-1036.NASL", "SL_20081216_FIREFOX_ON_SL4_X.NASL", "FEDORA_2008-11511.NASL"]}, {"type": "ubuntu", "idList": ["USN-690-1"]}, {"type": "freebsd", "idList": ["29F5BFC5-CE04-11DD-A721-0030843D3802"]}, {"type": "gentoo", "idList": ["GLSA-201301-01"]}], "modified": "2018-08-31T11:10:28", "rev": 2}, "vulnersScore": 6.2}, "affectedSoftware": [], "immutableFields": []}

{"cve": [{"lastseen": "2021-02-02T05:35:19", "description": "Mozilla Firefox 3.x before 3.0.5 allows remote attackers to bypass intended privacy restrictions by using the persist attribute in an XUL element to create and access data entities that are similar to cookies.", "edition": 6, "cvss3": {}, "published": "2008-12-17T23:30:00", "title": "CVE-2008-5505", "type": "cve", "cwe": ["CWE-264"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-5505"], "modified": "2018-10-03T21:56:00", "cpe": ["cpe:/a:mozilla:firefox:3.0.2", "cpe:/a:mozilla:firefox:3.0.4", "cpe:/a:mozilla:firefox:3.0.3", "cpe:/a:mozilla:firefox:3.0", "cpe:/a:mozilla:firefox:3.0.1"], "id": "CVE-2008-5505", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5505", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:mozilla:firefox:3.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.3:*:*:*:*:*:*:*"]}], "fedora": [{"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2008-5500", "CVE-2008-5501", "CVE-2008-5502", "CVE-2008-5505", "CVE-2008-5506", "CVE-2008-5507", "CVE-2008-5508", "CVE-2008-5510", "CVE-2008-5511", "CVE-2008-5512", "CVE-2008-5513"], "description": "Epiphany is a simple GNOME web browser based on the Mozilla rendering engine. ", "modified": "2008-12-21T08:30:35", "published": "2008-12-21T08:30:35", "id": "FEDORA:4FD882086F7", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 10 Update: epiphany-2.24.1-3.fc10", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2008-5500", "CVE-2008-5501", "CVE-2008-5502", "CVE-2008-5505", "CVE-2008-5506", "CVE-2008-5507", "CVE-2008-5508", "CVE-2008-5510", "CVE-2008-5511", "CVE-2008-5512", "CVE-2008-5513"], "description": "This is an evolution plugin which enables evolution to read rss feeds. ", "modified": "2008-12-21T08:37:20", "published": "2008-12-21T08:37:20", "id": "FEDORA:D654E208DB6", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 9 Update: evolution-rss-0.1.0-5.fc9", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2008-5500", "CVE-2008-5501", "CVE-2008-5502", "CVE-2008-5505", "CVE-2008-5506", "CVE-2008-5507", "CVE-2008-5508", "CVE-2008-5510", "CVE-2008-5511", "CVE-2008-5512", "CVE-2008-5513"], "description": "A gtk2 chm document viewer. It uses chmlib to extract files. It uses gecko to display pages. It supports displaying multilingual pages due to gecko. It features bookmarks and tabs. The tabs could be used to jump inside the chm file conveniently. Its UI is clean and handy, also is well localized. It is actively developed and maintained. The author of chmsee is Jungle Ji and several other great peopl e. Hint * Unlike other chm viewers, chmsee extracts files from chm file, and then r ead and display them. The extracted files could be found in $HOME/.chmsee/books helf directory. You can clean those files at any time and there is a special con fig option for that. * The bookmark is related to each file so not all bookmarks will be loaded, only current file's. * Try to remove $HOME/.chmsee if you encounter any problem after an upgrade. ", "modified": "2008-12-21T08:37:20", "published": "2008-12-21T08:37:20", "id": "FEDORA:D0F30208DB4", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 9 Update: chmsee-1.0.1-7.fc9", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2008-5500", "CVE-2008-5501", "CVE-2008-5502", "CVE-2008-5505", "CVE-2008-5506", "CVE-2008-5507", "CVE-2008-5508", "CVE-2008-5510", "CVE-2008-5511", "CVE-2008-5512", "CVE-2008-5513"], "description": "Kazehakase is a Web browser which aims to provide a user interface that is truly user-friendly & fully customizable. This package uses Gecko for HTML rendering engine. ", "modified": "2008-12-21T08:30:35", "published": "2008-12-21T08:30:35", "id": "FEDORA:99093208D5E", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 10 Update: kazehakase-0.5.6-1.fc10.2", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2008-5500", "CVE-2008-5501", "CVE-2008-5502", "CVE-2008-5505", "CVE-2008-5506", "CVE-2008-5507", "CVE-2008-5508", "CVE-2008-5510", "CVE-2008-5511", "CVE-2008-5512", "CVE-2008-5513"], "description": "Yelp is the Gnome 2 help/documentation browser. It is designed to help you browse all the documentation on your system in one central tool. ", "modified": "2008-12-21T08:30:35", "published": "2008-12-21T08:30:35", "id": "FEDORA:BE020208D9F", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 10 Update: yelp-2.24.0-4.fc10", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2008-5500", "CVE-2008-5501", "CVE-2008-5502", "CVE-2008-5505", "CVE-2008-5506", "CVE-2008-5507", "CVE-2008-5508", "CVE-2008-5510", "CVE-2008-5511", "CVE-2008-5512", "CVE-2008-5513"], "description": "This is a set of bindings for the GNOME-2.x libraries for use from Ruby. ", "modified": "2008-12-21T08:37:20", "published": "2008-12-21T08:37:20", "id": "FEDORA:0C995208DC1", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 9 Update: ruby-gnome2-0.17.0-4.fc9", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2008-5500", "CVE-2008-5501", "CVE-2008-5502", "CVE-2008-5505", "CVE-2008-5506", "CVE-2008-5507", "CVE-2008-5508", "CVE-2008-5510", "CVE-2008-5511", "CVE-2008-5512", "CVE-2008-5513"], "description": "gnome-web-photo contains a thumbnailer that will be used by GNOME applicati ons, including the file manager, to generate screenshots of web pages. ", "modified": "2008-12-21T08:37:20", "published": "2008-12-21T08:37:20", "id": "FEDORA:E1D56208DB8", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 9 Update: gnome-web-photo-0.3-16.fc9", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2008-5500", "CVE-2008-5501", "CVE-2008-5502", "CVE-2008-5505", "CVE-2008-5506", "CVE-2008-5507", "CVE-2008-5508", "CVE-2008-5510", "CVE-2008-5511", "CVE-2008-5512", "CVE-2008-5513"], "description": "Blam is a tool that helps you keep track of the growing number of news feeds distributed as RSS. Blam lets you subscribe to any number of feeds and provides an easy to use and clean interface to stay up to date ", "modified": "2008-12-21T08:30:35", "published": "2008-12-21T08:30:35", "id": "FEDORA:6166820874A", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 10 Update: blam-1.8.5-5.fc10", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2008-5500", "CVE-2008-5501", "CVE-2008-5502", "CVE-2008-5505", "CVE-2008-5506", "CVE-2008-5507", "CVE-2008-5508", "CVE-2008-5510", "CVE-2008-5511", "CVE-2008-5512", "CVE-2008-5513"], "description": "XULRunner provides the XUL Runtime environment for Gecko applications. ", "modified": "2008-12-21T08:37:20", "published": "2008-12-21T08:37:20", "id": "FEDORA:86629208DAD", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 9 Update: xulrunner-1.9.0.5-1.fc9", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2008-5500", "CVE-2008-5501", "CVE-2008-5502", "CVE-2008-5505", "CVE-2008-5506", "CVE-2008-5507", "CVE-2008-5508", "CVE-2008-5510", "CVE-2008-5511", "CVE-2008-5512", "CVE-2008-5513"], "description": "Yelp is the Gnome 2 help/documentation browser. It is designed to help you browse all the documentation on your system in one central tool. ", "modified": "2008-12-21T08:37:20", "published": "2008-12-21T08:37:20", "id": "FEDORA:1260C208DC3", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 9 Update: yelp-2.22.1-7.fc9", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2021-01-07T11:52:00", "description": "Security vulnerabilities have been discovered and corrected in the\nlatest Mozilla Firefox 3.x, version 3.0.5 (CVE-2008-5500,\nCVE-2008-5501, CVE-2008-5502, CVE-2008-5505, CVE-2008-5506,\nCVE-2008-5507, CVE-2008-5508, CVE-2008-5510, CVE-2008-5511,\nCVE-2008-5512, CVE-2008-5513).\n\nThis update provides the latest Mozilla Firefox 3.x to correct these\nissues.", "edition": 27, "published": "2009-04-23T00:00:00", "title": "Mandriva Linux Security Advisory : firefox (MDVSA-2008:245)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-5505", "CVE-2008-5500", "CVE-2008-5510", "CVE-2008-5502", "CVE-2008-5513", "CVE-2008-5512", "CVE-2008-5501", "CVE-2008-5511", "CVE-2008-5508", "CVE-2008-5507", "CVE-2008-5506"], "modified": "2009-04-23T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:firefox-mn", "p-cpe:/a:mandriva:linux:firefox-zh_CN", "p-cpe:/a:mandriva:linux:epiphany-devel", "p-cpe:/a:mandriva:linux:lib64devhelp-1_0", "p-cpe:/a:mandriva:linux:libxulrunner-devel", "p-cpe:/a:mandriva:linux:firefox-sv_SE", "p-cpe:/a:mandriva:linux:firefox-sk", "p-cpe:/a:mandriva:linux:gnome-python-gtkmozembed", "p-cpe:/a:mandriva:linux:firefox-eu", "p-cpe:/a:mandriva:linux:libxulrunner1.9", "p-cpe:/a:mandriva:linux:firefox-oc", "p-cpe:/a:mandriva:linux:firefox-ext-beagle", "p-cpe:/a:mandriva:linux:firefox-de", "p-cpe:/a:mandriva:linux:firefox-id", "p-cpe:/a:mandriva:linux:firefox", "p-cpe:/a:mandriva:linux:beagle-doc", "p-cpe:/a:mandriva:linux:lib64xulrunner1.9", "p-cpe:/a:mandriva:linux:libdevhelp-1-devel", "p-cpe:/a:mandriva:linux:firefox-sl", "p-cpe:/a:mandriva:linux:firefox-es_ES", "p-cpe:/a:mandriva:linux:firefox-el", "p-cpe:/a:mandriva:linux:libdevhelp-1_0", "p-cpe:/a:mandriva:linux:lib64xulrunner-devel", "p-cpe:/a:mandriva:linux:xulrunner", "cpe:/o:mandriva:linux:2009.0", "p-cpe:/a:mandriva:linux:firefox-gl", "p-cpe:/a:mandriva:linux:firefox-fi", "p-cpe:/a:mandriva:linux:firefox-be", "p-cpe:/a:mandriva:linux:firefox-af", "p-cpe:/a:mandriva:linux:firefox-ja", "p-cpe:/a:mandriva:linux:devhelp-plugins", "p-cpe:/a:mandriva:linux:firefox-ku", "p-cpe:/a:mandriva:linux:gnome-python-gda", "p-cpe:/a:mandriva:linux:gnome-python-gtkhtml2", "p-cpe:/a:mandriva:linux:firefox-is", "p-cpe:/a:mandriva:linux:firefox-lv", "p-cpe:/a:mandriva:linux:firefox-pa_IN", "p-cpe:/a:mandriva:linux:firefox-tr", "p-cpe:/a:mandriva:linux:firefox-ga_IE", "p-cpe:/a:mandriva:linux:yelp", "p-cpe:/a:mandriva:linux:firefox-nl", "p-cpe:/a:mandriva:linux:firefox-lt", "p-cpe:/a:mandriva:linux:mozilla-firefox-ext-scribefire", "p-cpe:/a:mandriva:linux:firefox-ext-mozvoikko", "p-cpe:/a:mandriva:linux:firefox-ro", "p-cpe:/a:mandriva:linux:firefox-it", "p-cpe:/a:mandriva:linux:beagle-epiphany", "p-cpe:/a:mandriva:linux:firefox-theme-kde4ff", "p-cpe:/a:mandriva:linux:beagle-evolution", "p-cpe:/a:mandriva:linux:firefox-fy", "p-cpe:/a:mandriva:linux:firefox-es_AR", "p-cpe:/a:mandriva:linux:firefox-bn", "p-cpe:/a:mandriva:linux:firefox-sq", "p-cpe:/a:mandriva:linux:firefox-ka", "p-cpe:/a:mandriva:linux:firefox-ru", "p-cpe:/a:mandriva:linux:libxulrunner-unstable-devel", "p-cpe:/a:mandriva:linux:firefox-fr", "p-cpe:/a:mandriva:linux:firefox-zh_TW", "p-cpe:/a:mandriva:linux:firefox-te", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-beagle", "p-cpe:/a:mandriva:linux:firefox-mk", "p-cpe:/a:mandriva:linux:mozilla-firefox-ext-foxmarks", "p-cpe:/a:mandriva:linux:lib64devhelp-1-devel", "p-cpe:/a:mandriva:linux:firefox-ca", "p-cpe:/a:mandriva:linux:firefox-bg", "p-cpe:/a:mandriva:linux:firefox-et", "p-cpe:/a:mandriva:linux:epiphany", "p-cpe:/a:mandriva:linux:firefox-si", "p-cpe:/a:mandriva:linux:firefox-pt_PT", "p-cpe:/a:mandriva:linux:firefox-cy", "p-cpe:/a:mandriva:linux:beagle", "p-cpe:/a:mandriva:linux:firefox-ko", "p-cpe:/a:mandriva:linux:beagle-gui-qt", "p-cpe:/a:mandriva:linux:firefox-nb_NO", "p-cpe:/a:mandriva:linux:firefox-uk", "p-cpe:/a:mandriva:linux:devhelp", "p-cpe:/a:mandriva:linux:firefox-kn", "p-cpe:/a:mandriva:linux:beagle-libs", "p-cpe:/a:mandriva:linux:firefox-ar", "p-cpe:/a:mandriva:linux:firefox-nn_NO", "p-cpe:/a:mandriva:linux:firefox-pt_BR", "p-cpe:/a:mandriva:linux:gnome-python-gdl", "p-cpe:/a:mandriva:linux:firefox-da", "p-cpe:/a:mandriva:linux:firefox-hu", "p-cpe:/a:mandriva:linux:firefox-sr", "p-cpe:/a:mandriva:linux:firefox-pl", "p-cpe:/a:mandriva:linux:gnome-python-gda-devel", "p-cpe:/a:mandriva:linux:beagle-crawl-system", "p-cpe:/a:mandriva:linux:firefox-gu_IN", "p-cpe:/a:mandriva:linux:firefox-cs", "p-cpe:/a:mandriva:linux:gnome-python-extras", "p-cpe:/a:mandriva:linux:firefox-hi", "p-cpe:/a:mandriva:linux:firefox-th", "p-cpe:/a:mandriva:linux:mozilla-firefox-ext-blogrovr", "p-cpe:/a:mandriva:linux:firefox-en_GB", "p-cpe:/a:mandriva:linux:firefox-mr", "p-cpe:/a:mandriva:linux:lib64xulrunner-unstable-devel", "p-cpe:/a:mandriva:linux:firefox-he", "p-cpe:/a:mandriva:linux:beagle-gui", "p-cpe:/a:mandriva:linux:gnome-python-gtkspell"], "id": "MANDRIVA_MDVSA-2008-245.NASL", "href": "https://www.tenable.com/plugins/nessus/36473", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2008:245. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(36473);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2008-5500\",\n \"CVE-2008-5501\",\n \"CVE-2008-5502\",\n \"CVE-2008-5505\",\n \"CVE-2008-5506\",\n \"CVE-2008-5507\",\n \"CVE-2008-5508\",\n \"CVE-2008-5510\",\n \"CVE-2008-5511\",\n \"CVE-2008-5512\",\n \"CVE-2008-5513\"\n );\n script_bugtraq_id(32882);\n script_xref(name:\"MDVSA\", value:\"2008:245\");\n\n script_name(english:\"Mandriva Linux Security Advisory : firefox (MDVSA-2008:245)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security vulnerabilities have been discovered and corrected in the\nlatest Mozilla Firefox 3.x, version 3.0.5 (CVE-2008-5500,\nCVE-2008-5501, CVE-2008-5502, CVE-2008-5505, CVE-2008-5506,\nCVE-2008-5507, CVE-2008-5508, CVE-2008-5510, CVE-2008-5511,\nCVE-2008-5512, CVE-2008-5513).\n\nThis update provides the latest Mozilla Firefox 3.x to correct these\nissues.\"\n );\n # https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-3.0/#firefox3.0.5\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?825a27d0\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 79, 200, 264, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:beagle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:beagle-crawl-system\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:beagle-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:beagle-epiphany\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:beagle-evolution\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:beagle-gui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:beagle-gui-qt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:beagle-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:devhelp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:devhelp-plugins\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:epiphany\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:epiphany-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-af\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-ar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-be\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-bg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-bn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-ca\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-cs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-cy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-da\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-de\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-en_GB\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-es_AR\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-es_ES\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-et\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-eu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-ext-beagle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-ext-mozvoikko\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-fi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-fr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-fy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-ga_IE\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-gl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-gu_IN\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-he\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-hi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-hu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-id\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-is\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-it\