Mozilla community member Wladimir Palant reported that XML documents were failing to call certain security checks when loading new content. This could result in certain resources being loaded that would otherwise violate security policies set by the browser or installed add-ons.
This issue has not been fixed in Firefox 3.0
References
{"id": "SECURITYVULNS:DOC:23563", "bulletinFamily": "software", "title": "Mozilla Foundation Security Advisory 2010-24", "description": "Mozilla Foundation Security Advisory 2010-24\r\n\r\nTitle: XMLDocument::load() doesn't check nsIContentPolicy\r\nImpact: Low\r\nAnnounced: March 30, 2010\r\nReporter: Wladimir Palant\r\nProducts: Firefox, Thunderbird, SeaMonkey\r\n\r\nFixed in: Firefox 3.6.2\r\n Firefox 3.5.9\r\n Thunderbird 3.0.4\r\n SeaMonkey 2.0.4\r\nDescription\r\n\r\nMozilla community member Wladimir Palant reported that XML documents were failing to call certain security checks when loading new content. This could result in certain resources being loaded that would otherwise violate security policies set by the browser or installed add-ons.\r\n\r\nThis issue has not been fixed in Firefox 3.0\r\nReferences\r\n\r\n * https://bugzilla.mozilla.org/show_bug.cgi?id=490790\r\n * CVE-2010-0182\r\n", "published": "2010-04-06T00:00:00", "modified": "2010-04-06T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:23563", "reporter": "Securityvulns", "references": [], "cvelist": ["CVE-2010-0182"], "type": "securityvulns", "lastseen": "2018-08-31T11:10:34", "history": [], "edition": 1, "hashmap": [{"key": "affectedSoftware", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "bulletinFamily", "hash": "f9fa10ba956cacf91d7878861139efb9"}, {"key": "cvelist", "hash": "595f38346fbaa5d75a73a86f5e0aa4fa"}, {"key": "cvss", "hash": "6e9bdd2021503689a2ad9254c9cdf2b3"}, {"key": "description", "hash": "b5f6fb717ad59d7eed00f93169b2baea"}, {"key": "href", "hash": "5e3ec2870fea22b2d0293ff37a2d99e6"}, {"key": "modified", "hash": "bca73a9789d0ea23d460e1c50048e34c"}, {"key": "published", "hash": "bca73a9789d0ea23d460e1c50048e34c"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "a49ebb2e1a771348dfa0039e0d589df6"}, {"key": "title", "hash": "350b1aa6c102d1fb8dd294ca28b496b3"}, {"key": "type", "hash": "d54751dd75af2ea0147b462b3e001cd0"}], "hash": "929721b31b1979945e40bca844baad9ed810026d01b109c538543db908fd71c1", "viewCount": 2, "enchantments": {"score": {"value": 5.0, "vector": "NONE", "modified": "2018-08-31T11:10:34"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2010-0182"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310800753", "OPENVAS:800753", "OPENVAS:1361412562310840415", "OPENVAS:840415", "OPENVAS:67832", "OPENVAS:861856", "OPENVAS:1361412562310861856", "OPENVAS:136141256231067832", "OPENVAS:870282", "OPENVAS:1361412562310850131"]}, {"type": "nessus", "idList": ["FEDORA_2010-6236.NASL", "FEDORA_2010-5840.NASL", "MOZILLA_THUNDERBIRD_304.NASL", "MOZILLA_FIREFOX_359.NASL", "UBUNTU_USN-921-1.NASL", "SEAMONKEY_204.NASL", "DEBIAN_DSA-2075.NASL", "SUSE_MOZILLAFIREFOX-6970.NASL", "SUSE_11_MOZILLAFIREFOX-100406.NASL", "SUSE_11_MOZILLA-XULRUNNER190-100406.NASL"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2075-1:0D9EA"]}, {"type": "ubuntu", "idList": ["USN-921-1"]}, {"type": "oraclelinux", "idList": ["ELSA-2010-0500", "ELSA-2010-0501"]}, {"type": "centos", "idList": ["CESA-2010:0501", "CESA-2010:0500"]}, {"type": "redhat", "idList": ["RHSA-2010:0500", "RHSA-2010:0501"]}, {"type": "suse", "idList": ["SUSE-SA:2010:021", "OPENSUSE-SU-2014:1100-1"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:10745"]}, {"type": "gentoo", "idList": ["GLSA-201301-01"]}], "modified": "2018-08-31T11:10:34"}, "vulnersScore": 5.0}, "objectVersion": "1.3", "affectedSoftware": []}
{"cve": [{"lastseen": "2018-11-01T05:12:46", "bulletinFamily": "NVD", "description": "The XMLDocument::load function in Mozilla Firefox before 3.5.9 and 3.6.x before 3.6.2, Thunderbird before 3.0.4, and SeaMonkey before 2.0.4 does not perform the expected nsIContentPolicy checks during loading of content by XML documents, which allows attackers to bypass intended access restrictions via crafted content.", "modified": "2018-10-30T12:25:58", "published": "2010-04-05T13:30:00", "id": "CVE-2010-0182", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0182", "title": "CVE-2010-0182", "type": "cve", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "openvas": [{"lastseen": "2018-12-05T13:46:36", "bulletinFamily": "scanner", "description": "The host is installed with Mozilla Firefox/Seamonkey/Thunderbird and is prone\n to multiple vulnerabilities.", "modified": "2018-12-04T00:00:00", "published": "2010-04-13T00:00:00", "id": "OPENVAS:1361412562310800753", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310800753", "title": "Mozilla Products Multiple Vulnerabilities Apr-10 (Windows)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_mozilla_prdts_mult_vuln_win_apr10.nasl 12653 2018-12-04 15:31:25Z cfischer $\n#\n# Mozilla Products Multiple Vulnerabilities Apr-10 (Windows)\n#\n# Authors:\n# Madhuri D <dmadhuri@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.800753\");\n script_version(\"$Revision: 12653 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-12-04 16:31:25 +0100 (Tue, 04 Dec 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-04-13 16:55:19 +0200 (Tue, 13 Apr 2010)\");\n script_cve_id(\"CVE-2010-0173\", \"CVE-2010-0182\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Mozilla Products Multiple Vulnerabilities Apr-10 (Windows)\");\n\n script_xref(name:\"URL\", value:\"http://xforce.iss.net/xforce/xfdb/57388\");\n script_xref(name:\"URL\", value:\"http://xforce.iss.net/xforce/xfdb/57396\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2010/mfsa2010-16.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2010/mfsa2010-24.html\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_firefox_detect_portable_win.nasl\", \"gb_seamonkey_detect_win.nasl\",\n \"gb_thunderbird_detect_portable_win.nasl\");\n script_mandatory_keys(\"Mozilla/Firefox_or_Seamonkey_or_Thunderbird/Installed\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will let attackers to to cause a denial of service\n or execute arbitrary code.\");\n\n script_tag(name:\"affected\", value:\"Seamonkey version prior to 2.0.4,\n\n Thunderbird version proior to 3.0.4 and\n\n Firefox version before 3.5.9 and 3.6.x before 3.6.2\");\n\n script_tag(name:\"insight\", value:\"The flaws are due to:\n\n - A memory corruption error when user loads specially crafted HTML or specially\n crafted HTML-based e-mail, which allows to execute arbitrary code via unknown vectors.\n\n - An error in 'XMLDocument::load()' method. It is not checking 'nsIContentPolicy'\n during loading of content by XML documents, which allows to bypass intended\n access restrictions via crafted content.\");\n\n script_tag(name:\"summary\", value:\"The host is installed with Mozilla Firefox/Seamonkey/Thunderbird and is prone\n to multiple vulnerabilities.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Firefox version 3.5.9, 3.6.2\n\n Upgrade to Seamonkey version 2.0.4\n\n Upgrade to Thunderbird version 3.0.4\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\n\nffVer = get_kb_item(\"Firefox/Win/Ver\");\nif(ffVer)\n{\n if(version_is_less(version:ffVer, test_version:\"3.5.9\") ||\n version_in_range(version:ffVer, test_version:\"3.6\", test_version2:\"3.6.1\"))\n {\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n }\n}\n\nsmVer = get_kb_item(\"Seamonkey/Win/Ver\");\nif(smVer)\n{\n if(version_is_less(version:smVer, test_version:\"2.0.4\"))\n {\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n }\n}\n\ntbVer = get_kb_item(\"Thunderbird/Win/Ver\");\nif(tbVer)\n{\n if(version_is_less(version:tbVer, test_version:\"3.0.4\")){\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n }\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-12T10:50:04", "bulletinFamily": "scanner", "description": "The host is installed with Mozilla Firefox/Seamonkey/Thunderbird and is prone\n to multiple vulnerabilities.", "modified": "2017-06-27T00:00:00", "published": "2010-04-13T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=800753", "id": "OPENVAS:800753", "title": "Mozilla Products Multiple Vulnerabilitie Apr-10 (Windows)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_mozilla_prdts_mult_vuln_win_apr10.nasl 6444 2017-06-27 11:24:02Z santu $\n#\n# Mozilla Products Multiple Vulnerabilitie Apr-10 (Windows)\n#\n# Authors:\n# Madhuri D <dmadhuri@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_solution = \"Upgrade to Firefox version 3.5.9, 3.6.2\n http://www.mozilla.com/en-US/firefox/all.html\n\n Upgrade to Seamonkey version 2.0.4\n http://www.seamonkey-project.org/releases/\n\n Upgrade to Thunderbird version 3.0.4\n http://www.mozillamessaging.com/en-US/thunderbird/\";\n\ntag_impact = \"Successful exploitation will let attackers to to cause a denial of service\n or execute arbitrary code.\n Impact Level: Application\";\ntag_affected = \"Seamonkey version prior to 2.0.4,\n Thunderbird version proior to 3.0.4 and\n Firefox version before 3.5.9 and 3.6.x before 3.6.2\";\ntag_insight = \"The flaws are due to:\n - A memory corruption error when user loads specially crafted HTML or specially\n crafted HTML-based e-mail, which allows to execute arbitrary code via unknown\n vectors.\n - An error in 'XMLDocument::load()' method. It is not checking 'nsIContentPolicy'\n during loading of content by XML documents, which allows to bypass intended\n access restrictions via crafted content.\";\ntag_summary = \"The host is installed with Mozilla Firefox/Seamonkey/Thunderbird and is prone\n to multiple vulnerabilities.\";\n\nif(description)\n{\n script_id(800753);\n script_version(\"$Revision: 6444 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-06-27 13:24:02 +0200 (Tue, 27 Jun 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-04-13 16:55:19 +0200 (Tue, 13 Apr 2010)\");\n script_cve_id(\"CVE-2010-0173\", \"CVE-2010-0182\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Mozilla Products Multiple Vulnerabilitie Apr-10 (Windows)\");\n\n script_xref(name : \"URL\" , value : \"http://xforce.iss.net/xforce/xfdb/57388\");\n script_xref(name : \"URL\" , value : \"http://xforce.iss.net/xforce/xfdb/57396\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2010/mfsa2010-16.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2010/mfsa2010-24.html\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_firefox_detect_win.nasl\", \"gb_seamonkey_detect_win.nasl\",\n \"gb_thunderbird_detect_win.nasl\");\n script_mandatory_keys(\"Mozilla/Firefox_or_Seamonkey_or_Thunderbird/Installed\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"solution\" , value : tag_solution);\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\n# Firefox Check\nffVer = get_kb_item(\"Firefox/Win/Ver\");\nif(ffVer)\n{\n # Grep for Firefox version 3.5.9, 3.6 < 3.6.2\n if(version_is_less(version:ffVer, test_version:\"3.5.9\") ||\n version_in_range(version:ffVer, test_version:\"3.6\", test_version2:\"3.6.1\"))\n {\n security_message(0);\n exit(0);\n }\n}\n\n# Seamonkey Check\nsmVer = get_kb_item(\"Seamonkey/Win/Ver\");\nif(smVer != NULL)\n{\n # Grep for Seamonkey version < 2.0.4\n if(version_is_less(version:smVer, test_version:\"2.0.4\"))\n {\n security_message(0);\n exit(0);\n }\n}\n\n# Thunderbird Check\ntbVer = get_kb_item(\"Thunderbird/Win/Ver\");\nif(tbVer != NULL)\n{\n # Grep for Thunderbird version < 3.0.4\n if(version_is_less(version:tbVer, test_version:\"3.0.4\")){\n security_message(0);\n }\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-20T13:18:45", "bulletinFamily": "scanner", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-921-1", "modified": "2017-12-19T00:00:00", "published": "2010-04-16T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840415", "id": "OPENVAS:1361412562310840415", "type": "openvas", "title": "Ubuntu Update for Firefox 3.5 and Xulrunner vulnerabilities USN-921-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_921_1.nasl 8168 2017-12-19 07:30:15Z teissa $\n#\n# Ubuntu Update for Firefox 3.5 and Xulrunner vulnerabilities USN-921-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Martijn Wargers, Josh Soref, Jesse Ruderman, and Ehsan Akhgari discovered\n flaws in the browser engine of Firefox. If a user were tricked into viewing\n a malicious website, a remote attacker could cause a denial of service or\n possibly execute arbitrary code with the privileges of the user invoking\n the program. (CVE-2010-0173, CVE-2010-0174)\n\n It was discovered that Firefox could be made to access previously freed\n memory. If a user were tricked into viewing a malicious website, a remote\n attacker could cause a denial of service or possibly execute arbitrary code\n with the privileges of the user invoking the program. (CVE-2010-0175,\n CVE-2010-0176, CVE-2010-0177)\n \n Paul Stone discovered that Firefox could be made to change a mouse click\n into a drag and drop event. If the user could be tricked into performing\n this action twice on a crafted website, an attacker could execute\n arbitrary JavaScript with chrome privileges. (CVE-2010-0178)\n \n It was discovered that the XMLHttpRequestSpy module as used by the Firebug\n add-on could be used to escalate privileges within the browser. If the user\n had the Firebug add-on installed and were tricked into viewing a malicious\n website, an attacker could potentially run arbitrary JavaScript.\n (CVE-2010-0179)\n \n Henry Sudhof discovered that an image tag could be used as a redirect to\n a mailto: URL to launch an external mail handler. (CVE-2010-0181)\n \n Wladimir Palant discovered that Firefox did not always perform security\n checks on XML content. An attacker could exploit this to bypass security\n policies to load certain resources. (CVE-2010-0182)\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-921-1\";\ntag_affected = \"Firefox 3.5 and Xulrunner vulnerabilities on Ubuntu 9.10\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-921-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.840415\");\n script_version(\"$Revision: 8168 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-19 08:30:15 +0100 (Tue, 19 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-04-16 17:02:11 +0200 (Fri, 16 Apr 2010)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"USN\", value: \"921-1\");\n script_cve_id(\"CVE-2010-0173\", \"CVE-2010-0174\", \"CVE-2010-0175\", \"CVE-2010-0176\", \"CVE-2010-0177\", \"CVE-2010-0178\", \"CVE-2010-0179\", \"CVE-2010-0181\", \"CVE-2010-0182\");\n script_name(\"Ubuntu Update for Firefox 3.5 and Xulrunner vulnerabilities USN-921-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU9.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"abrowser-3.5-branding\", ver:\"3.5.9+nobinonly-0ubuntu0.9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox-3.5-branding\", ver:\"3.5.9+nobinonly-0ubuntu0.9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox-3.5-dbg\", ver:\"3.5.9+nobinonly-0ubuntu0.9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox-3.5-dev\", ver:\"3.5.9+nobinonly-0ubuntu0.9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox-3.5-gnome-support\", ver:\"3.5.9+nobinonly-0ubuntu0.9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox-3.5\", ver:\"3.5.9+nobinonly-0ubuntu0.9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"xulrunner-1.9.1-dbg\", ver:\"1.9.1.9+nobinonly-0ubuntu0.9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"xulrunner-1.9.1-dev\", ver:\"1.9.1.9+nobinonly-0ubuntu0.9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"xulrunner-1.9.1-gnome-support\", ver:\"1.9.1.9+nobinonly-0ubuntu0.9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"xulrunner-1.9.1-testsuite-dev\", ver:\"1.9.1.9+nobinonly-0ubuntu0.9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"xulrunner-1.9.1\", ver:\"1.9.1.9+nobinonly-0ubuntu0.9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"xulrunner-dev\", ver:\"1.9.1.9+nobinonly-0ubuntu0.9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"xulrunner-1.9.1-testsuite\", ver:\"1.9.1.9+nobinonly-0ubuntu0.9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"abrowser\", ver:\"3.5.9+nobinonly-0ubuntu0.9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox-3.0-dev\", ver:\"3.5.9+nobinonly-0ubuntu0.9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox-3.1-dbg\", ver:\"3.5.9+nobinonly-0ubuntu0.9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox-3.1-dev\", ver:\"3.5.9+nobinonly-0ubuntu0.9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox-gnome-support\", ver:\"3.5.9+nobinonly-0ubuntu0.9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox\", ver:\"3.5.9+nobinonly-0ubuntu0.9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"abrowser-3.0-branding\", ver:\"3.5.9+nobinonly-0ubuntu0.9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"abrowser-3.0\", ver:\"3.5.9+nobinonly-0ubuntu0.9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"abrowser-3.1-branding\", ver:\"3.5.9+nobinonly-0ubuntu0.9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"abrowser-3.1\", ver:\"3.5.9+nobinonly-0ubuntu0.9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"abrowser-3.5\", ver:\"3.5.9+nobinonly-0ubuntu0.9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox-3.0-branding\", ver:\"3.5.9+nobinonly-0ubuntu0.9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox-3.0-dom-inspector\", ver:\"3.5.9+nobinonly-0ubuntu0.9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox-3.0-gnome-support\", ver:\"3.5.9+nobinonly-0ubuntu0.9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox-3.0-venkman\", ver:\"3.5.9+nobinonly-0ubuntu0.9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox-3.0\", ver:\"3.5.9+nobinonly-0ubuntu0.9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox-3.1-branding\", ver:\"3.5.9+nobinonly-0ubuntu0.9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox-3.1-gnome-support\", ver:\"3.5.9+nobinonly-0ubuntu0.9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox-3.1\", ver:\"3.5.9+nobinonly-0ubuntu0.9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox-dom-inspector\", ver:\"3.5.9+nobinonly-0ubuntu0.9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-06T13:04:45", "bulletinFamily": "scanner", "description": "Check for the Version of seamonkey", "modified": "2018-01-03T00:00:00", "published": "2010-04-06T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310861856", "id": "OPENVAS:1361412562310861856", "title": "Fedora Update for seamonkey FEDORA-2010-5840", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for seamonkey FEDORA-2010-5840\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"seamonkey on Fedora 12\";\ntag_insight = \"SeaMonkey is an all-in-one Internet application suite. It includes\n a browser, mail/news client, IRC client, JavaScript debugger, and\n a tool to inspect the DOM for web pages. It is derived from the\n application formerly known as Mozilla Application Suite.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038416.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.861856\");\n script_version(\"$Revision: 8274 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-03 08:28:17 +0100 (Wed, 03 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-04-06 08:56:44 +0200 (Tue, 06 Apr 2010)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2010-5840\");\n script_cve_id(\"CVE-2010-0173\", \"CVE-2010-0174\", \"CVE-2010-0175\", \"CVE-2010-0176\", \"CVE-2010-0177\", \"CVE-2010-0178\", \"CVE-2010-0181\", \"CVE-2010-0182\");\n script_name(\"Fedora Update for seamonkey FEDORA-2010-5840\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of seamonkey\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC12\")\n{\n\n if ((res = isrpmvuln(pkg:\"seamonkey\", rpm:\"seamonkey~2.0.4~1.fc12\", rls:\"FC12\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:49:13", "bulletinFamily": "scanner", "description": "The remote host is missing an update to xulrunner\nannounced via advisory DSA 2075-1.", "modified": "2017-07-07T00:00:00", "published": "2010-08-21T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=67832", "id": "OPENVAS:67832", "title": "Debian Security Advisory DSA 2075-1 (xulrunner)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2075_1.nasl 6614 2017-07-07 12:09:12Z cfischer $\n# Description: Auto-generated from advisory DSA 2075-1 (xulrunner)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several remote vulnerabilities have been discovered in Xulrunner, a\nruntime environment for XUL applications. The Common Vulnerabilities\nand Exposures project identifies the following problems:\n\nCVE-2010-0182\n\nWladimir Palant discovered that security checks in XML processing\nwere insufficiently enforced.\n\nCVE-2010-0654\n\nChris Evans discovered that insecure CSS handling could lead to\nreading data across domain boundaries.\n\nCVE-2010-1205\n\nAki Helin discovered a buffer overflow in the internal copy of\nlibpng, which could lead to the execution of arbitrary code.\n\nCVE-2010-1208\n\nregenrecht discovered that incorrect memory handling in DOM\nparsing could lead to the execution of arbitrary code.\n\nCVE-2010-1211\n\nJesse Ruderman, Ehsan Akhgari, Mats Palmgren, Igor Bukanov, Gary\nKwong, Tobias Markus and Daniel Holbert discovered crashes in the\nlayout engine, which might allow the execution of arbitrary code.\n\nCVE-2010-1214\n\nJS3 discovered an integer overflow in the plugin code, which\ncould lead to the execution of arbitrary code.\n\nCVE-2010-2751\n\nJordi Chancel discovered that the location could be spoofed to\nappear like a secured page.\n\nCVE-2010-2753\n\nregenrecht discovered that incorrect memory handling in XUL\nparsing could lead to the execution of arbitrary code.\n\nCVE-2010-2754\n\nSoroush Dalili discovered an information leak in script processing.\n\n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 1.9.0.19-3.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.9.1.11-1.\n\nFor the experimental distribution, these problems have been fixed in\nversion 1.9.2.7-1.\n\nWe recommend that you upgrade your xulrunner packages.\";\ntag_summary = \"The remote host is missing an update to xulrunner\nannounced via advisory DSA 2075-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202075-1\";\n\n\nif(description)\n{\n script_id(67832);\n script_version(\"$Revision: 6614 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:09:12 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-08-21 08:54:16 +0200 (Sat, 21 Aug 2010)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2010-0182\", \"CVE-2010-0654\", \"CVE-2010-1205\", \"CVE-2010-1208\", \"CVE-2010-1211\", \"CVE-2010-1214\", \"CVE-2010-2751\", \"CVE-2010-2753\", \"CVE-2010-2754\");\n script_name(\"Debian Security Advisory DSA 2075-1 (xulrunner)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libmozillainterfaces-java\", ver:\"1.9.0.19-3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"python-xpcom\", ver:\"1.9.0.19-3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmozjs1d\", ver:\"1.9.0.19-3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"spidermonkey-bin\", ver:\"1.9.0.19-3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xulrunner-1.9-dbg\", ver:\"1.9.0.19-3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xulrunner-1.9\", ver:\"1.9.0.19-3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmozjs-dev\", ver:\"1.9.0.19-3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xulrunner-1.9-gnome-support\", ver:\"1.9.0.19-3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmozjs1d-dbg\", ver:\"1.9.0.19-3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xulrunner-dev\", ver:\"1.9.0.19-3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-15T11:57:41", "bulletinFamily": "scanner", "description": "Check for the Version of seamonkey", "modified": "2017-12-15T00:00:00", "published": "2010-04-06T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=861856", "id": "OPENVAS:861856", "title": "Fedora Update for seamonkey FEDORA-2010-5840", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for seamonkey FEDORA-2010-5840\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"seamonkey on Fedora 12\";\ntag_insight = \"SeaMonkey is an all-in-one Internet application suite. It includes\n a browser, mail/news client, IRC client, JavaScript debugger, and\n a tool to inspect the DOM for web pages. It is derived from the\n application formerly known as Mozilla Application Suite.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038416.html\");\n script_id(861856);\n script_version(\"$Revision: 8130 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-15 07:31:09 +0100 (Fri, 15 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-04-06 08:56:44 +0200 (Tue, 06 Apr 2010)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2010-5840\");\n script_cve_id(\"CVE-2010-0173\", \"CVE-2010-0174\", \"CVE-2010-0175\", \"CVE-2010-0176\", \"CVE-2010-0177\", \"CVE-2010-0178\", \"CVE-2010-0181\", \"CVE-2010-0182\");\n script_name(\"Fedora Update for seamonkey FEDORA-2010-5840\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of seamonkey\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC12\")\n{\n\n if ((res = isrpmvuln(pkg:\"seamonkey\", rpm:\"seamonkey~2.0.4~1.fc12\", rls:\"FC12\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-18T11:04:52", "bulletinFamily": "scanner", "description": "The remote host is missing an update to xulrunner\nannounced via advisory DSA 2075-1.", "modified": "2018-01-17T00:00:00", "published": "2010-08-21T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231067832", "id": "OPENVAS:136141256231067832", "title": "Debian Security Advisory DSA 2075-1 (xulrunner)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2075_1.nasl 8440 2018-01-17 07:58:46Z teissa $\n# Description: Auto-generated from advisory DSA 2075-1 (xulrunner)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several remote vulnerabilities have been discovered in Xulrunner, a\nruntime environment for XUL applications. The Common Vulnerabilities\nand Exposures project identifies the following problems:\n\nCVE-2010-0182\n\nWladimir Palant discovered that security checks in XML processing\nwere insufficiently enforced.\n\nCVE-2010-0654\n\nChris Evans discovered that insecure CSS handling could lead to\nreading data across domain boundaries.\n\nCVE-2010-1205\n\nAki Helin discovered a buffer overflow in the internal copy of\nlibpng, which could lead to the execution of arbitrary code.\n\nCVE-2010-1208\n\nregenrecht discovered that incorrect memory handling in DOM\nparsing could lead to the execution of arbitrary code.\n\nCVE-2010-1211\n\nJesse Ruderman, Ehsan Akhgari, Mats Palmgren, Igor Bukanov, Gary\nKwong, Tobias Markus and Daniel Holbert discovered crashes in the\nlayout engine, which might allow the execution of arbitrary code.\n\nCVE-2010-1214\n\nJS3 discovered an integer overflow in the plugin code, which\ncould lead to the execution of arbitrary code.\n\nCVE-2010-2751\n\nJordi Chancel discovered that the location could be spoofed to\nappear like a secured page.\n\nCVE-2010-2753\n\nregenrecht discovered that incorrect memory handling in XUL\nparsing could lead to the execution of arbitrary code.\n\nCVE-2010-2754\n\nSoroush Dalili discovered an information leak in script processing.\n\n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 1.9.0.19-3.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.9.1.11-1.\n\nFor the experimental distribution, these problems have been fixed in\nversion 1.9.2.7-1.\n\nWe recommend that you upgrade your xulrunner packages.