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-ja\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-ka\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-kn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-ko\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-ku\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-lt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-lv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-mk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-mn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-mr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-nb_NO\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-nl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-nn_NO\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-oc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-pa_IN\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-pl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-pt_BR\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-pt_PT\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-ro\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-ru\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-si\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-sk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-sl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-sq\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-sr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-sv_SE\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-te\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-th\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-theme-kde4ff\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-tr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-uk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-zh_CN\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-zh_TW\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:gnome-python-extras\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:gnome-python-gda\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:gnome-python-gda-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:gnome-python-gdl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:gnome-python-gtkhtml2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:gnome-python-gtkmozembed\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:gnome-python-gtkspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64devhelp-1-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64devhelp-1_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64xulrunner-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64xulrunner-unstable-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64xulrunner1.9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libdevhelp-1-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libdevhelp-1_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libxulrunner-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libxulrunner-unstable-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libxulrunner1.9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-ext-blogrovr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-ext-foxmarks\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-ext-scribefire\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-beagle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xulrunner\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:yelp\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2009.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/12/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/04/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2009.0\", reference:\"beagle-0.3.8-13.4mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"beagle-crawl-system-0.3.8-13.4mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"beagle-doc-0.3.8-13.4mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"beagle-epiphany-0.3.8-13.4mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"beagle-evolution-0.3.8-13.4mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"beagle-gui-0.3.8-13.4mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"beagle-gui-qt-0.3.8-13.4mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"beagle-libs-0.3.8-13.4mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"devhelp-0.21-3.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"devhelp-plugins-0.21-3.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"epiphany-2.24.0.1-3.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"epiphany-devel-2.24.0.1-3.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-3.0.5-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-af-3.0.5-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-ar-3.0.5-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-be-3.0.5-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-bg-3.0.5-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-bn-3.0.5-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-ca-3.0.5-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-cs-3.0.5-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-cy-3.0.5-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-da-3.0.5-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-de-3.0.5-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-el-3.0.5-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-en_GB-3.0.5-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-es_AR-3.0.5-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-es_ES-3.0.5-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-et-3.0.5-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-eu-3.0.5-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-ext-beagle-0.3.8-13.4mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-ext-mozvoikko-0.9.5-4.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-fi-3.0.5-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-fr-3.0.5-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-fy-3.0.5-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-ga_IE-3.0.5-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-gl-3.0.5-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-gu_IN-3.0.5-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-he-3.0.5-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-hi-3.0.5-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-hu-3.0.5-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-id-3.0.5-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-is-3.0.5-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-it-3.0.5-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-ja-3.0.5-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-ka-3.0.5-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-kn-3.0.5-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-ko-3.0.5-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-ku-3.0.5-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-lt-3.0.5-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-lv-3.0.5-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-mk-3.0.5-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-mn-3.0.5-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-mr-3.0.5-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-nb_NO-3.0.5-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-nl-3.0.5-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-nn_NO-3.0.5-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-oc-3.0.5-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-pa_IN-3.0.5-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-pl-3.0.5-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-pt_BR-3.0.5-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-pt_PT-3.0.5-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-ro-3.0.5-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-ru-3.0.5-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-si-3.0.5-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-sk-3.0.5-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-sl-3.0.5-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-sq-3.0.5-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-sr-3.0.5-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-sv_SE-3.0.5-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-te-3.0.5-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-th-3.0.5-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-theme-kde4ff-0.14-4.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-tr-3.0.5-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-uk-3.0.5-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-zh_CN-3.0.5-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-zh_TW-3.0.5-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"gnome-python-extras-2.19.1-20.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"gnome-python-gda-2.19.1-20.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"gnome-python-gda-devel-2.19.1-20.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"gnome-python-gdl-2.19.1-20.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"gnome-python-gtkhtml2-2.19.1-20.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"gnome-python-gtkmozembed-2.19.1-20.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"gnome-python-gtkspell-2.19.1-20.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64devhelp-1-devel-0.21-3.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64devhelp-1_0-0.21-3.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64xulrunner-devel-1.9.0.5-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64xulrunner-unstable-devel-1.9.0.5-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64xulrunner1.9-1.9.0.5-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libdevhelp-1-devel-0.21-3.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libdevhelp-1_0-0.21-3.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libxulrunner-devel-1.9.0.5-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libxulrunner-unstable-devel-1.9.0.5-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libxulrunner1.9-1.9.0.5-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mozilla-firefox-ext-blogrovr-1.1.779-5.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mozilla-firefox-ext-foxmarks-2.1.0.12-2.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mozilla-firefox-ext-scribefire-2.3.1-2.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mozilla-thunderbird-beagle-0.3.8-13.4mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"xulrunner-1.9.0.5-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"yelp-2.24.0-3.2mdv2009.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T14:03:47", "description": "The Mozilla Firefox browser was updated to version 3.0.5, fixing\nvarious security issues and stability problems.\n\nThe following security issues were fixed :\n\nMFSA 2008-69 / CVE-2008-5513: Mozilla security researcher moz_bug_r_a4\nreported vulnerabilities in the session-restore feature by which\ncontent could be injected into an incorrect document storage location,\nincluding storage locations for other domains. An attacker could\nutilize these issues to violate the browser's same-origin policy and\nperform an XSS attack while SessionStore data is being restored.\nmoz_bug_r_a4 also reported that one variant could be used by an\nattacker to run arbitrary JavaScript with chrome privileges.\n\nMFSA 2008-68 / CVE-2008-5512 / CVE-2008-5511: Mozilla security\nresearcher moz_bug_r_a4 reported that an XBL binding, when attached to\nan unloaded document, can be used to violate the same-origin policy\nand execute arbitrary JavaScript within the context of a different\nwebsite. moz_bug_r_a4 also reported two vulnerabilities by which page\ncontent can pollute XPCNativeWrappers and run arbitary JavaScript with\nchrome priviliges. Thunderbird shares the browser engine with Firefox\nand could be vulnerable if JavaScript were to be enabled in mail. This\nis not the default setting and we strongly discourage users from\nrunning JavaScript in mail. Workaround Disable JavaScript until a\nversion containing these fixes can be installed.\n\nMFSA 2008-67 / CVE-2008-5510: Kojima Hajime reported that unlike\nliteral null characters which were handled correctly, the escaped form\n'\\0' was ignored by the CSS parser and treated as if it was not\npresent in the CSS input string. This issue could potentially be used\nto bypass script sanitization routines in web applications. The\nseverity of this issue was determined to be low.\n\nMFSA 2008-66 / CVE-2008-5508: Perl developer Chip Salzenberg reported\nthat certain control characters, when placed at the beginning of a\nURL, would lead to incorrect parsing resulting in a malformed URL\nbeing output by the parser. IBM researchers Justin Schuh, Tom Cross,\nand Peter William also reported a related symptom as part of their\nresearch that resulted in MFSA 2008-37. There was no direct security\nimpact from this issue and its effect was limited to the improper\nrendering of hyperlinks containing specific characters. The severity\nof this issue was determined to be low.\n\nMFSA 2008-65 / CVE-2008-5507: Google security researcher Chris Evans\nreported that a website could access a limited amount of data from a\ndifferent domain by loading a same-domain JavaScript URL which\nredirects to an off-domain target resource containing data which is\nnot parsable as JavaScript. Upon attempting to load the data as\nJavaScript a syntax error is generated that can reveal some of the\nfile context via the window.onerror DOM API. This issue could be used\nby a malicious website to steal private data from users who are\nauthenticated on the redirected website. How much data could be at\nrisk would depend on the format of the data and how the JavaScript\nparser attempts to interpret it. For most files the amount of data\nthat can be recovered would be limited to the first word or two. Some\ndata files might allow deeper probing with repeated loads. Thunderbird\nshares the browser engine with Firefox and could be vulnerable if\nJavaScript were to be enabled in mail. This is not the default setting\nand we strongly discourage users from running JavaScript in mail.\nWorkaround Disable JavaScript until a version containing these fixes\ncan be installed.\n\nMFSA 2008-64 / CVE-2008-5506: Marius Schilder of Google Security\nreported that when a XMLHttpRequest is made to a same-origin resource\nwhich 302 redirects to a resource in a different domain, the response\nfrom the cross-domain resource is readable by the site issuing the\nXHR. Cookies marked HttpOnly were not readable, but other potentially\nsensitive data could be revealed in the XHR response including URL\nparameters and content in the response body. Thunderbird shares the\nbrowser engine with Firefox and could be vulnerable if JavaScript were\nto be enabled in mail. This is not the default setting and we strongly\ndiscourage users from running JavaScript in mail. Workaround Disable\nJavaScript until a version containing these fixes can be installed.\n\nMFSA 2008-63 / CVE-2008-5505: Security researcher Hish reported that\nthe persist attribute in XUL elements can be used to store cookie-like\ninformation on a user's computer which could later be read by a\nwebsite. This creates a privacy issue for users who have a\nnon-standard cookie preference and wish to prevent sites from setting\ncookies on their machine. Even with cookies turned off, this issue\ncould be used by a website to write persistent data in a user's\nbrowser and track the user across browsing sessions. Additionally,\nthis issue could allow a website to bypass the limits normally placed\non cookie size and number.\n\nMFSA 2008-60 / CVE-2008-5502 / CVE-2008-5501 / CVE-2008-5500: Mozilla\ndevelopers identified and fixed several stability bugs in the browser\nengine used in Firefox and other Mozilla-based products. Some of these\ncrashes showed evidence of memory corruption under certain\ncircumstances and we presume that with enough effort at least some of\nthese could be exploited to run arbitrary code. Thunderbird shares the\nbrowser engine with Firefox and could be vulnerable if JavaScript were\nto be enabled in mail. This is not the default setting and we strongly\ndiscourage users from running JavaScript in mail. Without further\ninvestigation we cannot rule out the possibility that for some of\nthese an attacker might be able to prepare memory for exploitation\nthrough some means other than JavaScript such as large images.\nWorkaround Disable JavaScript until a version containing these fixes\ncan be installed.", "edition": 25, "published": "2009-07-21T00:00:00", "title": "openSUSE Security Update : MozillaFirefox (MozillaFirefox-381)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-5505", "CVE-2008-5500", "CVE-2008-5510", "CVE-2008-5502", "CVE-2008-5513", "CVE-2008-5512", "CVE-2008-5501", "CVE-2008-5511", "CVE-2008-5508", "CVE-2008-5507", "CVE-2008-5506"], "modified": "2009-07-21T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:MozillaFirefox-translations", "cpe:/o:novell:opensuse:11.1", "p-cpe:/a:novell:opensuse:MozillaFirefox"], "id": "SUSE_11_1_MOZILLAFIREFOX-081218.NASL", "href": "https://www.tenable.com/plugins/nessus/40168", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update MozillaFirefox-381.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(40168);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-5500\", \"CVE-2008-5501\", \"CVE-2008-5502\", \"CVE-2008-5505\", \"CVE-2008-5506\", \"CVE-2008-5507\", \"CVE-2008-5508\", \"CVE-2008-5510\", \"CVE-2008-5511\", \"CVE-2008-5512\", \"CVE-2008-5513\");\n\n script_name(english:\"openSUSE Security Update : MozillaFirefox (MozillaFirefox-381)\");\n script_summary(english:\"Check for the MozillaFirefox-381 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Mozilla Firefox browser was updated to version 3.0.5, fixing\nvarious security issues and stability problems.\n\nThe following security issues were fixed :\n\nMFSA 2008-69 / CVE-2008-5513: Mozilla security researcher moz_bug_r_a4\nreported vulnerabilities in the session-restore feature by which\ncontent could be injected into an incorrect document storage location,\nincluding storage locations for other domains. An attacker could\nutilize these issues to violate the browser's same-origin policy and\nperform an XSS attack while SessionStore data is being restored.\nmoz_bug_r_a4 also reported that one variant could be used by an\nattacker to run arbitrary JavaScript with chrome privileges.\n\nMFSA 2008-68 / CVE-2008-5512 / CVE-2008-5511: Mozilla security\nresearcher moz_bug_r_a4 reported that an XBL binding, when attached to\nan unloaded document, can be used to violate the same-origin policy\nand execute arbitrary JavaScript within the context of a different\nwebsite. moz_bug_r_a4 also reported two vulnerabilities by which page\ncontent can pollute XPCNativeWrappers and run arbitary JavaScript with\nchrome priviliges. Thunderbird shares the browser engine with Firefox\nand could be vulnerable if JavaScript were to be enabled in mail. This\nis not the default setting and we strongly discourage users from\nrunning JavaScript in mail. Workaround Disable JavaScript until a\nversion containing these fixes can be installed.\n\nMFSA 2008-67 / CVE-2008-5510: Kojima Hajime reported that unlike\nliteral null characters which were handled correctly, the escaped form\n'\\0' was ignored by the CSS parser and treated as if it was not\npresent in the CSS input string. This issue could potentially be used\nto bypass script sanitization routines in web applications. The\nseverity of this issue was determined to be low.\n\nMFSA 2008-66 / CVE-2008-5508: Perl developer Chip Salzenberg reported\nthat certain control characters, when placed at the beginning of a\nURL, would lead to incorrect parsing resulting in a malformed URL\nbeing output by the parser. IBM researchers Justin Schuh, Tom Cross,\nand Peter William also reported a related symptom as part of their\nresearch that resulted in MFSA 2008-37. There was no direct security\nimpact from this issue and its effect was limited to the improper\nrendering of hyperlinks containing specific characters. The severity\nof this issue was determined to be low.\n\nMFSA 2008-65 / CVE-2008-5507: Google security researcher Chris Evans\nreported that a website could access a limited amount of data from a\ndifferent domain by loading a same-domain JavaScript URL which\nredirects to an off-domain target resource containing data which is\nnot parsable as JavaScript. Upon attempting to load the data as\nJavaScript a syntax error is generated that can reveal some of the\nfile context via the window.onerror DOM API. This issue could be used\nby a malicious website to steal private data from users who are\nauthenticated on the redirected website. How much data could be at\nrisk would depend on the format of the data and how the JavaScript\nparser attempts to interpret it. For most files the amount of data\nthat can be recovered would be limited to the first word or two. Some\ndata files might allow deeper probing with repeated loads. Thunderbird\nshares the browser engine with Firefox and could be vulnerable if\nJavaScript were to be enabled in mail. This is not the default setting\nand we strongly discourage users from running JavaScript in mail.\nWorkaround Disable JavaScript until a version containing these fixes\ncan be installed.\n\nMFSA 2008-64 / CVE-2008-5506: Marius Schilder of Google Security\nreported that when a XMLHttpRequest is made to a same-origin resource\nwhich 302 redirects to a resource in a different domain, the response\nfrom the cross-domain resource is readable by the site issuing the\nXHR. Cookies marked HttpOnly were not readable, but other potentially\nsensitive data could be revealed in the XHR response including URL\nparameters and content in the response body. Thunderbird shares the\nbrowser engine with Firefox and could be vulnerable if JavaScript were\nto be enabled in mail. This is not the default setting and we strongly\ndiscourage users from running JavaScript in mail. Workaround Disable\nJavaScript until a version containing these fixes can be installed.\n\nMFSA 2008-63 / CVE-2008-5505: Security researcher Hish reported that\nthe persist attribute in XUL elements can be used to store cookie-like\ninformation on a user's computer which could later be read by a\nwebsite. This creates a privacy issue for users who have a\nnon-standard cookie preference and wish to prevent sites from setting\ncookies on their machine. Even with cookies turned off, this issue\ncould be used by a website to write persistent data in a user's\nbrowser and track the user across browsing sessions. Additionally,\nthis issue could allow a website to bypass the limits normally placed\non cookie size and number.\n\nMFSA 2008-60 / CVE-2008-5502 / CVE-2008-5501 / CVE-2008-5500: Mozilla\ndevelopers identified and fixed several stability bugs in the browser\nengine used in Firefox and other Mozilla-based products. Some of these\ncrashes showed evidence of memory corruption under certain\ncircumstances and we presume that with enough effort at least some of\nthese could be exploited to run arbitrary code. Thunderbird shares the\nbrowser engine with Firefox and could be vulnerable if JavaScript were\nto be enabled in mail. This is not the default setting and we strongly\ndiscourage users from running JavaScript in mail. Without further\ninvestigation we cannot rule out the possibility that for some of\nthese an attacker might be able to prepare memory for exploitation\nthrough some means other than JavaScript such as large images.\nWorkaround Disable JavaScript until a version containing these fixes\ncan be installed.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=455804\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected MozillaFirefox packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(20, 79, 200, 264, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-translations\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/12/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/07/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.1\", reference:\"MozillaFirefox-3.0.5-1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"MozillaFirefox-translations-3.0.5-1.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MozillaFirefox\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T14:02:50", "description": "The Mozilla Firefox browser was updated to version 3.0.5, fixing\nvarious security issues and stability problems.\n\nThe following security issues were fixed :\n\nMFSA 2008-69 / CVE-2008-5513: Mozilla security researcher moz_bug_r_a4\nreported vulnerabilities in the session-restore feature by which\ncontent could be injected into an incorrect document storage location,\nincluding storage locations for other domains. An attacker could\nutilize these issues to violate the browser's same-origin policy and\nperform an XSS attack while SessionStore data is being restored.\nmoz_bug_r_a4 also reported that one variant could be used by an\nattacker to run arbitrary JavaScript with chrome privileges.\n\nMFSA 2008-68 / CVE-2008-5512 / CVE-2008-5511: Mozilla security\nresearcher moz_bug_r_a4 reported that an XBL binding, when attached to\nan unloaded document, can be used to violate the same-origin policy\nand execute arbitrary JavaScript within the context of a different\nwebsite. moz_bug_r_a4 also reported two vulnerabilities by which page\ncontent can pollute XPCNativeWrappers and run arbitary JavaScript with\nchrome priviliges. Thunderbird shares the browser engine with Firefox\nand could be vulnerable if JavaScript were to be enabled in mail. This\nis not the default setting and we strongly discourage users from\nrunning JavaScript in mail. Workaround Disable JavaScript until a\nversion containing these fixes can be installed.\n\nMFSA 2008-67 / CVE-2008-5510: Kojima Hajime reported that unlike\nliteral null characters which were handled correctly, the escaped form\n'\\0' was ignored by the CSS parser and treated as if it was not\npresent in the CSS input string. This issue could potentially be used\nto bypass script sanitization routines in web applications. The\nseverity of this issue was determined to be low.\n\nMFSA 2008-66 / CVE-2008-5508: Perl developer Chip Salzenberg reported\nthat certain control characters, when placed at the beginning of a\nURL, would lead to incorrect parsing resulting in a malformed URL\nbeing output by the parser. IBM researchers Justin Schuh, Tom Cross,\nand Peter William also reported a related symptom as part of their\nresearch that resulted in MFSA 2008-37. There was no direct security\nimpact from this issue and its effect was limited to the improper\nrendering of hyperlinks containing specific characters. The severity\nof this issue was determined to be low.\n\nMFSA 2008-65 / CVE-2008-5507: Google security researcher Chris Evans\nreported that a website could access a limited amount of data from a\ndifferent domain by loading a same-domain JavaScript URL which\nredirects to an off-domain target resource containing data which is\nnot parsable as JavaScript. Upon attempting to load the data as\nJavaScript a syntax error is generated that can reveal some of the\nfile context via the window.onerror DOM API. This issue could be used\nby a malicious website to steal private data from users who are\nauthenticated on the redirected website. How much data could be at\nrisk would depend on the format of the data and how the JavaScript\nparser attempts to interpret it. For most files the amount of data\nthat can be recovered would be limited to the first word or two. Some\ndata files might allow deeper probing with repeated loads. Thunderbird\nshares the browser engine with Firefox and could be vulnerable if\nJavaScript were to be enabled in mail. This is not the default setting\nand we strongly discourage users from running JavaScript in mail.\nWorkaround Disable JavaScript until a version containing these fixes\ncan be installed.\n\nMFSA 2008-64 / CVE-2008-5506: Marius Schilder of Google Security\nreported that when a XMLHttpRequest is made to a same-origin resource\nwhich 302 redirects to a resource in a different domain, the response\nfrom the cross-domain resource is readable by the site issuing the\nXHR. Cookies marked HttpOnly were not readable, but other potentially\nsensitive data could be revealed in the XHR response including URL\nparameters and content in the response body. Thunderbird shares the\nbrowser engine with Firefox and could be vulnerable if JavaScript were\nto be enabled in mail. This is not the default setting and we strongly\ndiscourage users from running JavaScript in mail. Workaround Disable\nJavaScript until a version containing these fixes can be installed.\n\nMFSA 2008-63 / CVE-2008-5505: Security researcher Hish reported that\nthe persist attribute in XUL elements can be used to store cookie-like\ninformation on a user's computer which could later be read by a\nwebsite. This creates a privacy issue for users who have a\nnon-standard cookie preference and wish to prevent sites from setting\ncookies on their machine. Even with cookies turned off, this issue\ncould be used by a website to write persistent data in a user's\nbrowser and track the user across browsing sessions. Additionally,\nthis issue could allow a website to bypass the limits normally placed\non cookie size and number.\n\nMFSA 2008-60 / CVE-2008-5502 / CVE-2008-5501 / CVE-2008-5500: Mozilla\ndevelopers identified and fixed several stability bugs in the browser\nengine used in Firefox and other Mozilla-based products. Some of these\ncrashes showed evidence of memory corruption under certain\ncircumstances and we presume that with enough effort at least some of\nthese could be exploited to run arbitrary code. Thunderbird shares the\nbrowser engine with Firefox and could be vulnerable if JavaScript were\nto be enabled in mail. This is not the default setting and we strongly\ndiscourage users from running JavaScript in mail. Without further\ninvestigation we cannot rule out the possibility that for some of\nthese an attacker might be able to prepare memory for exploitation\nthrough some means other than JavaScript such as large images.\nWorkaround Disable JavaScript until a version containing these fixes\ncan be installed.", "edition": 25, "published": "2009-07-21T00:00:00", "title": "openSUSE Security Update : MozillaFirefox (MozillaFirefox-381)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-5505", "CVE-2008-5500", "CVE-2008-5510", "CVE-2008-5502", "CVE-2008-5513", "CVE-2008-5512", "CVE-2008-5501", "CVE-2008-5511", "CVE-2008-5508", "CVE-2008-5507", "CVE-2008-5506"], "modified": "2009-07-21T00:00:00", "cpe": ["cpe:/o:novell:opensuse:11.0", "p-cpe:/a:novell:opensuse:MozillaFirefox-translations", "p-cpe:/a:novell:opensuse:MozillaFirefox"], "id": "SUSE_11_0_MOZILLAFIREFOX-081218.NASL", "href": "https://www.tenable.com/plugins/nessus/39885", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update MozillaFirefox-381.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(39885);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-5500\", \"CVE-2008-5501\", \"CVE-2008-5502\", \"CVE-2008-5505\", \"CVE-2008-5506\", \"CVE-2008-5507\", \"CVE-2008-5508\", \"CVE-2008-5510\", \"CVE-2008-5511\", \"CVE-2008-5512\", \"CVE-2008-5513\");\n\n script_name(english:\"openSUSE Security Update : MozillaFirefox (MozillaFirefox-381)\");\n script_summary(english:\"Check for the MozillaFirefox-381 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Mozilla Firefox browser was updated to version 3.0.5, fixing\nvarious security issues and stability problems.\n\nThe following security issues were fixed :\n\nMFSA 2008-69 / CVE-2008-5513: Mozilla security researcher moz_bug_r_a4\nreported vulnerabilities in the session-restore feature by which\ncontent could be injected into an incorrect document storage location,\nincluding storage locations for other domains. An attacker could\nutilize these issues to violate the browser's same-origin policy and\nperform an XSS attack while SessionStore data is being restored.\nmoz_bug_r_a4 also reported that one variant could be used by an\nattacker to run arbitrary JavaScript with chrome privileges.