\";\ntag_summary = \"The remote host is missing an update to xulrunner\nannounced via advisory DSA 2075-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202075-1\";\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.67832\");\n script_version(\"$Revision: 8440 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-17 08:58:46 +0100 (Wed, 17 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-08-21 08:54:16 +0200 (Sat, 21 Aug 2010)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2010-0182\", \"CVE-2010-0654\", \"CVE-2010-1205\", \"CVE-2010-1208\", \"CVE-2010-1211\", \"CVE-2010-1214\", \"CVE-2010-2751\", \"CVE-2010-2753\", \"CVE-2010-2754\");\n script_name(\"Debian Security Advisory DSA 2075-1 (xulrunner)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libmozillainterfaces-java\", ver:\"1.9.0.19-3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"python-xpcom\", ver:\"1.9.0.19-3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmozjs1d\", ver:\"1.9.0.19-3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"spidermonkey-bin\", ver:\"1.9.0.19-3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xulrunner-1.9-dbg\", ver:\"1.9.0.19-3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xulrunner-1.9\", ver:\"1.9.0.19-3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmozjs-dev\", ver:\"1.9.0.19-3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xulrunner-1.9-gnome-support\", ver:\"1.9.0.19-3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmozjs1d-dbg\", ver:\"1.9.0.19-3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xulrunner-dev\", ver:\"1.9.0.19-3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-04T11:18:20", "bulletinFamily": "scanner", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-921-1", "modified": "2017-12-01T00:00:00", "published": "2010-04-16T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=840415", "id": "OPENVAS:840415", "title": "Ubuntu Update for Firefox 3.5 and Xulrunner vulnerabilities USN-921-1", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_921_1.nasl 7965 2017-12-01 07:38:25Z santu $\n#\n# Ubuntu Update for Firefox 3.5 and Xulrunner vulnerabilities USN-921-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Martijn Wargers, Josh Soref, Jesse Ruderman, and Ehsan Akhgari discovered\n flaws in the browser engine of Firefox. If a user were tricked into viewing\n a malicious website, a remote attacker could cause a denial of service or\n possibly execute arbitrary code with the privileges of the user invoking\n the program. (CVE-2010-0173, CVE-2010-0174)\n\n It was discovered that Firefox could be made to access previously freed\n memory. If a user were tricked into viewing a malicious website, a remote\n attacker could cause a denial of service or possibly execute arbitrary code\n with the privileges of the user invoking the program. (CVE-2010-0175,\n CVE-2010-0176, CVE-2010-0177)\n \n Paul Stone discovered that Firefox could be made to change a mouse click\n into a drag and drop event. If the user could be tricked into performing\n this action twice on a crafted website, an attacker could execute\n arbitrary JavaScript with chrome privileges. (CVE-2010-0178)\n \n It was discovered that the XMLHttpRequestSpy module as used by the Firebug\n add-on could be used to escalate privileges within the browser. If the user\n had the Firebug add-on installed and were tricked into viewing a malicious\n website, an attacker could potentially run arbitrary JavaScript.\n (CVE-2010-0179)\n \n Henry Sudhof discovered that an image tag could be used as a redirect to\n a mailto: URL to launch an external mail handler. (CVE-2010-0181)\n \n Wladimir Palant discovered that Firefox did not always perform security\n checks on XML content. An attacker could exploit this to bypass security\n policies to load certain resources. (CVE-2010-0182)\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-921-1\";\ntag_affected = \"Firefox 3.5 and Xulrunner vulnerabilities on Ubuntu 9.10\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-921-1/\");\n script_id(840415);\n script_version(\"$Revision: 7965 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 08:38:25 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-04-16 17:02:11 +0200 (Fri, 16 Apr 2010)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"USN\", value: \"921-1\");\n script_cve_id(\"CVE-2010-0173\", \"CVE-2010-0174\", \"CVE-2010-0175\", \"CVE-2010-0176\", \"CVE-2010-0177\", \"CVE-2010-0178\", \"CVE-2010-0179\", \"CVE-2010-0181\", \"CVE-2010-0182\");\n script_name(\"Ubuntu Update for Firefox 3.5 and Xulrunner vulnerabilities USN-921-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU9.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"abrowser-3.5-branding\", ver:\"3.5.9+nobinonly-0ubuntu0.9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox-3.5-branding\", ver:\"3.5.9+nobinonly-0ubuntu0.9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox-3.5-dbg\", ver:\"3.5.9+nobinonly-0ubuntu0.9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox-3.5-dev\", ver:\"3.5.9+nobinonly-0ubuntu0.9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox-3.5-gnome-support\", ver:\"3.5.9+nobinonly-0ubuntu0.9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox-3.5\", ver:\"3.5.9+nobinonly-0ubuntu0.9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"xulrunner-1.9.1-dbg\", ver:\"1.9.1.9+nobinonly-0ubuntu0.9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"xulrunner-1.9.1-dev\", ver:\"1.9.1.9+nobinonly-0ubuntu0.9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"xulrunner-1.9.1-gnome-support\", ver:\"1.9.1.9+nobinonly-0ubuntu0.9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"xulrunner-1.9.1-testsuite-dev\", ver:\"1.9.1.9+nobinonly-0ubuntu0.9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"xulrunner-1.9.1\", ver:\"1.9.1.9+nobinonly-0ubuntu0.9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"xulrunner-dev\", ver:\"1.9.1.9+nobinonly-0ubuntu0.9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"xulrunner-1.9.1-testsuite\", ver:\"1.9.1.9+nobinonly-0ubuntu0.9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"abrowser\", ver:\"3.5.9+nobinonly-0ubuntu0.9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox-3.0-dev\", ver:\"3.5.9+nobinonly-0ubuntu0.9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox-3.1-dbg\", ver:\"3.5.9+nobinonly-0ubuntu0.9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox-3.1-dev\", ver:\"3.5.9+nobinonly-0ubuntu0.9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox-gnome-support\", ver:\"3.5.9+nobinonly-0ubuntu0.9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox\", ver:\"3.5.9+nobinonly-0ubuntu0.9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"abrowser-3.0-branding\", ver:\"3.5.9+nobinonly-0ubuntu0.9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"abrowser-3.0\", ver:\"3.5.9+nobinonly-0ubuntu0.9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"abrowser-3.1-branding\", ver:\"3.5.9+nobinonly-0ubuntu0.9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"abrowser-3.1\", ver:\"3.5.9+nobinonly-0ubuntu0.9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"abrowser-3.5\", ver:\"3.5.9+nobinonly-0ubuntu0.9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox-3.0-branding\", ver:\"3.5.9+nobinonly-0ubuntu0.9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox-3.0-dom-inspector\", ver:\"3.5.9+nobinonly-0ubuntu0.9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox-3.0-gnome-support\", ver:\"3.5.9+nobinonly-0ubuntu0.9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox-3.0-venkman\", ver:\"3.5.9+nobinonly-0ubuntu0.9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox-3.0\", ver:\"3.5.9+nobinonly-0ubuntu0.9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox-3.1-branding\", ver:\"3.5.9+nobinonly-0ubuntu0.9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox-3.1-gnome-support\", ver:\"3.5.9+nobinonly-0ubuntu0.9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox-3.1\", ver:\"3.5.9+nobinonly-0ubuntu0.9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox-dom-inspector\", ver:\"3.5.9+nobinonly-0ubuntu0.9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:55:28", "bulletinFamily": "scanner", "description": "Check for the Version of devhelp", "modified": "2017-07-10T00:00:00", "published": "2011-08-09T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=880652", "id": "OPENVAS:880652", "title": "CentOS Update for devhelp CESA-2010:0501 centos5 i386", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for devhelp CESA-2010:0501 centos5 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Mozilla Firefox is an open source web browser.\n\n Several flaws were found in the processing of malformed web content. A web\n page containing malicious content could cause Firefox to crash or,\n potentially, execute arbitrary code with the privileges of the user running\n Firefox. (CVE-2010-1121, CVE-2010-1200, CVE-2010-1202, CVE-2010-1203)\n \n A flaw was found in the way browser plug-ins interact. It was possible for\n a plug-in to reference the freed memory from a different plug-in, resulting\n in the execution of arbitrary code with the privileges of the user running\n Firefox. (CVE-2010-1198)\n \n Several integer overflow flaws were found in the processing of malformed\n web content. A web page containing malicious content could cause Firefox to\n crash or, potentially, execute arbitrary code with the privileges of the\n user running Firefox. (CVE-2010-1196, CVE-2010-1199)\n \n A focus stealing flaw was found in the way Firefox handled focus changes. A\n malicious website could use this flaw to steal sensitive data from a user,\n such as usernames and passwords. (CVE-2010-1125)\n \n A flaw was found in the way Firefox handled the "Content-Disposition:\n attachment" HTTP header when the "Content-Type: multipart" HTTP header was\n also present. A website that allows arbitrary uploads and relies on the\n "Content-Disposition: attachment" HTTP header to prevent content from being\n displayed inline, could be used by an attacker to serve malicious content\n to users. (CVE-2010-1197)\n \n A flaw was found in the Firefox Math.random() function. This function could\n be used to identify a browsing session and track a user across different\n websites. (CVE-2008-5913)\n \n A flaw was found in the Firefox XML document loading security checks.\n Certain security checks were not being called when an XML document was\n loaded. This could possibly be leveraged later by an attacker to load\n certain resources that violate the security policies of the browser or its\n add-ons. Note that this issue cannot be exploited by only loading an XML\n document. (CVE-2010-0182)\n \n For technical details regarding these flaws, refer to the Mozilla security\n advisories for Firefox 3.6.4. You can find a link to the Mozilla advisories\n in the References section of this erratum.\n \n This erratum upgrades Firefox from version 3.0.19 to version 3.6.4. Due to\n the requirements of Firefox 3.6.4, this erratum also provides a number of\n other updated packages, including esc, totem, and yelp.\n \n This erratum also contains multiple bug fixes and numerous enhancements.\n Space precludes doc ... \n\n Description truncated, for more information please check the Reference URL\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"devhelp on CentOS 5\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2010-June/016746.html\");\n script_id(880652);\n script_version(\"$Revision: 6653 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:46:53 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2010:0501\");\n script_cve_id(\"CVE-2008-5913\", \"CVE-2010-0182\", \"CVE-2010-1121\", \"CVE-2010-1125\", \"CVE-2010-1196\", \"CVE-2010-1197\", \"CVE-2010-1198\", \"CVE-2010-1199\", \"CVE-2010-1200\", \"CVE-2010-1202\", \"CVE-2010-1203\");\n script_name(\"CentOS Update for devhelp CESA-2010:0501 centos5 i386\");\n\n script_summary(\"Check for the Version of devhelp\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"devhelp\", rpm:\"devhelp~0.12~20.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"devhelp-devel\", rpm:\"devhelp-devel~0.12~20.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"esc\", rpm:\"esc~1.1.0~12.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~3.6.4~8.el5.centos\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnome-python2-extras\", rpm:\"gnome-python2-extras~2.14.2~6.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnome-python2-gtkhtml2\", rpm:\"gnome-python2-gtkhtml2~2.14.2~6.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnome-python2-gtkmozembed\", rpm:\"gnome-python2-gtkmozembed~2.14.2~6.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnome-python2-gtkspell\", rpm:\"gnome-python2-gtkspell~2.14.2~6.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnome-python2-libegg\", rpm:\"gnome-python2-libegg~2.14.2~6.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"totem\", rpm:\"totem~2.16.7~7.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"totem-devel\", rpm:\"totem-devel~2.16.7~7.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"totem-mozplugin\", rpm:\"totem-mozplugin~2.16.7~7.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xulrunner\", rpm:\"xulrunner~1.9.2.4~9.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xulrunner-devel\", rpm:\"xulrunner-devel~1.9.2.4~9.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"yelp\", rpm:\"yelp~2.16.0~26.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-14T11:48:22", "bulletinFamily": "scanner", "description": "Check for the Version of firefox", "modified": "2017-12-13T00:00:00", "published": "2010-06-28T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=870282", "id": "OPENVAS:870282", "title": "RedHat Update for firefox RHSA-2010:0501-01", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for firefox RHSA-2010:0501-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Mozilla Firefox is an open source web browser.\n\n Several flaws were found in the processing of malformed web content. A web\n page containing malicious content could cause Firefox to crash or,\n potentially, execute arbitrary code with the privileges of the user running\n Firefox. (CVE-2010-1121, CVE-2010-1200, CVE-2010-1202, CVE-2010-1203)\n \n A flaw was found in the way browser plug-ins interact. It was possible for\n a plug-in to reference the freed memory from a different plug-in, resulting\n in the execution of arbitrary code with the privileges of the user running\n Firefox. (CVE-2010-1198)\n \n Several integer overflow flaws were found in the processing of malformed\n web content. A web page containing malicious content could cause Firefox to\n crash or, potentially, execute arbitrary code with the privileges of the\n user running Firefox. (CVE-2010-1196, CVE-2010-1199)\n \n A focus stealing flaw was found in the way Firefox handled focus changes. A\n malicious website could use this flaw to steal sensitive data from a user,\n such as usernames and passwords. (CVE-2010-1125)\n \n A flaw was found in the way Firefox handled the "Content-Disposition:\n attachment" HTTP header when the "Content-Type: multipart" HTTP header was\n also present. A website that allows arbitrary uploads and relies on the\n "Content-Disposition: attachment" HTTP header to prevent content from being\n displayed inline, could be used by an attacker to serve malicious content\n to users. (CVE-2010-1197)\n \n A flaw was found in the Firefox Math.random() function. This function could\n be used to identify a browsing session and track a user across different\n websites. (CVE-2008-5913)\n \n A flaw was found in the Firefox XML document loading security checks.