\n\nMFSA 2008-68 / CVE-2008-5512 / CVE-2008-5511: Mozilla security\nresearcher moz_bug_r_a4 reported that an XBL binding, when attached to\nan unloaded document, can be used to violate the same-origin policy\nand execute arbitrary JavaScript within the context of a different\nwebsite. moz_bug_r_a4 also reported two vulnerabilities by which page\ncontent can pollute XPCNativeWrappers and run arbitary JavaScript with\nchrome priviliges. Thunderbird shares the browser engine with Firefox\nand could be vulnerable if JavaScript were to be enabled in mail. This\nis not the default setting and we strongly discourage users from\nrunning JavaScript in mail. Workaround Disable JavaScript until a\nversion containing these fixes can be installed.\n\nMFSA 2008-67 / CVE-2008-5510: Kojima Hajime reported that unlike\nliteral null characters which were handled correctly, the escaped form\n'\\0' was ignored by the CSS parser and treated as if it was not\npresent in the CSS input string. This issue could potentially be used\nto bypass script sanitization routines in web applications. The\nseverity of this issue was determined to be low.\n\nMFSA 2008-66 / CVE-2008-5508: Perl developer Chip Salzenberg reported\nthat certain control characters, when placed at the beginning of a\nURL, would lead to incorrect parsing resulting in a malformed URL\nbeing output by the parser. IBM researchers Justin Schuh, Tom Cross,\nand Peter William also reported a related symptom as part of their\nresearch that resulted in MFSA 2008-37. There was no direct security\nimpact from this issue and its effect was limited to the improper\nrendering of hyperlinks containing specific characters. The severity\nof this issue was determined to be low.\n\nMFSA 2008-65 / CVE-2008-5507: Google security researcher Chris Evans\nreported that a website could access a limited amount of data from a\ndifferent domain by loading a same-domain JavaScript URL which\nredirects to an off-domain target resource containing data which is\nnot parsable as JavaScript. Upon attempting to load the data as\nJavaScript a syntax error is generated that can reveal some of the\nfile context via the window.onerror DOM API. This issue could be used\nby a malicious website to steal private data from users who are\nauthenticated on the redirected website. How much data could be at\nrisk would depend on the format of the data and how the JavaScript\nparser attempts to interpret it. For most files the amount of data\nthat can be recovered would be limited to the first word or two. Some\ndata files might allow deeper probing with repeated loads. Thunderbird\nshares the browser engine with Firefox and could be vulnerable if\nJavaScript were to be enabled in mail. This is not the default setting\nand we strongly discourage users from running JavaScript in mail.\nWorkaround Disable JavaScript until a version containing these fixes\ncan be installed.\n\nMFSA 2008-64 / CVE-2008-5506: Marius Schilder of Google Security\nreported that when a XMLHttpRequest is made to a same-origin resource\nwhich 302 redirects to a resource in a different domain, the response\nfrom the cross-domain resource is readable by the site issuing the\nXHR. Cookies marked HttpOnly were not readable, but other potentially\nsensitive data could be revealed in the XHR response including URL\nparameters and content in the response body. Thunderbird shares the\nbrowser engine with Firefox and could be vulnerable if JavaScript were\nto be enabled in mail. This is not the default setting and we strongly\ndiscourage users from running JavaScript in mail. Workaround Disable\nJavaScript until a version containing these fixes can be installed.\n\nMFSA 2008-63 / CVE-2008-5505: Security researcher Hish reported that\nthe persist attribute in XUL elements can be used to store cookie-like\ninformation on a user's computer which could later be read by a\nwebsite. This creates a privacy issue for users who have a\nnon-standard cookie preference and wish to prevent sites from setting\ncookies on their machine. Even with cookies turned off, this issue\ncould be used by a website to write persistent data in a user's\nbrowser and track the user across browsing sessions. Additionally,\nthis issue could allow a website to bypass the limits normally placed\non cookie size and number.\n\nMFSA 2008-60 / CVE-2008-5502 / CVE-2008-5501 / CVE-2008-5500: Mozilla\ndevelopers identified and fixed several stability bugs in the browser\nengine used in Firefox and other Mozilla-based products. Some of these\ncrashes showed evidence of memory corruption under certain\ncircumstances and we presume that with enough effort at least some of\nthese could be exploited to run arbitrary code. Thunderbird shares the\nbrowser engine with Firefox and could be vulnerable if JavaScript were\nto be enabled in mail. This is not the default setting and we strongly\ndiscourage users from running JavaScript in mail. Without further\ninvestigation we cannot rule out the possibility that for some of\nthese an attacker might be able to prepare memory for exploitation\nthrough some means other than JavaScript such as large images.\nWorkaround Disable JavaScript until a version containing these fixes\ncan be installed.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=455804\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected MozillaFirefox packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(20, 79, 200, 264, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-translations\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/12/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/07/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.0\", reference:\"MozillaFirefox-3.0.5-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"MozillaFirefox-translations-3.0.5-0.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MozillaFirefox\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-20T15:44:21", "description": "Several flaws were discovered in the browser engine. These problems\ncould allow an attacker to crash the browser and possibly execute\narbitrary code with user privileges. (CVE-2008-5500, CVE-2008-5501,\nCVE-2008-5502)\n\nIt was discovered that Firefox did not properly handle persistent\ncookie data. If a user were tricked into opening a malicious website,\nan attacker could write persistent data in the user's browser and\ntrack the user across browsing sessions. (CVE-2008-5505)\n\nMarius Schilder discovered that Firefox did not properly handle\nredirects to an outside domain when an XMLHttpRequest was made to a\nsame-origin resource. It's possible that sensitive information could\nbe revealed in the XMLHttpRequest response. (CVE-2008-5506)\n\nChris Evans discovered that Firefox did not properly protect a user's\ndata when accessing a same-domain JavaScript URL that is redirected to\nan unparsable JavaScript off-site resource. If a user were tricked\ninto opening a malicious website, an attacker may be able to steal a\nlimited amount of private data. (CVE-2008-5507)\n\nChip Salzenberg, Justin Schuh, Tom Cross, and Peter William discovered\nFirefox did not properly parse URLs when processing certain control\ncharacters. (CVE-2008-5508)\n\nKojima Hajime discovered that Firefox did not properly handle an\nescaped null character. An attacker may be able to exploit this flaw\nto bypass script sanitization. (CVE-2008-5510)\n\nSeveral flaws were discovered in the JavaScript engine. If a user were\ntricked into opening a malicious website, an attacker could exploit\nthis to execute arbitrary JavaScript code within the context of\nanother website or with chrome privileges. (CVE-2008-5511,\nCVE-2008-5512)\n\nFlaws were discovered in the session-restore feature of Firefox. If a\nuser were tricked into opening a malicious website, an attacker could\nexploit this to perform cross-site scripting attacks or execute\narbitrary JavaScript code with chrome privileges. (CVE-2008-5513).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 28, "published": "2009-04-23T00:00:00", "title": "Ubuntu 8.04 LTS / 8.10 : firefox-3.0, xulrunner-1.9 vulnerabilities (USN-690-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-5505", "CVE-2008-5500", "CVE-2008-5510", "CVE-2008-5502", "CVE-2008-5513", "CVE-2008-5512", "CVE-2008-5501", "CVE-2008-5511", "CVE-2008-5508", "CVE-2008-5507", "CVE-2008-5506"], "modified": "2009-04-23T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:abrowser", "p-cpe:/a:canonical:ubuntu_linux:firefox-3.0-dev", "p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9-venkman", "p-cpe:/a:canonical:ubuntu_linux:firefox-dom-inspector", "p-cpe:/a:canonical:ubuntu_linux:firefox-gnome-support", "p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9-dom-inspector", "p-cpe:/a:canonical:ubuntu_linux:firefox-libthai", "p-cpe:/a:canonical:ubuntu_linux:xulrunner-dev", "p-cpe:/a:canonical:ubuntu_linux:firefox-dev", "p-cpe:/a:canonical:ubuntu_linux:firefox", "p-cpe:/a:canonical:ubuntu_linux:firefox-3.0-dom-inspector", "p-cpe:/a:canonical:ubuntu_linux:firefox-3.0-gnome-support", "p-cpe:/a:canonical:ubuntu_linux:firefox-3.0-venkman", "p-cpe:/a:canonical:ubuntu_linux:firefox-granparadiso-dom-inspector", "p-cpe:/a:canonical:ubuntu_linux:firefox-trunk-gnome-support", "p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9-dev", "cpe:/o:canonical:ubuntu_linux:8.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:firefox-trunk", "p-cpe:/a:canonical:ubuntu_linux:firefox-granparadiso", "p-cpe:/a:canonical:ubuntu_linux:firefox-trunk-dom-inspector", "p-cpe:/a:canonical:ubuntu_linux:abrowser-3.0-branding", "p-cpe:/a:canonical:ubuntu_linux:firefox-granparadiso-gnome-support", "p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9-gnome-support", "p-cpe:/a:canonical:ubuntu_linux:firefox-trunk-dev", "cpe:/o:canonical:ubuntu_linux:8.10", "p-cpe:/a:canonical:ubuntu_linux:firefox-3.0", "p-cpe:/a:canonical:ubuntu_linux:firefox-granparadiso-dev", "p-cpe:/a:canonical:ubuntu_linux:firefox-3.0-branding", "p-cpe:/a:canonical:ubuntu_linux:firefox-trunk-venkman", "p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9"], "id": "UBUNTU_USN-690-1.NASL", "href": "https://www.tenable.com/plugins/nessus/36262", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-690-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(36262);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2008-5500\", \"CVE-2008-5501\", \"CVE-2008-5502\", \"CVE-2008-5505\", \"CVE-2008-5506\", \"CVE-2008-5507\", \"CVE-2008-5508\", \"CVE-2008-5510\", \"CVE-2008-5511\", \"CVE-2008-5512\", \"CVE-2008-5513\");\n script_bugtraq_id(32882);\n script_xref(name:\"USN\", value:\"690-1\");\n\n script_name(english:\"Ubuntu 8.04 LTS / 8.10 : firefox-3.0, xulrunner-1.9 vulnerabilities (USN-690-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several flaws were discovered in the browser engine. These problems\ncould allow an attacker to crash the browser and possibly execute\narbitrary code with user privileges. (CVE-2008-5500, CVE-2008-5501,\nCVE-2008-5502)\n\nIt was discovered that Firefox did not properly handle persistent\ncookie data. If a user were tricked into opening a malicious website,\nan attacker could write persistent data in the user's browser and\ntrack the user across browsing sessions. (CVE-2008-5505)\n\nMarius Schilder discovered that Firefox did not properly handle\nredirects to an outside domain when an XMLHttpRequest was made to a\nsame-origin resource. It's possible that sensitive information could\nbe revealed in the XMLHttpRequest response. (CVE-2008-5506)\n\nChris Evans discovered that Firefox did not properly protect a user's\ndata when accessing a same-domain JavaScript URL that is redirected to\nan unparsable JavaScript off-site resource. If a user were tricked\ninto opening a malicious website, an attacker may be able to steal a\nlimited amount of private data. (CVE-2008-5507)\n\nChip Salzenberg, Justin Schuh, Tom Cross, and Peter William discovered\nFirefox did not properly parse URLs when processing certain control\ncharacters. (CVE-2008-5508)\n\nKojima Hajime discovered that Firefox did not properly handle an\nescaped null character. An attacker may be able to exploit this flaw\nto bypass script sanitization. (CVE-2008-5510)\n\nSeveral flaws were discovered in the JavaScript engine. If a user were\ntricked into opening a malicious website, an attacker could exploit\nthis to execute arbitrary JavaScript code within the context of\nanother website or with chrome privileges. (CVE-2008-5511,\nCVE-2008-5512)\n\nFlaws were discovered in the session-restore feature of Firefox. If a\nuser were tricked into opening a malicious website, an attacker could\nexploit this to perform cross-site scripting attacks or execute\narbitrary JavaScript code with chrome privileges. (CVE-2008-5513).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/690-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 79, 200, 264, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:abrowser\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:abrowser-3.0-branding\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-3.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-3.0-branding\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-3.0-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-3.0-dom-inspector\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-3.0-gnome-support\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-3.0-venkman\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-dom-inspector\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-gnome-support\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-granparadiso\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-granparadiso-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-granparadiso-dom-inspector\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-granparadiso-gnome-support\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-libthai\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-trunk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-trunk-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-trunk-dom-inspector\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-trunk-gnome-support\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-trunk-venkman\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9-dom-inspector\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9-gnome-support\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9-venkman\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:xulrunner-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/12/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/04/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2008-2019 Canonical, Inc. / NASL script (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(8\\.04|8\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 8.04 / 8.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"8.04\", pkgname:\"firefox\", pkgver:\"3.0.5+nobinonly-0ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"firefox-3.0\", pkgver:\"3.0.5+nobinonly-0ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"firefox-3.0-dev\", pkgver:\"3.0.5+nobinonly-0ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"firefox-3.0-dom-inspector\", pkgver:\"3.0.5+nobinonly-0ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"firefox-3.0-gnome-support\", pkgver:\"3.0.5+nobinonly-0ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"firefox-3.0-venkman\", pkgver:\"3.0.5+nobinonly-0ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"firefox-dev\", pkgver:\"3.0.5+nobinonly-0ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"firefox-dom-inspector\", pkgver:\"3.0.5+nobinonly-0ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"firefox-gnome-support\", pkgver:\"3.0.5+nobinonly-0ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"firefox-granparadiso\", pkgver:\"3.0.5+nobinonly-0ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"firefox-granparadiso-dev\", pkgver:\"3.0.5+nobinonly-0ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"firefox-granparadiso-dom-inspector\", pkgver:\"3.0.5+nobinonly-0ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"firefox-granparadiso-gnome-support\", pkgver:\"3.0.5+nobinonly-0ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"firefox-libthai\", pkgver:\"3.0.5+nobinonly-0ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"firefox-trunk\", pkgver:\"3.0.5+nobinonly-0ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"firefox-trunk-dev\", pkgver:\"3.0.5+nobinonly-0ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"firefox-trunk-dom-inspector\", pkgver:\"3.0.5+nobinonly-0ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"firefox-trunk-gnome-support\", pkgver:\"3.0.5+nobinonly-0ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"firefox-trunk-venkman\", pkgver:\"3.0.5+nobinonly-0ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"xulrunner-1.9\", pkgver:\"1.9.0.5+nobinonly-0ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"xulrunner-1.9-dev\", pkgver:\"1.9.0.5+nobinonly-0ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"xulrunner-1.9-dom-inspector\", pkgver:\"1.9.0.5+nobinonly-0ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"xulrunner-1.9-gnome-support\", pkgver:\"1.9.0.5+nobinonly-0ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"xulrunner-1.9-venkman\", pkgver:\"1.9.0.5+nobinonly-0ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"abrowser\", pkgver:\"3.0.5+nobinonly-0ubuntu0.8.10.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"abrowser-3.0-branding\", pkgver:\"3.0.5+nobinonly-0ubuntu0.8.10.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"firefox\", pkgver:\"3.0.5+nobinonly-0ubuntu0.8.10.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"firefox-3.0\", pkgver:\"3.0.5+nobinonly-0ubuntu0.8.10.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"firefox-3.0-branding\", pkgver:\"3.0.5+nobinonly-0ubuntu0.8.10.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"firefox-3.0-dev\", pkgver:\"3.0.5+nobinonly-0ubuntu0.8.10.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"firefox-3.0-dom-inspector\", pkgver:\"3.0.5+nobinonly-0ubuntu0.8.10.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"firefox-3.0-gnome-support\", pkgver:\"3.0.5+nobinonly-0ubuntu0.8.10.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"firefox-3.0-venkman\", pkgver:\"3.0.5+nobinonly-0ubuntu0.8.10.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"firefox-dev\", pkgver:\"3.0.5+nobinonly-0ubuntu0.8.10.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"firefox-dom-inspector\", pkgver:\"3.0.5+nobinonly-0ubuntu0.8.10.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"firefox-gnome-support\", pkgver:\"3.0.5+nobinonly-0ubuntu0.8.10.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"firefox-granparadiso\", pkgver:\"3.0.5+nobinonly-0ubuntu0.8.10.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"firefox-granparadiso-dev\", pkgver:\"3.0.5+nobinonly-0ubuntu0.8.10.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"firefox-granparadiso-dom-inspector\", pkgver:\"3.0.5+nobinonly-0ubuntu0.8.10.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"firefox-granparadiso-gnome-support\", pkgver:\"3.0.5+nobinonly-0ubuntu0.8.10.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"firefox-libthai\", pkgver:\"3.0.5+nobinonly-0ubuntu0.8.10.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"firefox-trunk\", pkgver:\"3.0.5+nobinonly-0ubuntu0.8.10.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"firefox-trunk-dev\", pkgver:\"3.0.5+nobinonly-0ubuntu0.8.10.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"firefox-trunk-dom-inspector\", pkgver:\"3.0.5+nobinonly-0ubuntu0.8.10.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"firefox-trunk-gnome-support\", pkgver:\"3.0.5+nobinonly-0ubuntu0.8.10.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"firefox-trunk-venkman\", pkgver:\"3.0.5+nobinonly-0ubuntu0.8.10.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"xulrunner-1.9\", pkgver:\"1.9.0.5+nobinonly-0ubuntu0.8.10.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"xulrunner-1.9-dev\", pkgver:\"1.9.0.5+nobinonly-0ubuntu0.8.10.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"xulrunner-1.9-dom-inspector\", pkgver:\"1.9.0.5+nobinonly-0ubuntu0.8.10.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"xulrunner-1.9-gnome-support\", pkgver:\"1.9.0.5+nobinonly-0ubuntu0.8.10.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"xulrunner-1.9-venkman\", pkgver:\"1.9.0.5+nobinonly-0ubuntu0.8.10.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"xulrunner-dev\", pkgver:\"1.9.0.5+nobinonly-0ubuntu0.8.10.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"abrowser / abrowser-3.0-branding / firefox / firefox-3.0 / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-12T10:06:22", "description": "Update to the new upstream Firefox 3.0.5 / XULRunner 1.9.0.5 fixing\nmultiple security issues: http://www.mozilla.org/security/known-\nvulnerabilities/firefox30.html#firefox3.0.5 This update also contains\nnew builds of all applications depending on Gecko libraries, built\nagainst thenew version. Note: after the updated packages are\ninstalled, Firefox must be restarted for the update to take effect.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 26, "published": "2008-12-21T00:00:00", "title": "Fedora 9 : Miro-1.2.7-3.fc9 / blam-1.8.5-4.fc9.1 / cairo-dock-1.6.3.1-1.fc9.2 / chmsee-1.0.1-7.fc9 / etc (2008-11598)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-5505", "CVE-2008-5500", "CVE-2008-5510", "CVE-2008-5502", "CVE-2008-5513", "CVE-2008-5512", "CVE-2008-5501", "CVE-2008-5511", "CVE-2008-5508", "CVE-2008-5507", "CVE-2008-5506"], "modified": "2008-12-21T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:google-gadgets", "p-cpe:/a:fedoraproject:fedora:xulrunner", "p-cpe:/a:fedoraproject:fedora:firefox", "p-cpe:/a:fedoraproject:fedora:epiphany", "p-cpe:/a:fedoraproject:fedora:chmsee", "p-cpe:/a:fedoraproject:fedora:totem", "p-cpe:/a:fedoraproject:fedora:cairo-dock", "p-cpe:/a:fedoraproject:fedora:ruby-gnome2", "p-cpe:/a:fedoraproject:fedora:evolution-rss", "cpe:/o:fedoraproject:fedora:9", "p-cpe:/a:fedoraproject:fedora:mugshot", "p-cpe:/a:fedoraproject:fedora:kazehakase", "p-cpe:/a:fedoraproject:fedora:gnome-python2-extras", "p-cpe:/a:fedoraproject:fedora:epiphany-extensions", "p-cpe:/a:fedoraproject:fedora:blam", "p-cpe:/a:fedoraproject:fedora:gnome-web-photo", "p-cpe:/a:fedoraproject:fedora:galeon", "p-cpe:/a:fedoraproject:fedora:devhelp", "p-cpe:/a:fedoraproject:fedora:Miro", "p-cpe:/a:fedoraproject:fedora:mozvoikko", "p-cpe:/a:fedoraproject:fedora:gtkmozembedmm", "p-cpe:/a:fedoraproject:fedora:yelp"], "id": "FEDORA_2008-11598.NASL", "href": "https://www.tenable.com/plugins/nessus/35238", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2008-11598.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(35238);\n script_version(\"1.21\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2008-5500\", \"CVE-2008-5501\", \"CVE-2008-5502\", \"CVE-2008-5505\", \"CVE-2008-5506\", \"CVE-2008-5507\", \"CVE-2008-5508\", \"CVE-2008-5510\", \"CVE-2008-5511\", \"CVE-2008-5512\", \"CVE-2008-5513\");\n script_bugtraq_id(32882);\n script_xref(name:\"FEDORA\", value:\"2008-11598\");\n\n script_name(english:\"Fedora 9 : Miro-1.2.7-3.fc9 / blam-1.8.5-4.fc9.1 / cairo-dock-1.6.3.1-1.fc9.2 / chmsee-1.0.1-7.fc9 / etc (2008-11598)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to the new upstream Firefox 3.0.5 / XULRunner 1.9.0.5 fixing\nmultiple security issues: http://www.mozilla.org/security/known-\nvulnerabilities/firefox30.html#firefox3.0.5 This update also contains\nnew builds of all applications depending on Gecko libraries, built\nagainst thenew version. Note: after the updated packages are\ninstalled, Firefox must be restarted for the update to take effect.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # http://www.mozilla.org/security/known-\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/known-\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=476266\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=476267\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=476269\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=476274\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=476278\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=476280\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=476281\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=476283\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=476285\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=476287\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=476289\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-December/017958.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?77ab19ad\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-December/017959.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?df3d2ba8\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-December/017960.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e754e938\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-December/017961.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?47512081\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-December/017962.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?eeca82ff\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-December/017963.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f34716f5\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-December/017964.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0eefa5ed\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-December/017965.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5ed21dec\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-December/017966.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1a0abae5\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-December/017967.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d64c4960\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-December/017968.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5971f84b\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-December/017969.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2a8d224a\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-December/017970.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4162e726\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-December/017971.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1fda1407\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-December/017972.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4b6f7939\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-December/017973.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?60222e06\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-December/017974.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?cdfcb8bb\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-December/017975.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f4cce8b2\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-December/017976.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?61c030a4\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-December/017977.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3b696380\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-December/017979.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4d2d207c\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 79, 200, 264, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:Miro\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:blam\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:cairo-dock\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:chmsee\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:devhelp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:epiphany\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:epiphany-extensions\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:evolution-rss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:galeon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:gnome-python2-extras\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:gnome-web-photo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:google-gadgets\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:gtkmozembedmm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kazehakase\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mozvoikko\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mugshot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:ruby-gnome2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:totem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:xulrunner\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:yelp\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:9\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/12/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/12/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/12/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^9([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 9.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC9\", reference:\"Miro-1.2.7-3.fc9\")) flag++;\nif (rpm_check(release:\"FC9\", reference:\"blam-1.8.5-4.fc9.1\")) flag++;\nif (rpm_check(release:\"FC9\", reference:\"cairo-dock-1.6.3.1-1.fc9.2\")) flag++;\nif (rpm_check(release:\"FC9\", reference:\"chmsee-1.0.1-7.fc9\")) flag++;\nif (rpm_check(release:\"FC9\", reference:\"devhelp-0.19.1-7.fc9\")) flag++;\nif (rpm_check(release:\"FC9\", reference:\"epiphany-2.22.2-6.fc9\")) flag++;\nif (rpm_check(release:\"FC9\", reference:\"epiphany-extensions-2.22.1-6.fc9\")) flag++;\nif (rpm_check(release:\"FC9\", reference:\"evolution-rss-0.1.0-5.fc9\")) flag++;\nif (rpm_check(release:\"FC9\", reference:\"firefox-3.0.5-1.fc9\")) flag++;\nif (rpm_check(release:\"FC9\", reference:\"galeon-2.0.7-4.fc9\")) flag++;\nif (rpm_check(release:\"FC9\", reference:\"gnome-python2-extras-2.19.1-22.fc9\")) flag++;\nif (rpm_check(release:\"FC9\", reference:\"gnome-web-photo-0.3-16.fc9\")) flag++;\nif (rpm_check(release:\"FC9\", reference:\"google-gadgets-0.10.3-2.fc9\")) flag++;\nif (rpm_check(release:\"FC9\", reference:\"gtkmozembedmm-1.4.2.cvs20060817-24.fc9\")) flag++;\nif (rpm_check(release:\"FC9\", reference:\"kazehakase-0.5.6-1.fc9.2\")) flag++;\nif (rpm_check(release:\"FC9\", reference:\"mozvoikko-0.9.5-5.fc9\")) flag++;\nif (rpm_check(release:\"FC9\", reference:\"mugshot-1.2.2-4.fc9\")) flag++;\nif (rpm_check(release:\"FC9\", reference:\"ruby-gnome2-0.17.0-4.fc9\")) flag++;\nif (rpm_check(release:\"FC9\", reference:\"totem-2.23.2-9.fc9\")) flag++;\nif (rpm_check(release:\"FC9\", reference:\"xulrunner-1.9.0.5-1.fc9\")) flag++;\nif (rpm_check(release:\"FC9\", reference:\"yelp-2.22.1-7.fc9\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Miro / blam / cairo-dock / chmsee / devhelp / epiphany / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T13:44:05", "description": "Several flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code as the user running Firefox.\n(CVE-2008-5500, CVE-2008-5501, CVE-2008-5502, CVE-2008-5511,\nCVE-2008-5512, CVE-2008-5513)\n\nSeveral flaws were found in the way malformed content was processed. A\nwebsite containing specially crafted content could potentially trick a\nFirefox user into surrendering sensitive information. (CVE-2008-5506,\nCVE-2008-5507)\n\nA flaw was found in the way Firefox stored attributes in XML User\nInterface Language (XUL) elements. A website could use this flaw to\ntrack users across browser sessions, even if users did not allow the\nsite to store cookies in the victim's browser. (CVE-2008-5505)\n\nA flaw was found in the way malformed URLs were processed by Firefox.\nThis flaw could prevent various URL sanitization mechanisms from\nproperly parsing a malicious URL. (CVE-2008-5508)\n\nA flaw was found in Firefox's CSS parser. A malicious web page could\ninject NULL characters into a CSS input string, possibly bypassing an\napplication's script sanitization routines. (CVE-2008-5510)\n\nFor technical details regarding these flaws, please see the Mozilla\nsecurity advisories for Firefox 3.0.5. You can find a link to the\nMozilla advisories in the References section.\n\nNote: after the errata packages are installed, Firefox must be\nrestarted for the update to take effect.", "edition": 26, "published": "2012-08-01T00:00:00", "title": "Scientific Linux Security Update : firefox on SL4.x, SL5.x i386/x86_64", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-5505", "CVE-2008-5500", "CVE-2008-5510", "CVE-2008-5502", "CVE-2008-5513", "CVE-2008-5512", "CVE-2008-5501", "CVE-2008-5511", "CVE-2008-5508", "CVE-2008-5507", "CVE-2008-5506"], "modified": "2012-08-01T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20081216_FIREFOX_ON_SL4_X.NASL", "href": "https://www.tenable.com/plugins/nessus/60506", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(60506);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-5500\", \"CVE-2008-5501\", \"CVE-2008-5502\", \"CVE-2008-5505\", \"CVE-2008-5506\", \"CVE-2008-5507\", \"CVE-2008-5508\", \"CVE-2008-5510\", \"CVE-2008-5511\", \"CVE-2008-5512\", \"CVE-2008-5513\");\n\n script_name(english:\"Scientific Linux Security Update : firefox on SL4.x, SL5.