\n Certain security checks were not being called when an XML document was\n loaded. This could possibly be leveraged later by an attacker to load\n certain resources that violate the security policies of the browser or its\n add-ons. Note that this issue cannot be exploited by only loading an XML\n document. (CVE-2010-0182)\n \n For technical details regarding these flaws, refer to the Mozilla security\n advisories for Firefox 3.6.4. You can find a link to the Mozilla advisories\n in the References section of this erratum.\n \n This erratum upgrades Firefox from version 3.0.19 to version 3.6.4. Due to\n the requirements of Firefox 3.6.4, this erratum also provides a number of\n other updated packages, including esc, totem, and yelp.\n \n This erratum also contains multiple bug fixes and numerous enhan ... \n\n Description truncated, for more information please check the Reference URL\";\n\ntag_affected = \"firefox on Red Hat Enterprise Linux (v. 5 server)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2010-June/msg00019.html\");\n script_id(870282);\n script_version(\"$Revision: 8092 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-13 07:31:16 +0100 (Wed, 13 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-06-28 09:16:14 +0200 (Mon, 28 Jun 2010)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"RHSA\", value: \"2010:0501-01\");\n script_cve_id(\"CVE-2008-5913\", \"CVE-2010-0182\", \"CVE-2010-1121\", \"CVE-2010-1125\", \"CVE-2010-1196\", \"CVE-2010-1197\", \"CVE-2010-1198\", \"CVE-2010-1199\", \"CVE-2010-1200\", \"CVE-2010-1202\", \"CVE-2010-1203\");\n script_name(\"RedHat Update for firefox RHSA-2010:0501-01\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of firefox\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"devhelp\", rpm:\"devhelp~0.12~21.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"devhelp-debuginfo\", rpm:\"devhelp-debuginfo~0.12~21.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"devhelp-devel\", rpm:\"devhelp-devel~0.12~21.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"esc\", rpm:\"esc~1.1.0~12.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"esc-debuginfo\", rpm:\"esc-debuginfo~1.1.0~12.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~3.6.4~8.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-debuginfo\", rpm:\"firefox-debuginfo~3.6.4~8.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnome-python2-extras\", rpm:\"gnome-python2-extras~2.14.2~7.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnome-python2-extras-debuginfo\", rpm:\"gnome-python2-extras-debuginfo~2.14.2~7.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnome-python2-gtkhtml2\", rpm:\"gnome-python2-gtkhtml2~2.14.2~7.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnome-python2-gtkmozembed\", rpm:\"gnome-python2-gtkmozembed~2.14.2~7.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnome-python2-gtkspell\", rpm:\"gnome-python2-gtkspell~2.14.2~7.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnome-python2-libegg\", rpm:\"gnome-python2-libegg~2.14.2~7.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"totem\", rpm:\"totem~2.16.7~7.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"totem-debuginfo\", rpm:\"totem-debuginfo~2.16.7~7.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"totem-devel\", rpm:\"totem-devel~2.16.7~7.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"totem-mozplugin\", rpm:\"totem-mozplugin~2.16.7~7.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xulrunner\", rpm:\"xulrunner~1.9.2.4~9.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xulrunner-debuginfo\", rpm:\"xulrunner-debuginfo~1.9.2.4~9.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xulrunner-devel\", rpm:\"xulrunner-devel~1.9.2.4~9.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"yelp\", rpm:\"yelp~2.16.0~26.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"yelp-debuginfo\", rpm:\"yelp-debuginfo~2.16.0~26.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2019-02-21T01:13:33", "bulletinFamily": "scanner", "description": "Update to new upstream SeaMonkey version 2.0.4, fixing multiple security issues detailed in the upstream advisories:\nhttp://www.mozilla.org/security/known- vulnerabilities/seamonkey20.html#seamonkey2.0.4 CVE-2010-0173 CVE-2010-0174 CVE-2010-0175 CVE-2010-0176 CVE-2010-0177 CVE-2010-0178 CVE-2010-0181 CVE-2010-0182\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2018-11-20T00:00:00", "id": "FEDORA_2010-6236.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=47425", "published": "2010-07-01T00:00:00", "title": "Fedora 13 : seamonkey-2.0.4-1.fc13 (2010-6236)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2010-6236.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(47425);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2018/11/20 11:04:16\");\n\n script_cve_id(\"CVE-2010-0174\", \"CVE-2010-0175\", \"CVE-2010-0176\", \"CVE-2010-0177\", \"CVE-2010-0178\", \"CVE-2010-0182\");\n script_bugtraq_id(39122, 39123, 39128, 39133, 39137);\n script_xref(name:\"FEDORA\", value:\"2010-6236\");\n\n script_name(english:\"Fedora 13 : seamonkey-2.0.4-1.fc13 (2010-6236)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to new upstream SeaMonkey version 2.0.4, fixing multiple\nsecurity issues detailed in the upstream advisories:\nhttp://www.mozilla.org/security/known-\nvulnerabilities/seamonkey20.html#seamonkey2.0.4 CVE-2010-0173\nCVE-2010-0174 CVE-2010-0175 CVE-2010-0176 CVE-2010-0177 CVE-2010-0178\nCVE-2010-0181 CVE-2010-0182\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # http://www.mozilla.org/security/known-\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/known-\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=578147\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=578149\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=578150\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=578152\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=578154\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-April/038841.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3260156b\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected seamonkey package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:seamonkey\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:13\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/04/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/07/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^13([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 13.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC13\", reference:\"seamonkey-2.0.4-1.fc13\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"seamonkey\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:13:13", "bulletinFamily": "scanner", "description": "The installed version of Thunderbird is earlier than 3.0.4. Such versions are potentially affected by the following security issues :\n\n - Multiple crashes can result in arbitrary code execution.\n (MFSA 2010-16)\n\n - A select event handler for XUL tree items can be called after the item is deleted. (MFSA 2010-17)\n\n - An error exists in the way '<option>' elements are inserted into an XUL tree '<optgroup>' (MFSA 2010-18)\n\n - Session renegotiations are not handled properly, which can be exploited to insert arbitrary plaintext by a man-in-the-middle. (MFSA 2010-22)\n\n - XML documents fail to call certain security checks when loading new content. (MFSA 2010-24)", "modified": "2018-07-16T00:00:00", "id": "MOZILLA_THUNDERBIRD_304.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=45394", "published": "2010-03-31T00:00:00", "title": "Mozilla Thunderbird < 3.0.4 Multiple Vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(45394);\n script_version(\"1.17\");\n script_cvs_date(\"Date: 2018/07/16 14:09:15\");\n\n script_cve_id(\"CVE-2009-3555\", \"CVE-2010-0173\", \"CVE-2010-0174\",\n \"CVE-2010-0175\", \"CVE-2010-0176\", \"CVE-2010-0182\");\n script_bugtraq_id(36935, 39122, 39123, 39125, 39128, 39479);\n script_xref(name:\"Secunia\", value:\"39136\");\n\n script_name(english:\"Mozilla Thunderbird < 3.0.4 Multiple Vulnerabilities\");\n script_summary(english:\"Checks version of Thunderbird\");\n\n script_set_attribute(attribute:\"synopsis\",value:\n\"The remote Windows host contains a mail client that is affected by\nmultiple vulnerabilities.\"\n );\n script_set_attribute(attribute:\"description\",value:\n\"The installed version of Thunderbird is earlier than 3.0.4. Such\nversions are potentially affected by the following security issues :\n\n - Multiple crashes can result in arbitrary code execution.\n (MFSA 2010-16)\n\n - A select event handler for XUL tree items can be called\n after the item is deleted. (MFSA 2010-17)\n\n - An error exists in the way '<option>' elements are \n inserted into an XUL tree '<optgroup>' (MFSA 2010-18)\n\n - Session renegotiations are not handled properly, which\n can be exploited to insert arbitrary plaintext by a\n man-in-the-middle. (MFSA 2010-22)\n\n - XML documents fail to call certain security checks when\n loading new content. (MFSA 2010-24)\");\n\n script_set_attribute(attribute:\"see_also\",value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2010-16/\");\n script_set_attribute(attribute:\"see_also\",value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2010-17/\");\n script_set_attribute(attribute:\"see_also\",value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2010-18/\");\n script_set_attribute(attribute:\"see_also\",value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2010-22/\");\n script_set_attribute(attribute:\"see_also\",value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2010-24/\");\n script_set_attribute(attribute:\"solution\",value:\"Upgrade to Thunderbird 3.0.4 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(310);\n script_set_attribute(attribute:\"vuln_publication_date\",value:\"2010/03/30\");\n script_set_attribute(attribute:\"patch_publication_date\",value:\"2010/03/30\");\n script_set_attribute(attribute:\"plugin_publication_date\",value:\"2010/03/31\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:thunderbird\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2010-2018 Tenable Network Security, Inc.\");\n script_dependencies(\"mozilla_org_installed.nasl\");\n script_require_keys(\"Mozilla/Thunderbird/Version\");\n exit(0);\n}\n\ninclude(\"mozilla_version.inc\");\nport = get_kb_item_or_exit(\"SMB/transport\");\n\ninstalls = get_kb_list(\"SMB/Mozilla/Thunderbird/*\");\nif (isnull(installs)) audit(AUDIT_NOT_INST, \"Thunderbird\");\n\nmozilla_check_version(installs:installs, product:'thunderbird', esr:FALSE, fix:'3.0.4', severity:SECURITY_HOLE);", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:13:33", "bulletinFamily": "scanner", "description": "Update to new upstream SeaMonkey version 2.0.4, fixing multiple security issues detailed in the upstream advisories:\nhttp://www.mozilla.org/security/known- vulnerabilities/seamonkey20.html#seamonkey2.0.4 CVE-2010-0173 CVE-2010-0174 CVE-2010-0175 CVE-2010-0176 CVE-2010-0177 CVE-2010-0178 CVE-2010-0181 CVE-2010-0182\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2018-11-20T00:00:00", "id": "FEDORA_2010-5840.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=47407", "published": "2010-07-01T00:00:00", "title": "Fedora 12 : seamonkey-2.0.4-1.fc12 (2010-5840)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2010-5840.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(47407);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2018/11/20 11:04:16\");\n\n script_cve_id(\"CVE-2010-0174\", \"CVE-2010-0175\", \"CVE-2010-0176\", \"CVE-2010-0177\", \"CVE-2010-0178\", \"CVE-2010-0182\");\n script_xref(name:\"FEDORA\", value:\"2010-5840\");\n\n script_name(english:\"Fedora 12 : seamonkey-2.0.4-1.fc12 (2010-5840)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to new upstream SeaMonkey version 2.0.4, fixing multiple\nsecurity issues detailed in the upstream advisories:\nhttp://www.mozilla.org/security/known-\nvulnerabilities/seamonkey20.html#seamonkey2.0.4 CVE-2010-0173\nCVE-2010-0174 CVE-2010-0175 CVE-2010-0176 CVE-2010-0177 CVE-2010-0178\nCVE-2010-0181 CVE-2010-0182\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # http://www.mozilla.org/security/known-\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/known-\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=578147\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=578149\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=578150\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=578152\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=578154\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-April/038416.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?bd39bffb\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected seamonkey package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:seamonkey\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:12\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/04/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/07/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^12([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 12.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC12\", reference:\"seamonkey-2.0.4-1.fc12\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"seamonkey\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:13:13", "bulletinFamily": "scanner", "description": "The installed version of Firefox is earlier than 3.5.9. Such versions are potentially affected by the following security issues :\n\n - Multiple crashes can result in arbitrary code execution.\n (MFSA 2010-16)\n\n - A select event handler for XUL tree items can be called after the item is deleted. (MFSA 2010-17)\n\n - An error exists in the way '<option>' elements are inserted into an XUL tree '<optgroup>' (MFSA 2010-18)\n\n - An error exists in the implementation of the 'windows.navigator.plugins' object. (MFSA 2010-19)\n\n - A browser applet can be used to turn a simple mouse click into a drag-and-drop action, potentially resulting in the unintended loading of resources in a user's browser. (MFSA 2010-20)\n\n - Session renegotiations are not handled properly, which can be exploited to insert arbitrary plaintext by a man-in-the-middle. (MFSA 2010-22)\n\n - When an image points to a resource that redirects to a 'mailto:' URL, the external mail handler application is launched. (MFSA 2010-23) \n - XML documents fail to call certain security checks when loading new content. (MFSA 2010-24)", "modified": "2018-07-16T00:00:00", "id": "MOZILLA_FIREFOX_359.