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code as the user running Firefox.\n(CVE-2008-5500, CVE-2008-5501, CVE-2008-5502, CVE-2008-5511,\nCVE-2008-5512, CVE-2008-5513)\n\nSeveral flaws were found in the way malformed content was processed. A\nwebsite containing specially crafted content could potentially trick a\nFirefox user into surrendering sensitive information. (CVE-2008-5506,\nCVE-2008-5507)\n\nA flaw was found in the way Firefox stored attributes in XML User\nInterface Language (XUL) elements. A website could use this flaw to\ntrack users across browser sessions, even if users did not allow the\nsite to store cookies in the victim's browser. (CVE-2008-5505)\n\nA flaw was found in the way malformed URLs were processed by Firefox.\nThis flaw could prevent various URL sanitization mechanisms from\nproperly parsing a malicious URL. (CVE-2008-5508)\n\nA flaw was found in Firefox's CSS parser. A malicious web page could\ninject NULL characters into a CSS input string, possibly bypassing an\napplication's script sanitization routines. (CVE-2008-5510)\n\nFor technical details regarding these flaws, please see the Mozilla\nsecurity advisories for Firefox 3.0.5. You can find a link to the\nMozilla advisories in the References section.\n\nNote: after the errata packages are installed, Firefox must be\nrestarted for the update to take effect.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind0812&L=scientific-linux-errata&T=0&P=1263\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?012cdd0a\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(20, 79, 200, 264, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/12/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/12/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL4\", reference:\"firefox-3.0.5-1.el4\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"nspr-4.7.3-1.el4\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"nspr-devel-4.7.3-1.el4\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"nss-3.12.2.0-1.el4\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"nss-devel-3.12.2.0-1.el4\")) flag++;\n\nif (rpm_check(release:\"SL5\", reference:\"firefox-3.0.5-1.el5_2\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"nspr-4.7.3-2.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"nspr-devel-4.7.3-2.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"nss-3.12.2.0-2.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"nss-devel-3.12.2.0-2.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"nss-pkcs11-devel-3.12.2.0-2.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"nss-tools-3.12.2.0-2.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"xulrunner-1.9.0.5-1.el5_2\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"xulrunner-devel-1.9.0.5-1.el5_2\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"xulrunner-devel-unstable-1.9.0.5-1.el5_2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-12T10:06:21", "description": "Update to the new upstream Firefox 3.0.5 / XULRunner 1.9.0.5 fixing\nmultiple security issues: http://www.mozilla.org/security/known-\nvulnerabilities/firefox30.html#firefox3.0.5 This update also contains\nnew builds of all applications depending on Gecko libraries, built\nagainst new version. Note: after the updated packages are installed,\nFirefox must be restarted for the update to take effect.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 25, "published": "2009-04-23T00:00:00", "title": "Fedora 10 : Miro-1.2.7-3.fc10 / blam-1.8.5-5.fc10 / devhelp-0.22-2.fc10 / epiphany-2.24.1-3.fc10 / etc (2008-11511)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-5505", "CVE-2008-5500", "CVE-2008-5510", "CVE-2008-5502", "CVE-2008-5513", "CVE-2008-5512", "CVE-2008-5501", "CVE-2008-5511", "CVE-2008-5508", "CVE-2008-5507", "CVE-2008-5506"], "modified": "2009-04-23T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:10", "p-cpe:/a:fedoraproject:fedora:google-gadgets", "p-cpe:/a:fedoraproject:fedora:xulrunner", "p-cpe:/a:fedoraproject:fedora:pcmanx-gtk2", "p-cpe:/a:fedoraproject:fedora:firefox", "p-cpe:/a:fedoraproject:fedora:epiphany", "p-cpe:/a:fedoraproject:fedora:gecko-sharp2", "p-cpe:/a:fedoraproject:fedora:ruby-gnome2", "p-cpe:/a:fedoraproject:fedora:evolution-rss", "p-cpe:/a:fedoraproject:fedora:mugshot", "p-cpe:/a:fedoraproject:fedora:kazehakase", "p-cpe:/a:fedoraproject:fedora:gnome-python2-extras", "p-cpe:/a:fedoraproject:fedora:epiphany-extensions", "p-cpe:/a:fedoraproject:fedora:blam", "p-cpe:/a:fedoraproject:fedora:gnome-web-photo", "p-cpe:/a:fedoraproject:fedora:galeon", "p-cpe:/a:fedoraproject:fedora:devhelp", "p-cpe:/a:fedoraproject:fedora:Miro", "p-cpe:/a:fedoraproject:fedora:mozvoikko", "p-cpe:/a:fedoraproject:fedora:yelp"], "id": "FEDORA_2008-11511.NASL", "href": "https://www.tenable.com/plugins/nessus/37149", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2008-11511.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(37149);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2008-5500\", \"CVE-2008-5501\", \"CVE-2008-5502\", \"CVE-2008-5505\", \"CVE-2008-5506\", \"CVE-2008-5507\", \"CVE-2008-5508\", \"CVE-2008-5510\", \"CVE-2008-5511\", \"CVE-2008-5512\", \"CVE-2008-5513\");\n script_xref(name:\"FEDORA\", value:\"2008-11511\");\n\n script_name(english:\"Fedora 10 : Miro-1.2.7-3.fc10 / blam-1.8.5-5.fc10 / devhelp-0.22-2.fc10 / epiphany-2.24.1-3.fc10 / etc (2008-11511)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to the new upstream Firefox 3.0.5 / XULRunner 1.9.0.5 fixing\nmultiple security issues: http://www.mozilla.org/security/known-\nvulnerabilities/firefox30.html#firefox3.0.5 This update also contains\nnew builds of all applications depending on Gecko libraries, built\nagainst new version. Note: after the updated packages are installed,\nFirefox must be restarted for the update to take effect.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # http://www.mozilla.org/security/known-\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/known-\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=476266\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=476267\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=476269\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=476274\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=476278\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=476280\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=476281\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=476283\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=476285\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=476287\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=476289\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-December/017906.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?43286554\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-December/017907.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2a7662d2\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-December/017908.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a77dd53f\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-December/017909.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6ba28cd4\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-December/017910.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?45ea898b\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-December/017911.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?210e216d\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-December/017912.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d066a674\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-December/017913.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f590d883\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-December/017914.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?aa0539d2\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-December/017915.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?17e9b2ff\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-December/017916.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a3986692\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-December/017917.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?74a832de\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-December/017918.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8a083357\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-December/017919.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a404b81d\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-December/017920.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d9414c9a\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-December/017921.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f78fd7da\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-December/017922.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?67f75152\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-December/017923.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7a6c1776\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-December/017924.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c4e3fb15\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(20, 79, 200, 264, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:Miro\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:blam\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:devhelp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:epiphany\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:epiphany-extensions\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:evolution-rss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:galeon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:gecko-sharp2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:gnome-python2-extras\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:gnome-web-photo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:google-gadgets\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kazehakase\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mozvoikko\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mugshot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:pcmanx-gtk2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:ruby-gnome2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:xulrunner\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:yelp\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/12/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/12/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/04/23\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^10([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 10.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC10\", reference:\"Miro-1.2.7-3.fc10\")) flag++;\nif (rpm_check(release:\"FC10\", reference:\"blam-1.8.5-5.fc10\")) flag++;\nif (rpm_check(release:\"FC10\", reference:\"devhelp-0.22-2.fc10\")) flag++;\nif (rpm_check(release:\"FC10\", reference:\"epiphany-2.24.1-3.fc10\")) flag++;\nif (rpm_check(release:\"FC10\", reference:\"epiphany-extensions-2.24.0-3.fc10\")) flag++;\nif (rpm_check(release:\"FC10\", reference:\"evolution-rss-0.1.2-3.fc10\")) flag++;\nif (rpm_check(release:\"FC10\", reference:\"firefox-3.0.5-1.fc10\")) flag++;\nif (rpm_check(release:\"FC10\", reference:\"galeon-2.0.7-4.fc10\")) flag++;\nif (rpm_check(release:\"FC10\", reference:\"gecko-sharp2-0.13-3.fc10\")) flag++;\nif (rpm_check(release:\"FC10\", reference:\"gnome-python2-extras-2.19.1-25.fc10\")) flag++;\nif (rpm_check(release:\"FC10\", reference:\"gnome-web-photo-0.3-13.fc10\")) flag++;\nif (rpm_check(release:\"FC10\", reference:\"google-gadgets-0.10.3-2.fc10\")) flag++;\nif (rpm_check(release:\"FC10\", reference:\"kazehakase-0.5.6-1.fc10.2\")) flag++;\nif (rpm_check(release:\"FC10\", reference:\"mozvoikko-0.9.5-5.fc10\")) flag++;\nif (rpm_check(release:\"FC10\", reference:\"mugshot-1.2.2-4.fc10\")) flag++;\nif (rpm_check(release:\"FC10\", reference:\"pcmanx-gtk2-0.3.8-4.fc10\")) flag++;\nif (rpm_check(release:\"FC10\", reference:\"ruby-gnome2-0.18.1-2.fc10\")) flag++;\nif (rpm_check(release:\"FC10\", reference:\"xulrunner-1.9.0.5-1.fc10\")) flag++;\nif (rpm_check(release:\"FC10\", reference:\"yelp-2.24.0-4.fc10\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Miro / blam / devhelp / epiphany / epiphany-extensions / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2017-07-25T10:56:29", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-5505", "CVE-2008-5500", "CVE-2008-5510", "CVE-2008-5502", "CVE-2008-5513", "CVE-2008-5512", "CVE-2008-5501", "CVE-2008-5511", "CVE-2008-5508", "CVE-2008-5507", "CVE-2008-5506"], "description": "Check for the Version of epiphany", "modified": "2017-07-10T00:00:00", "published": "2009-02-13T00:00:00", "id": "OPENVAS:860261", "href": "http://plugins.openvas.org/nasl.php?oid=860261", "type": "openvas", "title": "Fedora Update for epiphany FEDORA-2008-11598", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for epiphany FEDORA-2008-11598\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"epiphany on Fedora 9\";\ntag_insight = \"Epiphany is a simple GNOME web browser based on the Mozilla rendering\n engine.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01050.html\");\n script_id(860261);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-13 10:35:30 +0100 (Fri, 13 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2008-11598\");\n script_cve_id(\"CVE-2008-5501\", \"CVE-2008-5512\", \"CVE-2008-5506\", \"CVE-2008-5510\", \"CVE-2008-5513\", \"CVE-2008-5507\", \"CVE-2008-5500\", \"CVE-2008-5511\", \"CVE-2008-5505\", \"CVE-2008-5502\", \"CVE-2008-5508\");\n script_name( \"Fedora Update for epiphany FEDORA-2008-11598\");\n\n script_summary(\"Check for the Version of epiphany\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC9\")\n{\n\n if ((res = isrpmvuln(pkg:\"epiphany\", rpm:\"epiphany~2.22.2~6.fc9\", rls:\"FC9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:57:07", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-5505", "CVE-2008-5500", "CVE-2008-5510", "CVE-2008-5502", "CVE-2008-5513", "CVE-2008-5512", "CVE-2008-5501", "CVE-2008-5511", "CVE-2008-5508", "CVE-2008-5507", "CVE-2008-5506"], "description": "Check for the Version of gnome-python2-extras", "modified": "2017-07-10T00:00:00", "published": "2009-02-13T00:00:00", "id": "OPENVAS:860143", "href": "http://plugins.openvas.org/nasl.php?oid=860143", "type": "openvas", "title": "Fedora Update for gnome-python2-extras FEDORA-2008-11511", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for gnome-python2-extras FEDORA-2008-11511\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"gnome-python2-extras on Fedora 10\";\ntag_insight = \"The gnome-python-extra package contains the source packages for additional\n Python bindings for GNOME. It should be used together with gnome-python.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01004.html\");\n script_id(860143);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-13 10:35:30 +0100 (Fri, 13 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2008-11511\");\n script_cve_id(\"CVE-2008-5500\", \"CVE-2008-5507\", \"CVE-2008-5506\", \"CVE-2008-5501\", \"CVE-2008-5513\", \"CVE-2008-5502\", \"CVE-2008-5512\", \"CVE-2008-5511\", \"CVE-2008-5505\", \"CVE-2008-5510\", \"CVE-2008-5508\");\n script_name( \"Fedora Update for gnome-python2-extras FEDORA-2008-11511\");\n\n script_summary(\"Check for the Version of gnome-python2-extras\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC10\")\n{\n\n if ((res = isrpmvuln(pkg:\"gnome-python2-extras\", rpm:\"gnome-python2-extras~2.19.1~25.fc10\", rls:\"FC10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:56:34", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-5505", "CVE-2008-5500", "CVE-2008-5510", "CVE-2008-5502", "CVE-2008-5513", "CVE-2008-5512", "CVE-2008-5501", "CVE-2008-5511", "CVE-2008-5508", "CVE-2008-5507", "CVE-2008-5506"], "description": "Check for the Version of mozvoikko", "modified": "2017-07-10T00:00:00", "published": "2009-02-13T00:00:00", "id": "OPENVAS:860053", "href": "http://plugins.openvas.org/nasl.php?oid=860053", "type": "openvas", "title": "Fedora Update for mozvoikko FEDORA-2008-11598", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for mozvoikko FEDORA-2008-11598\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"mozvoikko on Fedora 9\";\ntag_insight = \"This is mozvoikko, an extension for Mozilla programs for using the Finnish\n spell-checker Voikko.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01063.html\");\n script_id(860053);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-13 10:35:30 +0100 (Fri, 13 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2008-11598\");\n script_cve_id(\"CVE-2008-5501\", \"CVE-2008-5512\", \"CVE-2008-5506\", \"CVE-2008-5510\", \"CVE-2008-5513\", \"CVE-2008-5507\", \"CVE-2008-5500\", \"CVE-2008-5511\", \"CVE-2008-5505\", \"CVE-2008-5502\", \"CVE-2008-5508\");\n script_name( \"Fedora Update for mozvoikko FEDORA-2008-11598\");\n\n script_summary(\"Check for the Version of mozvoikko\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC9\")\n{\n\n if ((res = isrpmvuln(pkg:\"mozvoikko\", rpm:\"mozvoikko~0.9.5~5.fc9\", rls:\"FC9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:56:55", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-5505", "CVE-2008-5500", "CVE-2008-5510", "CVE-2008-5502", "CVE-2008-5513", "CVE-2008-5512", "CVE-2008-5501", "CVE-2008-5511", "CVE-2008-5508", "CVE-2008-5507", "CVE-2008-5506"], "description": "Check for the Version of mozvoikko", "modified": "2017-07-10T00:00:00", "published": "2009-02-13T00:00:00", "id": "OPENVAS:860340", "href": "http://plugins.openvas.org/nasl.php?oid=860340", "type": "openvas", "title": "Fedora Update for mozvoikko FEDORA-2008-11511", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for mozvoikko FEDORA-2008-11511\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"mozvoikko on Fedora 10\";\ntag_insight = \"This is mozvoikko, an extension for Mozilla programs for using the Finnish\n spell-checker Voikko.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01009.html\");\n script_id(860340);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-13 10:35:30 +0100 (Fri, 13 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2008-11511\");\n script_cve_id(\"CVE-2008-5500\", \"CVE-2008-5507\", \"CVE-2008-5506\", \"CVE-2008-5501\", \"CVE-2008-5513\", \"CVE-2008-5502\", \"CVE-2008-5512\", \"CVE-2008-5511\", \"CVE-2008-5505\", \"CVE-2008-5510\", \"CVE-2008-5508\");\n script_name( \"Fedora Update for mozvoikko FEDORA-2008-11511\");\n\n script_summary(\"Check for the Version of mozvoikko\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC10\")\n{\n\n if ((res = isrpmvuln(pkg:\"mozvoikko\", rpm:\"mozvoikko~0.9.5~5.fc10\", rls:\"FC10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:56:11", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-5505", "CVE-2008-5500", "CVE-2008-5510", "CVE-2008-5502", "CVE-2008-5513", "CVE-2008-5512", "CVE-2008-5501", "CVE-2008-5511", "CVE-2008-5508", "CVE-2008-5507", "CVE-2008-5506"], "description": "Check for the Version of pcmanx-gtk2", "modified": "2017-07-10T00:00:00", "published": "2009-02-13T00:00:00", "id": "OPENVAS:860970", "href": "http://plugins.openvas.org/nasl.php?oid=860970", "type": "openvas", "title": "Fedora Update for pcmanx-gtk2 FEDORA-2008-11511", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for pcmanx-gtk2 FEDORA-2008-11511\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"An easy-to-use telnet client mainly targets BBS users.\n\n PCMan X is a newly developed GPL'd version of PCMan, a full-featured\n famous BBS client formerly designed for MS Windows only. It aimed to\n be an easy-to-use yet full-featured telnet client facilitating BBS\n browsing with the ability to process double-byte characters.\";\n\ntag_affected = \"pcmanx-gtk2 on Fedora 10\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01012.html\");\n script_id(860970);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-13 10:35:30 +0100 (Fri, 13 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2008-11511\");\n script_cve_id(\"CVE-2008-5500\", \"CVE-2008-5507\", \"CVE-2008-5506\", \"CVE-2008-5501\", \"CVE-2008-5513\", \"CVE-2008-5502\", \"CVE-2008-5512\", \"CVE-2008-5511\", \"CVE-2008-5505\", \"CVE-2008-5510\", \"CVE-2008-5508\");\n script_name( \"Fedora Update for pcmanx-gtk2 FEDORA-2008-11511\");\n\n script_summary(\"Check for the Version of pcmanx-gtk2\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC10\")\n{\n\n if ((res = isrpmvuln(pkg:\"pcmanx-gtk2\", rpm:\"pcmanx-gtk2~0.3.8~4.fc10\", rls:\"FC10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-04T11:29:01", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-5505", "CVE-2008-5500", "CVE-2008-5510", "CVE-2008-5502", "CVE-2008-5513", "CVE-2008-5512", "CVE-2008-5501", "CVE-2008-5511", "CVE-2008-5508", "CVE-2008-5507", "CVE-2008-5506"], "description": "Ubuntu Update for Linux kernel vulnerabilities USN-690-1", "modified": "2017-12-01T00:00:00", "published": "2009-03-23T00:00:00", "id": "OPENVAS:840340", "href": "http://plugins.openvas.org/nasl.php?oid=840340", "type": "openvas", "title": "Ubuntu Update for firefox-3.0, xulrunner-1.9 vulnerabilities USN-690-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_690_1.nasl 7969 2017-12-01 09:23:16Z santu $\n#\n# Ubuntu Update for firefox-3.0, xulrunner-1.9 vulnerabilities USN-690-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several flaws were discovered in the browser engine. These problems could allow\n an attacker to crash the browser and possibly execute arbitrary code with user\n privileges. (CVE-2008-5500, CVE-2008-5501, CVE-2008-5502)\n\n It was discovered that Firefox did not properly handle persistent cookie data.\n If a user were tricked into opening a malicious website, an attacker could\n write persistent data in the user's browser and track the user across browsing\n sessions. (CVE-2008-5505)\n \n Marius Schilder discovered that Firefox did not properly handle redirects to\n an outside domain when an XMLHttpRequest was made to a same-origin resource.\n It's possible that sensitive information could be revealed in the\n XMLHttpRequest response. (CVE-2008-5506)\n \n Chris Evans discovered that Firefox did not properly protect a user's data when\n accessing a same-domain Javascript URL that is redirected to an unparsable\n Javascript off-site resource. If a user were tricked into opening a malicious\n website, an attacker may be able to steal a limited amount of private data.\n (CVE-2008-5507)\n \n Chip Salzenberg, Justin Schuh, Tom Cross, and Peter William discovered Firefox\n did not properly parse URLs when processing certain control characters.\n (CVE-2008-5508)\n \n Kojima Hajime discovered that Firefox did not properly handle an escaped null\n character. An attacker may be able to exploit this flaw to bypass script\n sanitization. (CVE-2008-5510)\n \n Several flaws were discovered in the Javascript engine. If a user were tricked\n into opening a malicious website, an attacker could exploit this to execute\n arbitrary Javascript code within the context of another website or with chrome\n privileges. (CVE-2008-5511, CVE-2008-5512)\n \n Flaws were discovered in the session-restore feature of Firefox. If a user were\n tricked into opening a malicious website, an attacker could exploit this to\n perform cross-site scripting attacks or execute arbitrary Javascript code with\n chrome privileges. (CVE-2008-5513)\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-690-1\";\ntag_affected = \"firefox-3.0, xulrunner-1.9 vulnerabilities on Ubuntu 8.04 LTS ,\n Ubuntu 8.10\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-690-1/\");\n script_id(840340);\n script_version(\"$Revision: 7969 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 10:23:16 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-23 10:59:50 +0100 (Mon, 23 Mar 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"USN\", value: \"690-1\");\n script_cve_id(\"CVE-2008-5500\", \"CVE-2008-5501\", \"CVE-2008-5502\", \"CVE-2008-5505\", \"CVE-2008-5506\", \"CVE-2008-5507\", \"CVE-2008-5508\", \"CVE-2008-5510\", \"CVE-2008-5511\", \"CVE-2008-5512\", \"CVE-2008-5513\");\n script_name( \"Ubuntu Update for firefox-3.0, xulrunner-1.9 vulnerabilities USN-690-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU8.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"abrowser\", ver:\"3.0-branding_3.0.5+nobinonly-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox\", ver:\"3.0-branding_3.0.5+nobinonly-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox\", ver:\"3.0-dev_3.0.5+nobinonly-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox\", ver:\"3.0-gnome-support_3.0.5+nobinonly-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox\", ver:\"3.0_3.0.5+nobinonly-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"xulrunner\", ver:\"1.9-dev_1.9.0.5+nobinonly-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"xulrunner\", ver:\"1.9-gnome-support_1.9.0.5+nobinonly-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"xulrunner\", ver:\"1.9_1.9.0.5+nobinonly-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"xulrunner-dev\", ver:\"1.9.0.5+nobinonly-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"abrowser\", ver:\"3.0.5+nobinonly-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox-dev\", ver:\"3.0.5+nobinonly-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox-gnome-support\", ver:\"3.0.5+nobinonly-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox-granparadiso-dev\", ver:\"3.0.5+nobinonly-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox-trunk-dev\", ver:\"3.0.5+nobinonly-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox\", ver:\"3.0.5+nobinonly-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox\", ver:\"3.0-dom-inspector_3.0.5+nobinonly-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox\", ver:\"3.0-venkman_3.0.5+nobinonly-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox-dom-inspector\", ver:\"3.0.5+nobinonly-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox-granparadiso-dom-inspector\", ver:\"3.0.5+nobinonly-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox-granparadiso-gnome-support\", ver:\"3.0.5+nobinonly-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox-granparadiso\", ver:\"3.0.5+nobinonly-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox-libthai\", ver:\"3.0.5+nobinonly-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox-trunk-dom-inspector\", ver:\"3.0.5+nobinonly-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox-trunk-gnome-support\", ver:\"3.0.5+nobinonly-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox-trunk-venkman\", ver:\"3.0.5+nobinonly-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox-trunk\", ver:\"3.0.5+nobinonly-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"xulrunner\", ver:\"1.9-dom-inspector_1.9.0.5+nobinonly-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"xulrunner\", ver:\"1.9-venkman_1.9.0.5+nobinonly-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU8.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"firefox\", ver:\"3.0-dev_3.0.5+nobinonly-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox\", ver:\"3.0-gnome-support_3.0.5+nobinonly-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox\", ver:\"3.0_3.0.5+nobinonly-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"xulrunner\", ver:\"1.9-dev_1.9.0.5+nobinonly-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"xulrunner\", ver:\"1.9-gnome-support_1.9.0.5+nobinonly-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"xulrunner\", ver:\"1.9_1.9.0.5+nobinonly-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox-dev\", ver:\"3.0.5+nobinonly-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox-gnome-support\", ver:\"3.0.5+nobinonly-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox-granparadiso-dev\", ver:\"3.0.5+nobinonly-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox-trunk-dev\", ver:\"3.0.5+nobinonly-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox\", ver:\"3.0.5+nobinonly-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox\", ver:\"3.0-dom-inspector_3.0.5+nobinonly-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox\", ver:\"3.0-venkman_3.0.5+nobinonly-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox-dom-inspector\", ver:\"3.0.5+nobinonly-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox-granparadiso-dom-inspector\", ver:\"3.0.5+nobinonly-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox-granparadiso-gnome-support\", ver:\"3.0.5+nobinonly-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox-granparadiso\", ver:\"3.0.5+nobinonly-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox-libthai\", ver:\"3.0.5+nobinonly-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox-trunk-dom-inspector\", ver:\"3.0.5+nobinonly-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox-trunk-gnome-support\", ver:\"3.0.5+nobinonly-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox-trunk-venkman\", ver:\"3.0.5+nobinonly-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox-trunk\", ver:\"3.0.5+nobinonly-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"xulrunner\", ver:\"1.9-dom-inspector_1.9.0.5+nobinonly-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"xulrunner\", ver:\"1.9-venkman_1.9.0.5+nobinonly-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:56:17", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-5505", "CVE-2008-5500", "CVE-2008-5510", "CVE-2008-5502", "CVE-2008-5513", "CVE-2008-5512", "CVE-2008-5501", "CVE-2008-5511", "CVE-2008-5508", "CVE-2008-5507", "CVE-2008-5506"], "description": "Check for the Version of kazehakase", "modified": "2017-07-10T00:00:00", "published": "2009-02-13T00:00:00", "id": "OPENVAS:860330", "href": "http://plugins.openvas.org/nasl.php?oid=860330", "type": "openvas", "title": "Fedora Update for kazehakase FEDORA-2008-11511", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for kazehakase FEDORA-2008-11511\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Kazehakase is a Web browser which aims to provide\n a user interface that is truly user-friendly &amp; fully customizable.\n\n This package uses Gecko for HTML rendering engine.\";\n\ntag_affected = \"kazehakase on Fedora 10\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01006.html\");\n script_id(860330);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-13 10:35:30 +0100 (Fri, 13 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2008-11511\");\n script_cve_id(\"CVE-2008-5500\", \"CVE-2008-5507\", \"CVE-2008-5506\", \"CVE-2008-5501\", \"CVE-2008-5513\", \"CVE-2008-5502\", \"CVE-2008-5512\", \"CVE-2008-5511\", \"CVE-2008-5505\", \"CVE-2008-5510\", \"CVE-2008-5508\");\n script_name( \"Fedora Update for kazehakase FEDORA-2008-11511\");\n\n script_summary(\"Check for the Version of kazehakase\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC10\")\n{\n\n if ((res = isrpmvuln(pkg:\"kazehakase\", rpm:\"kazehakase~0.5.6~1.fc10.2\", rls:\"FC10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:56:13", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-5505", "CVE-2008-5500", "CVE-2008-5510", "CVE-2008-5502", "CVE-2008-5513", "CVE-2008-5512", "CVE-2008-5501", "CVE-2008-5511", "CVE-2008-5508", "CVE-2008-5507", "CVE-2008-5506"], "description": "Check for the Version of blam", "modified": "2017-07-10T00:00:00", "published": "2009-02-13T00:00:00", "id": "OPENVAS:860700", "href": "http://plugins.openvas.org/nasl.php?oid=860700", "type": "openvas", "title": "Fedora Update for blam FEDORA-2008-11511", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for blam FEDORA-2008-11511\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"blam on Fedora 10\";\ntag_insight = \"Blam is a tool that helps you keep track of the growing\n number of news feeds distributed as RSS. Blam lets you\n subscribe to any number of feeds and provides an easy to\n use and clean interface to stay up to date\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01000.html\");\n script_id(860700);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-13 10:35:30 +0100 (Fri, 13 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2008-11511\");\n script_cve_id(\"CVE-2008-5500\", \"CVE-2008-5507\", \"CVE-2008-5506\", \"CVE-2008-5501\", \"CVE-2008-5513\", \"CVE-2008-5502\", \"CVE-2008-5512\", \"CVE-2008-5511\", \"CVE-2008-5505\", \"CVE-2008-5510\", \"CVE-2008-5508\");\n script_name( \"Fedora Update for blam FEDORA-2008-11511\");\n\n script_summary(\"Check for the Version of blam\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC10\")\n{\n\n if ((res = isrpmvuln(pkg:\"blam\", rpm:\"blam~1.8.5~5.fc10\", rls:\"FC10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:57:07", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-5505", "CVE-2008-5500", "CVE-2008-5510", "CVE-2008-5502", "CVE-2008-5513", "CVE-2008-5512", "CVE-2008-5501", "CVE-2008-5511", "CVE-2008-5508", "CVE-2008-5507", "CVE-2008-5506"], "description": "Check for the Version of ruby-gnome2", "modified": "2017-07-10T00:00:00", "published": "2009-02-13T00:00:00", "id": "OPENVAS:860771", "href": "http://plugins.openvas.org/nasl.php?oid=860771", "type": "openvas", "title": "Fedora Update for ruby-gnome2 FEDORA-2008-11598", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for ruby-gnome2 FEDORA-2008-11598\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"ruby-gnome2 on Fedora 9\";\ntag_insight = \"This is a set of bindings for the GNOME-2.x libraries for use from Ruby.