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=45393", "published": "2010-03-31T00:00:00", "title": "Firefox < 3.5.9 Multiple Vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(45393);\n script_version(\"1.16\");\n script_cvs_date(\"Date: 2018/07/16 14:09:14\");\n\n script_cve_id(\n \"CVE-2009-3555\",\n \"CVE-2010-0173\",\n \"CVE-2010-0174\",\n \"CVE-2010-0175\",\n \"CVE-2010-0176\",\n \"CVE-2010-0177\",\n \"CVE-2010-0178\",\n \"CVE-2010-0181\",\n \"CVE-2010-0182\"\n );\n script_bugtraq_id(\n 36935, \n 39122, \n 39123, \n 39125, \n 39128, \n 39133, \n 39137,\n 39479\n );\n script_xref(name:\"Secunia\", value:\"39136\");\n\n script_name(english:\"Firefox < 3.5.9 Multiple Vulnerabilities\");\n script_summary(english:\"Checks version of Firefox\");\n\n script_set_attribute(attribute:\"synopsis\",value:\n\"The remote Windows host contains a web browser that is affected by\nmultiple vulnerabilities.\"\n );\n script_set_attribute(attribute:\"description\",value:\n\"The installed version of Firefox is earlier than 3.5.9. Such\nversions are potentially affected by the following security issues :\n\n - Multiple crashes can result in arbitrary code execution.\n (MFSA 2010-16)\n\n - A select event handler for XUL tree items can be called\n after the item is deleted. (MFSA 2010-17)\n\n - An error exists in the way '<option>' elements are \n inserted into an XUL tree '<optgroup>' (MFSA 2010-18)\n\n - An error exists in the implementation of the\n 'windows.navigator.plugins' object. (MFSA 2010-19)\n\n - A browser applet can be used to turn a simple mouse \n click into a drag-and-drop action, potentially resulting\n in the unintended loading of resources in a user's \n browser. (MFSA 2010-20)\n\n - Session renegotiations are not handled properly, which\n can be exploited to insert arbitrary plaintext by a \n man-in-the-middle. (MFSA 2010-22)\n\n - When an image points to a resource that redirects to a\n 'mailto:' URL, the external mail handler application is\n launched. (MFSA 2010-23)\n \n - XML documents fail to call certain security checks when\n loading new content. (MFSA 2010-24)\"\n );\n script_set_attribute(attribute:\"see_also\",value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2010-16/\");\n script_set_attribute(attribute:\"see_also\",value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2010-17/\");\n script_set_attribute(attribute:\"see_also\",value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2010-18/\");\n script_set_attribute(attribute:\"see_also\",value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2010-19/\");\n script_set_attribute(attribute:\"see_also\",value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2010-20/\");\n script_set_attribute(attribute:\"see_also\",value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2010-22/\");\n script_set_attribute(attribute:\"see_also\",value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2010-23/\");\n script_set_attribute(attribute:\"see_also\",value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2010-24/\");\n script_set_attribute(attribute:\"solution\",value:\"Upgrade to Firefox 3.5.9 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(310);\n script_set_attribute(attribute:\"vuln_publication_date\",value:\"2010/03/30\");\n script_set_attribute(attribute:\"patch_publication_date\",value:\"2010/03/30\");\n script_set_attribute(attribute:\"plugin_publication_date\",value:\"2010/03/31\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:firefox\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2010-2018 Tenable Network Security, Inc.\");\n script_dependencies(\"mozilla_org_installed.nasl\");\n script_require_keys(\"Mozilla/Firefox/Version\");\n exit(0);\n}\n\ninclude(\"mozilla_version.inc\");\nport = get_kb_item_or_exit(\"SMB/transport\"); \n\ninstalls = get_kb_list(\"SMB/Mozilla/Firefox/*\");\nif (isnull(installs)) audit(AUDIT_NOT_INST, \"Firefox\");\n\nmozilla_check_version(installs:installs, product:'firefox', esr:FALSE, fix:'3.5.9', severity:SECURITY_HOLE);", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:13:13", "bulletinFamily": "scanner", "description": "The installed version of SeaMonkey is earlier than 2.0.4. Such versions are potentially affected by the following security issues :\n\n - Multiple crashes can result in arbitrary code execution.\n (MFSA 2010-16)\n\n - A select event handler for XUL tree items can be called after the item is deleted. (MFSA 2010-17)\n\n - An error exists in the way '<option>' elements are inserted into an XUL tree '<optgroup>' (MFSA 2010-18)\n\n - An error exists in the implementation of the 'windows.navigator.plugins' object. (MFSA 2010-19)\n\n - A browser applet can be used to turn a simple mouse click into a drag-and-drop action, potentially resulting in the unintended loading of resources in a user's browser. (MFSA 2010-20)\n\n - Session renegotiations are not handled properly, which can be exploited to insert arbitrary plaintext by a man-in-the-middle. (MFSA 2010-22)\n\n - When an image points to a resource that redirects to a 'mailto:' URL, the external mail handler application is launched. (MFSA 2010-23) \n - XML Documents fail to call certain security checks when loading new content. (MFSA 2010-24)", "modified": "2018-07-27T00:00:00", "id": "SEAMONKEY_204.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=45395", "published": "2010-03-31T00:00:00", "title": "SeaMonkey < 2.0.4 Multiple Vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(45395);\n script_version(\"1.16\");\n script_cvs_date(\"Date: 2018/07/27 18:38:15\");\n\n script_cve_id(\n \"CVE-2009-3555\",\n \"CVE-2010-0173\",\n \"CVE-2010-0174\",\n \"CVE-2010-0175\",\n \"CVE-2010-0176\",\n \"CVE-2010-0177\",\n \"CVE-2010-0178\",\n \"CVE-2010-0181\",\n \"CVE-2010-0182\"\n );\n script_bugtraq_id(\n 36935, \n 39133, \n 39137, \n 39122, \n 39123, \n 39125, \n 39128,\n 39479\n );\n script_xref(name:\"Secunia\", value:\"39136\");\n\n script_name(english:\"SeaMonkey < 2.0.4 Multiple Vulnerabilities\");\n script_summary(english:\"Checks version of SeaMonkey\");\n\n script_set_attribute(attribute:\"synopsis\",value:\n\"The remote Windows host contains a web browser that is affected by\nmultiple vulnerabilities.\"\n );\n script_set_attribute(attribute:\"description\",value:\n\"The installed version of SeaMonkey is earlier than 2.0.4. Such\nversions are potentially affected by the following security issues :\n\n - Multiple crashes can result in arbitrary code execution.\n (MFSA 2010-16)\n\n - A select event handler for XUL tree items can be called\n after the item is deleted. (MFSA 2010-17)\n\n - An error exists in the way '<option>' elements are \n inserted into an XUL tree '<optgroup>' (MFSA 2010-18)\n\n - An error exists in the implementation of the\n 'windows.navigator.plugins' object. (MFSA 2010-19)\n\n - A browser applet can be used to turn a simple mouse \n click into a drag-and-drop action, potentially resulting\n in the unintended loading of resources in a user's \n browser. (MFSA 2010-20)\n\n - Session renegotiations are not handled properly, which\n can be exploited to insert arbitrary plaintext by a \n man-in-the-middle. (MFSA 2010-22)\n\n - When an image points to a resource that redirects to a\n 'mailto:' URL, the external mail handler application is\n launched. (MFSA 2010-23)\n \n - XML Documents fail to call certain security checks when\n loading new content. (MFSA 2010-24)\"\n );\n script_set_attribute(attribute:\"see_also\",value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2010-16/\");\n script_set_attribute(attribute:\"see_also\",value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2010-17/\");\n script_set_attribute(attribute:\"see_also\",value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2010-18/\");\n script_set_attribute(attribute:\"see_also\",value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2010-19/\");\n script_set_attribute(attribute:\"see_also\",value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2010-20/\");\n script_set_attribute(attribute:\"see_also\",value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2010-22/\");\n script_set_attribute(attribute:\"see_also\",value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2010-23/\");\n script_set_attribute(attribute:\"see_also\",value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2010-24/\");\n script_set_attribute(attribute:\"solution\",value:\"Upgrade to SeaMonkey 2.0.4 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(310);\n script_set_attribute(attribute:\"vuln_publication_date\",value:\"2010/03/30\");\n script_set_attribute(attribute:\"patch_publication_date\",value:\"2010/03/30\");\n script_set_attribute(attribute:\"plugin_publication_date\",value:\"2010/03/31\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:seamonkey\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2010-2018 Tenable Network Security, Inc.\");\n script_dependencies(\"mozilla_org_installed.nasl\");\n script_require_keys(\"SeaMonkey/Version\");\n exit(0);\n}\n\ninclude(\"mozilla_version.inc\");\nport = get_kb_item(\"SMB/transport\");\nif (!port) port = 445;\n\ninstalls = get_kb_list(\"SMB/SeaMonkey/*\");\nif (isnull(installs)) audit(AUDIT_NOT_INST, \"SeaMonkey\");\n\nmozilla_check_version(installs:installs, product:'seamonkey', fix:'2.0.4', severity:SECURITY_HOLE);", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:13:40", "bulletinFamily": "scanner", "description": "Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications. The Common Vulnerabilities and Exposures project identifies the following problems :\n\n - CVE-2010-0182 Wladimir Palant discovered that security checks in XML processing were insufficiently enforced.\n\n - CVE-2010-0654 Chris Evans discovered that insecure CSS handling could lead to reading data across domain boundaries.\n\n - CVE-2010-1205 Aki Helin discovered a buffer overflow in the internal copy of libpng, which could lead to the execution of arbitrary code.\n\n - CVE-2010-1208 'regenrecht' discovered that incorrect memory handling in DOM parsing could lead to the execution of arbitrary code.\n\n - CVE-2010-1211 Jesse Ruderman, Ehsan Akhgari, Mats Palmgren, Igor Bukanov, Gary Kwong, Tobias Markus and Daniel Holbert discovered crashes in the layout engine, which might allow the execution of arbitrary code.\n\n - CVE-2010-1214 'JS3' discovered an integer overflow in the plugin code, which could lead to the execution of arbitrary code.\n\n - CVE-2010-2751 Jordi Chancel discovered that the location could be spoofed to appear like a secured page.\n\n - CVE-2010-2753 'regenrecht' discovered that incorrect memory handling in XUL parsing could lead to the execution of arbitrary code.\n\n - CVE-2010-2754 Soroush Dalili discovered an information leak in script processing.", "modified": "2018-11-10T00:00:00", "id": "DEBIAN_DSA-2075.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=47889", "published": "2010-07-29T00:00:00", "title": "Debian DSA-2075-1 : xulrunner - several vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2075. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(47889);\n script_version(\"1.16\");\n script_cvs_date(\"Date: 2018/11/10 11:49:34\");\n\n script_cve_id(\"CVE-2010-0182\", \"CVE-2010-0654\", \"CVE-2010-1205\", \"CVE-2010-1208\", \"CVE-2010-1211\", \"CVE-2010-1214\", \"CVE-2010-2751\", \"CVE-2010-2753\", \"CVE-2010-2754\");\n script_bugtraq_id(39479, 41174, 41842, 41849, 41853, 41859, 41860, 41872, 41968);\n script_xref(name:\"DSA\", value:\"2075\");\n\n script_name(english:\"Debian DSA-2075-1 : xulrunner - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several remote vulnerabilities have been discovered in Xulrunner, a\nruntime environment for XUL applications. The Common Vulnerabilities\nand Exposures project identifies the following problems :\n\n - CVE-2010-0182\n Wladimir Palant discovered that security checks in XML\n processing were insufficiently enforced.\n\n - CVE-2010-0654\n Chris Evans discovered that insecure CSS handling could\n lead to reading data across domain boundaries.\n\n - CVE-2010-1205\n Aki Helin discovered a buffer overflow in the internal\n copy of libpng, which could lead to the execution of\n arbitrary code.\n\n - CVE-2010-1208\n 'regenrecht' discovered that incorrect memory handling\n in DOM parsing could lead to the execution of arbitrary\n code.\n\n - CVE-2010-1211\n Jesse Ruderman, Ehsan Akhgari, Mats Palmgren, Igor\n Bukanov, Gary Kwong, Tobias Markus and Daniel Holbert\n discovered crashes in the layout engine, which might\n allow the execution of arbitrary code.\n\n - CVE-2010-1214\n 'JS3' discovered an integer overflow in the plugin code,\n which could lead to the execution of arbitrary code.\n\n - CVE-2010-2751\n Jordi Chancel discovered that the location could be\n spoofed to appear like a secured page.\n\n - CVE-2010-2753\n 'regenrecht' discovered that incorrect memory handling\n in XUL parsing could lead to the execution of arbitrary\n code.\n\n - CVE-2010-2754\n Soroush Dalili discovered an information leak in script\n processing.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2010-0182\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2010-0654\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2010-1205\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2010-1208\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2010-1211\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2010-1214\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2010-2751\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2010-2753\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2010-2754\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2010/dsa-2075\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the xulrunner packages.\n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 1.9.0.19-3.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(94);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:xulrunner\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:5.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/07/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/07/29\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"5.0\", prefix:\"libmozillainterfaces-java\", reference:\"1.9.0.19-3\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libmozjs-dev\", reference:\"1.9.0.19-3\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libmozjs1d\", reference:\"1.9.0.19-3\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libmozjs1d-dbg\", reference:\"1.9.0.19-3\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"python-xpcom\", reference:\"1.9.0.19-3\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"spidermonkey-bin\", reference:\"1.9.0.19-3\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"xulrunner-1.9\", reference:\"1.9.0.19-3\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"xulrunner-1.9-dbg\", reference:\"1.9.0.19-3\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"xulrunner-1.9-gnome-support\", reference:\"1.9.0.19-3\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"xulrunner-dev\", reference:\"1.9.0.19-3\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:13:15", "bulletinFamily": "scanner", "description": "Martijn Wargers, Josh Soref, Jesse Ruderman, and Ehsan Akhgari discovered flaws in the browser engine of Firefox. If a user were tricked into viewing a malicious website, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-0173, CVE-2010-0174)\n\nIt was discovered that Firefox could be made to access previously freed memory. If a user were tricked into viewing a malicious website, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program.\n(CVE-2010-0175, CVE-2010-0176, CVE-2010-0177)\n\nPaul Stone discovered that Firefox could be made to change a mouse click into a drag and drop event. If the user could be tricked into performing this action twice on a crafted website, an attacker could execute arbitrary JavaScript with chrome privileges. (CVE-2010-0178)\n\nIt was discovered that the XMLHttpRequestSpy module as used by the Firebug add-on could be used to escalate privileges within the browser. If the user had the Firebug add-on installed and were tricked into viewing a malicious website, an attacker could potentially run arbitrary JavaScript. (CVE-2010-0179)\n\nHenry Sudhof discovered that an image tag could be used as a redirect to a mailto: URL to launch an external mail handler. (CVE-2010-0181)\n\nWladimir Palant discovered that Firefox did not always perform security checks on XML content. An attacker could exploit this to bypass security policies to load certain resources. (CVE-2010-0182).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2018-11-28T00:00:00", "id": "UBUNTU_USN-921-1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=45484", "published": "2010-04-12T00:00:00", "title": "Ubuntu 9.10 : firefox-3.5, xulrunner-1.9.1 vulnerabilities (USN-921-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-921-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(45484);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2018/11/28 22:47:45\");\n\n script_cve_id(\"CVE-2010-0173\", \"CVE-2010-0174\", \"CVE-2010-0175\", \"CVE-2010-0176\", \"CVE-2010-0177\", \"CVE-2010-0178\", \"CVE-2010-0179\", \"CVE-2010-0181\", \"CVE-2010-0182\");\n script_bugtraq_id(39122, 39123, 39124, 39125, 39128, 39133, 39137);\n script_xref(name:\"USN\", value:\"921-1\");\n\n script_name(english:\"Ubuntu 9.10 : firefox-3.5, xulrunner-1.9.1 vulnerabilities (USN-921-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Martijn Wargers, Josh Soref, Jesse Ruderman, and Ehsan Akhgari\ndiscovered flaws in the browser engine of Firefox. If a user were\ntricked into viewing a malicious website, a remote attacker could\ncause a denial of service or possibly execute arbitrary code with the\nprivileges of the user invoking the program. (CVE-2010-0173,\nCVE-2010-0174)\n\nIt was discovered that Firefox could be made to access previously\nfreed memory. If a user were tricked into viewing a malicious website,\na remote attacker could cause a denial of service or possibly execute\narbitrary code with the privileges of the user invoking the program.\n(CVE-2010-0175, CVE-2010-0176, CVE-2010-0177)\n\nPaul Stone discovered that Firefox could be made to change a mouse\nclick into a drag and drop event. If the user could be tricked into\nperforming this action twice on a crafted website, an attacker could\nexecute arbitrary JavaScript with chrome privileges. (CVE-2010-0178)\n\nIt was discovered that the XMLHttpRequestSpy module as used by the\nFirebug add-on could be used to escalate privileges within the\nbrowser. If the user had the Firebug add-on installed and were tricked\ninto viewing a malicious website, an attacker could potentially run\narbitrary JavaScript. (CVE-2010-0179)\n\nHenry Sudhof discovered that an image tag could be used as a redirect\nto a mailto: URL to launch an external mail handler. (CVE-2010-0181)\n\nWladimir Palant discovered that Firefox did not always perform\nsecurity checks on XML content. An attacker could exploit this to\nbypass security policies to load certain resources. (CVE-2010-0182).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/921-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:abrowser\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:abrowser-3.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:abrowser-3.0-branding\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:abrowser-3.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:abrowser-3.1-branding\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:abrowser-3.5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:abrowser-3.5-branding\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-3.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-3.0-branding\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-3.0-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-3.0-dom-inspector\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-3.0-gnome-support\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-3.0-venkman\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-3.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-3.1-branding\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-3.1-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-3.1-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-3.1-gnome-support\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-3.5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-3.5-branding\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-3.5-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-3.5-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-3.5-gnome-support\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-dom-inspector\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-gnome-support\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9.1-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9.1-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9.1-gnome-support\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9.1-testsuite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9.1-testsuite-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:xulrunner-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:9.10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/04/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/04/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2010-2018 Canonical, Inc. / NASL script (C) 2010-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(9\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 9.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"9.10\", pkgname:\"abrowser\", pkgver:\"3.5.9+nobinonly-0ubuntu0.9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"abrowser-3.0\", pkgver:\"3.5.9+nobinonly-0ubuntu0.9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"abrowser-3.0-branding\", pkgver:\"3.5.9+nobinonly-0ubuntu0.9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"abrowser-3.1\", pkgver:\"3.5.9+nobinonly-0ubuntu0.9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"abrowser-3.1-branding\", pkgver:\"3.5.9+nobinonly-0ubuntu0.9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"abrowser-3.5\", pkgver:\"3.5.9+nobinonly-0ubuntu0.9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"abrowser-3.5-branding\", pkgver:\"3.5.9+nobinonly-0ubuntu0.9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"firefox\", pkgver:\"3.5.9+nobinonly-0ubuntu0.9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"firefox-3.0\", pkgver:\"3.5.9+nobinonly-0ubuntu0.9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"firefox-3.0-branding\", pkgver:\"3.5.9+nobinonly-0ubuntu0.9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"firefox-3.0-dev\", pkgver:\"3.5.9+nobinonly-0ubuntu0.9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"firefox-3.0-dom-inspector\", pkgver:\"3.5.9+nobinonly-0ubuntu0.9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"firefox-3.0-gnome-support\", pkgver:\"3.5.9+nobinonly-0ubuntu0.9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"firefox-3.0-venkman\", pkgver:\"3.5.9+nobinonly-0ubuntu0.9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"firefox-3.1\", pkgver:\"3.5.9+nobinonly-0ubuntu0.9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"firefox-3.1-branding\", pkgver:\"3.5.9+nobinonly-0ubuntu0.9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"firefox-3.1-dbg\", pkgver:\"3.5.9+nobinonly-0ubuntu0.9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"firefox-3.1-dev\", pkgver:\"3.5.9+nobinonly-0ubuntu0.9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"firefox-3.1-gnome-support\", pkgver:\"3.5.9+nobinonly-0ubuntu0.9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"firefox-3.5\", pkgver:\"3.5.9+nobinonly-0ubuntu0.9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"firefox-3.5-branding\", pkgver:\"3.5.9+nobinonly-0ubuntu0.9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"firefox-3.5-dbg\", pkgver:\"3.5.9+nobinonly-0ubuntu0.9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"firefox-3.5-dev\", pkgver:\"3.5.9+nobinonly-0ubuntu0.9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"firefox-3.5-gnome-support\", pkgver:\"3.5.9+nobinonly-0ubuntu0.9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"firefox-dom-inspector\", pkgver:\"3.5.9+nobinonly-0ubuntu0.9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"firefox-gnome-support\", pkgver:\"3.5.9+nobinonly-0ubuntu0.9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"xulrunner-1.9.1\", pkgver:\"1.9.1.9+nobinonly-0ubuntu0.9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"xulrunner-1.9.1-dbg\", pkgver:\"1.9.1.9+nobinonly-0ubuntu0.9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"xulrunner-1.9.1-dev\", pkgver:\"1.9.1.9+nobinonly-0ubuntu0.9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"xulrunner-1.9.1-gnome-support\", pkgver:\"1.9.1.9+nobinonly-0ubuntu0.9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"xulrunner-1.9.1-testsuite\", pkgver:\"1.9.1.9+nobinonly-0ubuntu0.9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"xulrunner-1.9.1-testsuite-dev\", pkgver:\"1.9.1.9+nobinonly-0ubuntu0.9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"xulrunner-dev\", pkgver:\"1.9.1.9+nobinonly-0ubuntu0.9.10.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"abrowser / abrowser-3.0 / abrowser-3.0-branding / abrowser-3.1 / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:14:11", "bulletinFamily": "scanner", "description": "Mozilla XULRunner was updated to version 1.9.0.19 fixing lots of bugs and security issues.\n\nThe following security issues were fixed :\n\n - Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. (MFSA 2010-16)\n\nReferences\n\nMartijn Wargers, Josh Soref, and Jesse Ruderman reported crashes in the browser engine that affected Firefox 3.5 and Firefox 3.6.\n(CVE-2010-0173)\n\nJesse Ruderman and Ehsan Akhgari reported crashes that affected all supported versions of the browser engine. (CVE-2010-0174)\n\n - Security researcher regenrecht reported via TippingPoint's Zero Day Initiative that a select event handler for XUL tree items could be called after the tree item was deleted. This results in the execution of previously freed memory which an attacker could use to crash a victim's browser and run arbitrary code on the victim's computer. (MFSA 2010-17 / CVE-2010-0175)\n\n - Security researcher regenrecht reported via TippingPoint's Zero Day Initiative an error in the way option elements are inserted into a XUL tree optgroup.\n In certain cases, the number of references to an option element is under-counted so that when the element is deleted, a live pointer to its old location is kept around and may later be used. An attacker could potentially use these conditions to run arbitrary code on a victim's computer. (MFSA 2010-18 / CVE-2010-0176)\n\n - Security researcher regenrecht reported via TippingPoint's Zero Day Initiative an error in the implementation of the window.navigator.plugins object.\n When a page reloads, the plugins array would reallocate all of its members without checking for existing references to each member. This could result in the deletion of objects for which valid pointers still exist. An attacker could use this vulnerability to crash a victim's browser and run arbitrary code on the victim's machine. (MFSA 2010-19 / CVE-2010-0177)\n\n - Security researcher Paul Stone reported that a browser applet could be used to turn a simple mouse click into a drag-and-drop action, potentially resulting in the unintended loading of resources in a user's browser.\n This behavior could be used twice in succession to first load a privileged chrome: URL in a victim's browser, then load a malicious javascript: URL on top of the same document resulting in arbitrary script execution with chrome privileges. (MFSA 2010-20 / CVE-2010-0178)\n\n - Mozilla security researcher moz_bug_r_a4 reported that the XMLHttpRequestSpy module in the Firebug add-on was exposing an underlying chrome privilege escalation vulnerability. When the XMLHttpRequestSpy object was created, it would attach various properties of itself to objects defined in web content, which were not being properly wrapped to prevent their exposure to chrome privileged objects. This could result in an attacker running arbitrary JavaScript on a victim's machine, though it required the victim to have Firebug installed, so the overall severity of the issue was determined to be High. (MFSA 2010-21 / CVE-2010-0179)\n\n - Mozilla developers added support in the Network Security Services module for preventing a type of man-in-the-middle attack against TLS using forced renegotiation. (MFSA 2010-22 / CVE-2009-3555)\n\nNote that to benefit from the fix, Firefox 3.6 and Firefox 3.5 users will need to set their security.ssl.require_safe_negotiation preference to true. Firefox 3 does not contain the fix for this issue.