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01066.html\");\n script_id(860771);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-13 10:35:30 +0100 (Fri, 13 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2008-11598\");\n script_cve_id(\"CVE-2008-5501\", \"CVE-2008-5512\", \"CVE-2008-5506\", \"CVE-2008-5510\", \"CVE-2008-5513\", \"CVE-2008-5507\", \"CVE-2008-5500\", \"CVE-2008-5511\", \"CVE-2008-5505\", \"CVE-2008-5502\", \"CVE-2008-5508\");\n script_name( \"Fedora Update for ruby-gnome2 FEDORA-2008-11598\");\n\n script_summary(\"Check for the Version of ruby-gnome2\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC9\")\n{\n\n if ((res = isrpmvuln(pkg:\"ruby-gnome2\", rpm:\"ruby-gnome2~0.17.0~4.fc9\", rls:\"FC9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:40:06", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-5505", "CVE-2008-5500", "CVE-2008-5510", "CVE-2008-5502", "CVE-2008-5513", "CVE-2008-5512", "CVE-2008-5501", "CVE-2008-5511", "CVE-2008-5508", "CVE-2008-5507", "CVE-2008-5506"], "description": "Check for the Version of firefox", "modified": "2018-04-06T00:00:00", "published": "2009-03-06T00:00:00", "id": "OPENVAS:1361412562310870116", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870116", "type": "openvas", "title": "RedHat Update for firefox RHSA-2008:1036-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for firefox RHSA-2008:1036-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Mozilla Firefox is an open source Web browser.\n\n Several flaws were found in the processing of malformed web content. A web\n page containing malicious content could cause Firefox to crash or,\n potentially, execute arbitrary code as the user running Firefox.\n (CVE-2008-5500, CVE-2008-5501, CVE-2008-5502, CVE-2008-5511, CVE-2008-5512,\n CVE-2008-5513)\n \n Several flaws were found in the way malformed content was processed. A\n website containing specially-crafted content could potentially trick a\n Firefox user into surrendering sensitive information. (CVE-2008-5506,\n CVE-2008-5507)\n \n A flaw was found in the way Firefox stored attributes in XML User Interface\n Language (XUL) elements. A web site could use this flaw to track users\n across browser sessions, even if users did not allow the site to store\n cookies in the victim's browser. (CVE-2008-5505)\n \n A flaw was found in the way malformed URLs were processed by Firefox.\n This flaw could prevent various URL sanitization mechanisms from properly\n parsing a malicious URL. (CVE-2008-5508)\n \n A flaw was found in Firefox's CSS parser. A malicious web page could inject\n NULL characters into a CSS input string, possibly bypassing an\n application's script sanitization routines. (CVE-2008-5510)\n \n For technical details regarding these flaws, please see the Mozilla\n security advisories for Firefox 3.0.5. You can find a link to the Mozilla\n advisories in the References section.\n \n Note: after the errata packages are installed, Firefox must be restarted\n for the update to take effect.\n \n All firefox users should upgrade to these updated packages, which contain\n backported patches that correct these issues.\";\n\ntag_affected = \"firefox on Red Hat Enterprise Linux AS version 4,\n Red Hat Enterprise Linux ES version 4,\n Red Hat Enterprise Linux WS version 4,\n Red Hat Enterprise Linux (v. 5 server)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2008-December/msg00011.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870116\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-06 07:30:35 +0100 (Fri, 06 Mar 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"RHSA\", value: \"2008:1036-01\");\n script_cve_id(\"CVE-2008-5500\", \"CVE-2008-5501\", \"CVE-2008-5502\", \"CVE-2008-5505\", \"CVE-2008-5506\", \"CVE-2008-5507\", \"CVE-2008-5508\", \"CVE-2008-5510\", \"CVE-2008-5511\", \"CVE-2008-5512\", \"CVE-2008-5513\");\n script_name( \"RedHat Update for firefox RHSA-2008:1036-01\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of firefox\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~3.0.5~1.el5_2\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-debuginfo\", rpm:\"firefox-debuginfo~3.0.5~1.el5_2\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nspr\", rpm:\"nspr~4.7.3~2.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nspr-debuginfo\", rpm:\"nspr-debuginfo~4.7.3~2.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nspr-devel\", rpm:\"nspr-devel~4.7.3~2.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss\", rpm:\"nss~3.12.2.0~2.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss-debuginfo\", rpm:\"nss-debuginfo~3.12.2.0~2.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss-devel\", rpm:\"nss-devel~3.12.2.0~2.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss-pkcs11-devel\", rpm:\"nss-pkcs11-devel~3.12.2.0~2.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss-tools\", rpm:\"nss-tools~3.12.2.0~2.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xulrunner\", rpm:\"xulrunner~1.9.0.5~1.el5_2\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xulrunner-debuginfo\", rpm:\"xulrunner-debuginfo~1.9.0.5~1.el5_2\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xulrunner-devel\", rpm:\"xulrunner-devel~1.9.0.5~1.el5_2\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xulrunner-devel-unstable\", rpm:\"xulrunner-devel-unstable~1.9.0.5~1.el5_2\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"RHENT_4\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~3.0.5~1.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-debuginfo\", rpm:\"firefox-debuginfo~3.0.5~1.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nspr\", rpm:\"nspr~4.7.3~1.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nspr-debuginfo\", rpm:\"nspr-debuginfo~4.7.3~1.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nspr-devel\", rpm:\"nspr-devel~4.7.3~1.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss\", rpm:\"nss~3.12.2.0~1.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss-debuginfo\", rpm:\"nss-debuginfo~3.12.2.0~1.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss-devel\", rpm:\"nss-devel~3.12.2.0~1.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "ubuntu": [{"lastseen": "2020-07-08T23:38:16", "bulletinFamily": "unix", "cvelist": ["CVE-2008-5505", "CVE-2008-5500", "CVE-2008-5510", "CVE-2008-5502", "CVE-2008-5513", "CVE-2008-5512", "CVE-2008-5501", "CVE-2008-5511", "CVE-2008-5508", "CVE-2008-5507", "CVE-2008-5506"], "description": "Several flaws were discovered in the browser engine. These problems could allow \nan attacker to crash the browser and possibly execute arbitrary code with user \nprivileges. (CVE-2008-5500, CVE-2008-5501, CVE-2008-5502)\n\nIt was discovered that Firefox did not properly handle persistent cookie data. \nIf a user were tricked into opening a malicious website, an attacker could \nwrite persistent data in the user's browser and track the user across browsing \nsessions. (CVE-2008-5505)\n\nMarius Schilder discovered that Firefox did not properly handle redirects to \nan outside domain when an XMLHttpRequest was made to a same-origin resource. \nIt's possible that sensitive information could be revealed in the \nXMLHttpRequest response. (CVE-2008-5506)\n\nChris Evans discovered that Firefox did not properly protect a user's data when \naccessing a same-domain Javascript URL that is redirected to an unparsable \nJavascript off-site resource. If a user were tricked into opening a malicious \nwebsite, an attacker may be able to steal a limited amount of private data. \n(CVE-2008-5507)\n\nChip Salzenberg, Justin Schuh, Tom Cross, and Peter William discovered Firefox \ndid not properly parse URLs when processing certain control characters. \n(CVE-2008-5508)\n\nKojima Hajime discovered that Firefox did not properly handle an escaped null \ncharacter. An attacker may be able to exploit this flaw to bypass script \nsanitization. (CVE-2008-5510)\n\nSeveral flaws were discovered in the Javascript engine. If a user were tricked \ninto opening a malicious website, an attacker could exploit this to execute \narbitrary Javascript code within the context of another website or with chrome \nprivileges. (CVE-2008-5511, CVE-2008-5512)\n\nFlaws were discovered in the session-restore feature of Firefox. If a user were \ntricked into opening a malicious website, an attacker could exploit this to \nperform cross-site scripting attacks or execute arbitrary Javascript code with \nchrome privileges. (CVE-2008-5513)", "edition": 5, "modified": "2008-12-17T00:00:00", "published": "2008-12-17T00:00:00", "id": "USN-690-1", "href": "https://ubuntu.com/security/notices/USN-690-1", "title": "Firefox and xulrunner vulnerabilities", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "centos": [{"lastseen": "2020-12-08T03:33:17", "bulletinFamily": "unix", "cvelist": ["CVE-2008-5505", "CVE-2008-5500", "CVE-2008-5510", "CVE-2008-5502", "CVE-2008-5513", "CVE-2008-5512", "CVE-2008-5501", "CVE-2008-5511", "CVE-2008-5508", "CVE-2008-5507", "CVE-2008-5506"], "description": "**CentOS Errata and Security Advisory** CESA-2008:1036\n\n\nMozilla Firefox is an open source Web browser.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code as the user running Firefox.\n(CVE-2008-5500, CVE-2008-5501, CVE-2008-5502, CVE-2008-5511, CVE-2008-5512,\nCVE-2008-5513)\n\nSeveral flaws were found in the way malformed content was processed. A\nwebsite containing specially-crafted content could potentially trick a\nFirefox user into surrendering sensitive information. (CVE-2008-5506,\nCVE-2008-5507)\n\nA flaw was found in the way Firefox stored attributes in XML User Interface\nLanguage (XUL) elements. A web site could use this flaw to track users\nacross browser sessions, even if users did not allow the site to store\ncookies in the victim's browser. (CVE-2008-5505)\n\nA flaw was found in the way malformed URLs were processed by Firefox.\nThis flaw could prevent various URL sanitization mechanisms from properly\nparsing a malicious URL. (CVE-2008-5508)\n\nA flaw was found in Firefox's CSS parser. A malicious web page could inject\nNULL characters into a CSS input string, possibly bypassing an\napplication's script sanitization routines. (CVE-2008-5510)\n\nFor technical details regarding these flaws, please see the Mozilla\nsecurity advisories for Firefox 3.0.5. You can find a link to the Mozilla\nadvisories in the References section.\n\nNote: after the errata packages are installed, Firefox must be restarted\nfor the update to take effect.\n\nAll firefox users should upgrade to these updated packages, which contain\nbackported patches that correct these issues.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2008-December/027541.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-December/027542.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-December/027546.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-December/039877.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-December/039878.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-December/039887.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-December/039888.html\n\n**Affected packages:**\nfirefox\nnspr\nnspr-devel\nnss\nnss-devel\nnss-pkcs11-devel\nnss-tools\nseamonkey\nseamonkey-chat\nseamonkey-devel\nseamonkey-dom-inspector\nseamonkey-js-debugger\nseamonkey-mail\nxulrunner\nxulrunner-devel\nxulrunner-devel-unstable\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2008-1036.html\nhttps://rhn.redhat.com/errata/RHSA-2008-1037.html", "edition": 4, "modified": "2008-12-23T16:04:04", "published": "2008-12-21T23:29:01", "href": "http://lists.centos.org/pipermail/centos-announce/2008-December/027541.html", "id": "CESA-2008:1036", "title": "firefox, nspr, nss, seamonkey, xulrunner security update", "type": "centos", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "redhat": [{"lastseen": "2019-08-13T18:44:35", "bulletinFamily": "unix", "cvelist": ["CVE-2008-5500", "CVE-2008-5501", "CVE-2008-5502", "CVE-2008-5505", "CVE-2008-5506", "CVE-2008-5507", "CVE-2008-5508", "CVE-2008-5510", "CVE-2008-5511", "CVE-2008-5512", "CVE-2008-5513"], "description": "Mozilla Firefox is an open source Web browser.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code as the user running Firefox.\n(CVE-2008-5500, CVE-2008-5501, CVE-2008-5502, CVE-2008-5511, CVE-2008-5512,\nCVE-2008-5513)\n\nSeveral flaws were found in the way malformed content was processed. A\nwebsite containing specially-crafted content could potentially trick a\nFirefox user into surrendering sensitive information. (CVE-2008-5506,\nCVE-2008-5507)\n\nA flaw was found in the way Firefox stored attributes in XML User Interface\nLanguage (XUL) elements. A web site could use this flaw to track users\nacross browser sessions, even if users did not allow the site to store\ncookies in the victim's browser. (CVE-2008-5505)\n\nA flaw was found in the way malformed URLs were processed by Firefox.\nThis flaw could prevent various URL sanitization mechanisms from properly\nparsing a malicious URL. (CVE-2008-5508)\n\nA flaw was found in Firefox's CSS parser. A malicious web page could inject\nNULL characters into a CSS input string, possibly bypassing an\napplication's script sanitization routines. (CVE-2008-5510)\n\nFor technical details regarding these flaws, please see the Mozilla\nsecurity advisories for Firefox 3.0.5. You can find a link to the Mozilla\nadvisories in the References section.\n\nNote: after the errata packages are installed, Firefox must be restarted\nfor the update to take effect.\n\nAll firefox users should upgrade to these updated packages, which contain\nbackported patches that correct these issues.", "modified": "2017-09-08T12:12:10", "published": "2008-12-16T05:00:00", "id": "RHSA-2008:1036", "href": "https://access.redhat.com/errata/RHSA-2008:1036", "type": "redhat", "title": "(RHSA-2008:1036) Critical: firefox security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:36:05", "bulletinFamily": "unix", "cvelist": ["CVE-2008-5505", "CVE-2008-5500", "CVE-2008-5510", "CVE-2008-5502", "CVE-2008-5513", "CVE-2008-5512", "CVE-2008-5501", "CVE-2008-5511", "CVE-2008-5508", "CVE-2008-5507", "CVE-2008-5506"], "description": "firefox :\n[3.0.5-1.0.1]\n- Added firefox-oracle-default-prefs.js/firefox-oracle-default-bookmarks.html\n- Removed the corresponding files of Red Hat.\n- Added patch oracle-firefox-branding.patch\n- Update firstrun URL in spec file\n[3.0.5-1]\n- Update to Firefox 3.0.5\nnspr:\n[4.7.3-2]\n- Update to NSPR 4.7.3\nnss:\n[3.12.2.0-2]\n- Update to NSS_3_12_2_RC1\n- Use system zlib\nxulrunner:\n[1.9.0.5-1.0.1]\n- Added xulrunner-oracle-default-prefs.js", "edition": 4, "modified": "2008-12-17T00:00:00", "published": "2008-12-17T00:00:00", "id": "ELSA-2008-1036", "href": "http://linux.oracle.com/errata/ELSA-2008-1036.html", "title": "firefox security update", "type": "oraclelinux", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}