\n\n - phpBB developer Henry Sudhof reported that when an image tag points to a resource that redirects to a mailto:\n URL, the external mail handler application is launched.\n This issue poses no security threat to users but could create an annoyance when browsing a site that allows users to post arbitrary images. (MFSA 2010-23 / CVE-2010-0181)\n\n - Mozilla community member Wladimir Palant reported that XML documents were failing to call certain security checks when loading new content. This could result in certain resources being loaded that would otherwise violate security policies set by the browser or installed add-ons. (MFSA 2010-24 / CVE-2010-0182)", "modified": "2013-10-25T00:00:00", "id": "SUSE_11_MOZILLA-XULRUNNER190-100406.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=50950", "published": "2010-12-02T00:00:00", "title": "SuSE 11 Security Update : Mozilla XULrunner (SAT Patch Number 2255)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(50950);\n script_version(\"$Revision: 1.6 $\");\n script_cvs_date(\"$Date: 2013/10/25 23:52:02 $\");\n\n script_cve_id(\"CVE-2009-3555\", \"CVE-2010-0173\", \"CVE-2010-0174\", \"CVE-2010-0175\", \"CVE-2010-0176\", \"CVE-2010-0177\", \"CVE-2010-0178\", \"CVE-2010-0179\", \"CVE-2010-0181\", \"CVE-2010-0182\");\n\n script_name(english:\"SuSE 11 Security Update : Mozilla XULrunner (SAT Patch Number 2255)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Mozilla XULRunner was updated to version 1.9.0.19 fixing lots of bugs\nand security issues.\n\nThe following security issues were fixed :\n\n - Mozilla developers identified and fixed several\n stability bugs in the browser engine used in Firefox and\n other Mozilla-based products. Some of these crashes\n showed evidence of memory corruption under certain\n circumstances, and we presume that with enough effort at\n least some of these could be exploited to run arbitrary\n code. (MFSA 2010-16)\n\nReferences\n\nMartijn Wargers, Josh Soref, and Jesse Ruderman reported crashes in\nthe browser engine that affected Firefox 3.5 and Firefox 3.6.\n(CVE-2010-0173)\n\nJesse Ruderman and Ehsan Akhgari reported crashes that affected all\nsupported versions of the browser engine. (CVE-2010-0174)\n\n - Security researcher regenrecht reported via\n TippingPoint's Zero Day Initiative that a select event\n handler for XUL tree items could be called after the\n tree item was deleted. This results in the execution of\n previously freed memory which an attacker could use to\n crash a victim's browser and run arbitrary code on the\n victim's computer. (MFSA 2010-17 / CVE-2010-0175)\n\n - Security researcher regenrecht reported via\n TippingPoint's Zero Day Initiative an error in the way\n option elements are inserted into a XUL tree optgroup.\n In certain cases, the number of references to an option\n element is under-counted so that when the element is\n deleted, a live pointer to its old location is kept\n around and may later be used. An attacker could\n potentially use these conditions to run arbitrary code\n on a victim's computer. (MFSA 2010-18 / CVE-2010-0176)\n\n - Security researcher regenrecht reported via\n TippingPoint's Zero Day Initiative an error in the\n implementation of the window.navigator.plugins object.\n When a page reloads, the plugins array would reallocate\n all of its members without checking for existing\n references to each member. This could result in the\n deletion of objects for which valid pointers still\n exist. An attacker could use this vulnerability to crash\n a victim's browser and run arbitrary code on the\n victim's machine. (MFSA 2010-19 / CVE-2010-0177)\n\n - Security researcher Paul Stone reported that a browser\n applet could be used to turn a simple mouse click into a\n drag-and-drop action, potentially resulting in the\n unintended loading of resources in a user's browser.\n This behavior could be used twice in succession to first\n load a privileged chrome: URL in a victim's browser,\n then load a malicious javascript: URL on top of the same\n document resulting in arbitrary script execution with\n chrome privileges. (MFSA 2010-20 / CVE-2010-0178)\n\n - Mozilla security researcher moz_bug_r_a4 reported that\n the XMLHttpRequestSpy module in the Firebug add-on was\n exposing an underlying chrome privilege escalation\n vulnerability. When the XMLHttpRequestSpy object was\n created, it would attach various properties of itself to\n objects defined in web content, which were not being\n properly wrapped to prevent their exposure to chrome\n privileged objects. This could result in an attacker\n running arbitrary JavaScript on a victim's machine,\n though it required the victim to have Firebug installed,\n so the overall severity of the issue was determined to\n be High. (MFSA 2010-21 / CVE-2010-0179)\n\n - Mozilla developers added support in the Network Security\n Services module for preventing a type of\n man-in-the-middle attack against TLS using forced\n renegotiation. (MFSA 2010-22 / CVE-2009-3555)\n\nNote that to benefit from the fix, Firefox 3.6 and Firefox 3.5 users\nwill need to set their security.ssl.require_safe_negotiation\npreference to true. Firefox 3 does not contain the fix for this issue.\n\n - phpBB developer Henry Sudhof reported that when an image\n tag points to a resource that redirects to a mailto:\n URL, the external mail handler application is launched.\n This issue poses no security threat to users but could\n create an annoyance when browsing a site that allows\n users to post arbitrary images. (MFSA 2010-23 /\n CVE-2010-0181)\n\n - Mozilla community member Wladimir Palant reported that\n XML documents were failing to call certain security\n checks when loading new content. This could result in\n certain resources being loaded that would otherwise\n violate security policies set by the browser or\n installed add-ons. (MFSA 2010-24 / CVE-2010-0182)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2010/mfsa2010-16.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2010/mfsa2010-17.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2010/mfsa2010-18.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2010/mfsa2010-19.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2010/mfsa2010-20.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2010/mfsa2010-21.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2010/mfsa2010-22.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2010/mfsa2010-23.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2010/mfsa2010-24.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=586567\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3555.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0173.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0174.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0175.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0176.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0177.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0178.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0179.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0181.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0182.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 2255.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(310);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner190\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner190-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner190-gnomevfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner190-gnomevfs-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner190-translations\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner190-translations-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/04/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/12/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2013 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (pl) audit(AUDIT_OS_NOT, \"SuSE 11.0\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"mozilla-xulrunner190-1.9.0.19-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"mozilla-xulrunner190-gnomevfs-1.9.0.19-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"mozilla-xulrunner190-translations-1.9.0.19-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"mozilla-xulrunner190-1.9.0.19-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"mozilla-xulrunner190-32bit-1.9.0.19-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"mozilla-xulrunner190-gnomevfs-1.9.0.19-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"mozilla-xulrunner190-gnomevfs-32bit-1.9.0.19-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"mozilla-xulrunner190-translations-1.9.0.19-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"mozilla-xulrunner190-translations-32bit-1.9.0.19-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"i586\", reference:\"mozilla-xulrunner190-1.9.0.19-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"i586\", reference:\"mozilla-xulrunner190-gnomevfs-1.9.0.19-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"i586\", reference:\"mozilla-xulrunner190-translations-1.9.0.19-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"x86_64\", reference:\"mozilla-xulrunner190-1.9.0.19-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"x86_64\", reference:\"mozilla-xulrunner190-32bit-1.9.0.19-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"x86_64\", reference:\"mozilla-xulrunner190-gnomevfs-1.9.0.19-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"x86_64\", reference:\"mozilla-xulrunner190-translations-1.9.0.19-0.1.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:13:15", "bulletinFamily": "scanner", "description": "Mozilla SeaMonkey was updated to version 2.0.4 fixing lots of bugs and security issues.\n\nFollowing security issues were fixed: MFSA 2010-16: Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. References\n\nMartijn Wargers, Josh Soref, and Jesse Ruderman reported crashes in the browser engine that affected Firefox 3.5 and Firefox 3.6.\n(CVE-2010-0173)\n\nJesse Ruderman and Ehsan Akhgari reported crashes that affected all supported versions of the browser engine. (CVE-2010-0174)\n\nMFSA 2010-17 / CVE-2010-0175: Security researcher regenrecht reported via TippingPoint's Zero Day Initiative that a select event handler for XUL tree items could be called after the tree item was deleted. This results in the execution of previously freed memory which an attacker could use to crash a victim's browser and run arbitrary code on the victim's computer.\n\nMFSA 2010-18 / CVE-2010-0176: Security researcher regenrecht reported via TippingPoint's Zero Day Initiative an error in the way <option> elements are inserted into a XUL tree <optgroup>. In certain cases, the number of references to an <option> element is under-counted so that when the element is deleted, a live pointer to its old location is kept around and may later be used. An attacker could potentially use these conditions to run arbitrary code on a victim's computer.\n\nMFSA 2010-19 / CVE-2010-0177: Security researcher regenrecht reported via TippingPoint's Zero Day Initiative an error in the implementation of the window.navigator.plugins object. When a page reloads, the plugins array would reallocate all of its members without checking for existing references to each member. This could result in the deletion of objects for which valid pointers still exist. An attacker could use this vulnerability to crash a victim's browser and run arbitrary code on the victim's machine.\n\nMFSA 2010-20 / CVE-2010-0178: Security researcher Paul Stone reported that a browser applet could be used to turn a simple mouse click into a drag-and-drop action, potentially resulting in the unintended loading of resources in a user's browser. This behavior could be used twice in succession to first load a privileged chrome: URL in a victim's browser, then load a malicious javascript: URL on top of the same document resulting in arbitrary script execution with chrome privileges.\n\nMFSA 2010-21 / CVE-2010-0179: Mozilla security researcher moz_bug_r_a4 reported that the XMLHttpRequestSpy module in the Firebug add-on was exposing an underlying chrome privilege escalation vulnerability. When the XMLHttpRequestSpy object was created, it would attach various properties of itself to objects defined in web content, which were not being properly wrapped to prevent their exposure to chrome privileged objects. This could result in an attacker running arbitrary JavaScript on a victim's machine, though it required the victim to have Firebug installed, so the overall severity of the issue was determined to be High.\n\nMFSA 2010-22 / CVE-2009-3555: Mozilla developers added support in the Network Security Services module for preventing a type of man-in-the-middle attack against TLS using forced renegotiation.\n\nNote that to benefit from the fix, Firefox 3.6 and Firefox 3.5 users will need to set their security.ssl.require_safe_negotiation preference to true. Firefox 3 does not contain the fix for this issue.\n\nMFSA 2010-23 / CVE-2010-0181: phpBB developer Henry Sudhof reported that when an image tag points to a resource that redirects to a mailto: URL, the external mail handler application is launched. This issue poses no security threat to users but could create an annoyance when browsing a site that allows users to post arbitrary images.\n\nMFSA 2010-24 / CVE-2010-0182: Mozilla community member Wladimir Palant reported that XML documents were failing to call certain security checks when loading new content. This could result in certain resources being loaded that would otherwise violate security policies set by the browser or installed add-ons.", "modified": "2018-11-10T00:00:00", "id": "SUSE_11_2_SEAMONKEY-100406.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=45497", "published": "2010-04-13T00:00:00", "title": "openSUSE Security Update : seamonkey (openSUSE-SU-2010:0102-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update seamonkey-2244.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(45497);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2018/11/10 11:49:58\");\n\n script_cve_id(\"CVE-2009-3555\", \"CVE-2010-0173\", \"CVE-2010-0174\", \"CVE-2010-0175\", \"CVE-2010-0176\", \"CVE-2010-0177\", \"CVE-2010-0178\", \"CVE-2010-0179\", \"CVE-2010-0181\", \"CVE-2010-0182\");\n\n script_name(english:\"openSUSE Security Update : seamonkey (openSUSE-SU-2010:0102-1)\");\n script_summary(english:\"Check for the seamonkey-2244 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Mozilla SeaMonkey was updated to version 2.0.4 fixing lots of bugs and\nsecurity issues.\n\nFollowing security issues were fixed: MFSA 2010-16: Mozilla developers\nidentified and fixed several stability bugs in the browser engine used\nin Firefox and other Mozilla-based products. Some of these crashes\nshowed evidence of memory corruption under certain circumstances, and\nwe presume that with enough effort at least some of these could be\nexploited to run arbitrary code. References\n\nMartijn Wargers, Josh Soref, and Jesse Ruderman reported crashes in\nthe browser engine that affected Firefox 3.5 and Firefox 3.6.\n(CVE-2010-0173)\n\nJesse Ruderman and Ehsan Akhgari reported crashes that affected all\nsupported versions of the browser engine. (CVE-2010-0174)\n\nMFSA 2010-17 / CVE-2010-0175: Security researcher regenrecht reported\nvia TippingPoint's Zero Day Initiative that a select event handler for\nXUL tree items could be called after the tree item was deleted. This\nresults in the execution of previously freed memory which an attacker\ncould use to crash a victim's browser and run arbitrary code on the\nvictim's computer.\n\nMFSA 2010-18 / CVE-2010-0176: Security researcher regenrecht reported\nvia TippingPoint's Zero Day Initiative an error in the way <option>\nelements are inserted into a XUL tree <optgroup>. In certain cases,\nthe number of references to an <option> element is under-counted so\nthat when the element is deleted, a live pointer to its old location\nis kept around and may later be used. An attacker could potentially\nuse these conditions to run arbitrary code on a victim's computer.\n\nMFSA 2010-19 / CVE-2010-0177: Security researcher regenrecht reported\nvia TippingPoint's Zero Day Initiative an error in the implementation\nof the window.navigator.plugins object. When a page reloads, the\nplugins array would reallocate all of its members without checking for\nexisting references to each member. This could result in the deletion\nof objects for which valid pointers still exist. An attacker could use\nthis vulnerability to crash a victim's browser and run arbitrary code\non the victim's machine.\n\nMFSA 2010-20 / CVE-2010-0178: Security researcher Paul Stone reported\nthat a browser applet could be used to turn a simple mouse click into\na drag-and-drop action, potentially resulting in the unintended\nloading of resources in a user's browser. This behavior could be used\ntwice in succession to first load a privileged chrome: URL in a\nvictim's browser, then load a malicious javascript: URL on top of the\nsame document resulting in arbitrary script execution with chrome\nprivileges.\n\nMFSA 2010-21 / CVE-2010-0179: Mozilla security researcher moz_bug_r_a4\nreported that the XMLHttpRequestSpy module in the Firebug add-on was\nexposing an underlying chrome privilege escalation vulnerability. When\nthe XMLHttpRequestSpy object was created, it would attach various\nproperties of itself to objects defined in web content, which were not\nbeing properly wrapped to prevent their exposure to chrome privileged\nobjects. This could result in an attacker running arbitrary JavaScript\non a victim's machine, though it required the victim to have Firebug\ninstalled, so the overall severity of the issue was determined to be\nHigh.\n\nMFSA 2010-22 / CVE-2009-3555: Mozilla developers added support in the\nNetwork Security Services module for preventing a type of\nman-in-the-middle attack against TLS using forced renegotiation.\n\nNote that to benefit from the fix, Firefox 3.6 and Firefox 3.5 users\nwill need to set their security.ssl.require_safe_negotiation\npreference to true. Firefox 3 does not contain the fix for this issue.\n\nMFSA 2010-23 / CVE-2010-0181: phpBB developer Henry Sudhof reported\nthat when an image tag points to a resource that redirects to a\nmailto: URL, the external mail handler application is launched. This\nissue poses no security threat to users but could create an annoyance\nwhen browsing a site that allows users to post arbitrary images.\n\nMFSA 2010-24 / CVE-2010-0182: Mozilla community member Wladimir Palant\nreported that XML documents were failing to call certain security\nchecks when loading new content. This could result in certain\nresources being loaded that would otherwise violate security policies\nset by the browser or installed add-ons.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=586567\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2010-04/msg00007.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected seamonkey packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(310);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-dom-inspector\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-irc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-venkman\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/04/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/04/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.2\", reference:\"seamonkey-2.0.4-1.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"seamonkey-dom-inspector-2.0.4-1.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"seamonkey-irc-2.0.4-1.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"seamonkey-venkman-2.0.4-1.1.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"seamonkey\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:13:17", "bulletinFamily": "scanner", "description": "This patch updates Mozilla Firefox to the 3.5.9 release.\n\nIt includes the following security fixes: MFSA 2010-16: Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. References\n\nMartijn Wargers, Josh Soref, and Jesse Ruderman reported crashes in the browser engine that affected Firefox 3.5 and Firefox 3.6.\n(CVE-2010-0173)\n\nJesse Ruderman and Ehsan Akhgari reported crashes that affected all supported versions of the browser engine. (CVE-2010-0174)\n\nMFSA 2010-17 / CVE-2010-0175: Security researcher regenrecht reported via TippingPoint's Zero Day Initiative that a select event handler for XUL tree items could be called after the tree item was deleted. This results in the execution of previously freed memory which an attacker could use to crash a victim's browser and run arbitrary code on the victim's computer.\n\nMFSA 2010-18 / CVE-2010-0176: Security researcher regenrecht reported via TippingPoint's Zero Day Initiative an error in the way <option> elements are inserted into a XUL tree <optgroup>. In certain cases, the number of references to an <option> element is under-counted so that when the element is deleted, a live pointer to its old location is kept around and may later be used. An attacker could potentially use these conditions to run arbitrary code on a victim's computer.\n\nMFSA 2010-19 / CVE-2010-0177: Security researcher regenrecht reported via TippingPoint's Zero Day Initiative an error in the implementation of the window.navigator.plugins object. When a page reloads, the plugins array would reallocate all of its members without checking for existing references to each member. This could result in the deletion of objects for which valid pointers still exist. An attacker could use this vulnerability to crash a victim's browser and run arbitrary code on the victim's machine.\n\nMFSA 2010-20 / CVE-2010-0178: Security researcher Paul Stone reported that a browser applet could be used to turn a simple mouse click into a drag-and-drop action, potentially resulting in the unintended loading of resources in a user's browser. This behavior could be used twice in succession to first load a privileged chrome: URL in a victim's browser, then load a malicious javascript: URL on top of the same document resulting in arbitrary script execution with chrome privileges.\n\nMFSA 2010-21 / CVE-2010-0179: Mozilla security researcher moz_bug_r_a4 reported that the XMLHttpRequestSpy module in the Firebug add-on was exposing an underlying chrome privilege escalation vulnerability. When the XMLHttpRequestSpy object was created, it would attach various properties of itself to objects defined in web content, which were not being properly wrapped to prevent their exposure to chrome privileged objects. This could result in an attacker running arbitrary JavaScript on a victim's machine, though it required the victim to have Firebug installed, so the overall severity of the issue was determined to be High.\n\nMFSA 2010-22 / CVE-2009-3555: Mozilla developers added support in the Network Security Services module for preventing a type of man-in-the-middle attack against TLS using forced renegotiation.\n\nNote that to benefit from the fix, Firefox 3.6 and Firefox 3.5 users will need to set their security.ssl.require_safe_negotiation preference to true. Firefox 3 does not contain the fix for this issue.\n\nMFSA 2010-23 / CVE-2010-0181: phpBB developer Henry Sudhof reported that when an image tag points to a resource that redirects to a mailto: URL, the external mail handler application is launched. This issue poses no security threat to users but could create an annoyance when browsing a site that allows users to post arbitrary images.\n\nMFSA 2010-24 / CVE-2010-0182: Mozilla community member Wladimir Palant reported that XML documents were failing to call certain security checks when loading new content. This could result in certain resources being loaded that would otherwise violate security policies set by the browser or installed add-ons.", "modified": "2018-11-10T00:00:00", "id": "SUSE_11_2_MOZILLAFIREFOX-100412.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=45527", "published": "2010-04-14T00:00:00", "title": "openSUSE Security Update : MozillaFirefox (openSUSE-SU-2010:0102-3)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update MozillaFirefox-2273.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(45527);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2018/11/10 11:49:58\");\n\n script_cve_id(\"CVE-2009-3555\", \"CVE-2010-0173\", \"CVE-2010-0174\", \"CVE-2010-0175\", \"CVE-2010-0176\", \"CVE-2010-0177\", \"CVE-2010-0178\", \"CVE-2010-0179\", \"CVE-2010-0181\", \"CVE-2010-0182\");\n\n script_name(english:\"openSUSE Security Update : MozillaFirefox (openSUSE-SU-2010:0102-3)\");\n script_summary(english:\"Check for the MozillaFirefox-2273 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This patch updates Mozilla Firefox to the 3.5.9 release.\n\nIt includes the following security fixes: MFSA 2010-16: Mozilla\ndevelopers identified and fixed several stability bugs in the browser\nengine used in Firefox and other Mozilla-based products. Some of these\ncrashes showed evidence of memory corruption under certain\ncircumstances, and we presume that with enough effort at least some of\nthese could be exploited to run arbitrary code. References\n\nMartijn Wargers, Josh Soref, and Jesse Ruderman reported crashes in\nthe browser engine that affected Firefox 3.5 and Firefox 3.6.\n(CVE-2010-0173)\n\nJesse Ruderman and Ehsan Akhgari reported crashes that affected all\nsupported versions of the browser engine. (CVE-2010-0174)\n\nMFSA 2010-17 / CVE-2010-0175: Security researcher regenrecht reported\nvia TippingPoint's Zero Day Initiative that a select event handler for\nXUL tree items could be called after the tree item was deleted. This\nresults in the execution of previously freed memory which an attacker\ncould use to crash a victim's browser and run arbitrary code on the\nvictim's computer.\n\nMFSA 2010-18 / CVE-2010-0176: Security researcher regenrecht reported\nvia TippingPoint's Zero Day Initiative an error in the way <option>\nelements are inserted into a XUL tree <optgroup>. In certain cases,\nthe number of references to an <option> element is under-counted so\nthat when the element is deleted, a live pointer to its old location\nis kept around and may later be used. An attacker could potentially\nuse these conditions to run arbitrary code on a victim's computer.\n\nMFSA 2010-19 / CVE-2010-0177: Security researcher regenrecht reported\nvia TippingPoint's Zero Day Initiative an error in the implementation\nof the window.navigator.plugins object. When a page reloads, the\nplugins array would reallocate all of its members without checking for\nexisting references to each member. This could result in the deletion\nof objects for which valid pointers still exist. An attacker could use\nthis vulnerability to crash a victim's browser and run arbitrary code\non the victim's machine.\n\nMFSA 2010-20 / CVE-2010-0178: Security researcher Paul Stone reported\nthat a browser applet could be used to turn a simple mouse click into\na drag-and-drop action, potentially resulting in the unintended\nloading of resources in a user's browser. This behavior could be used\ntwice in succession to first load a privileged chrome: URL in a\nvictim's browser, then load a malicious javascript: URL on top of the\nsame document resulting in arbitrary script execution with chrome\nprivileges.\n\nMFSA 2010-21 / CVE-2010-0179: Mozilla security researcher moz_bug_r_a4\nreported that the XMLHttpRequestSpy module in the Firebug add-on was\nexposing an underlying chrome privilege escalation vulnerability. When\nthe XMLHttpRequestSpy object was created, it would attach various\nproperties of itself to objects defined in web content, which were not\nbeing properly wrapped to prevent their exposure to chrome privileged\nobjects. This could result in an attacker running arbitrary JavaScript\non a victim's machine, though it required the victim to have Firebug\ninstalled, so the overall severity of the issue was determined to be\nHigh.\n\nMFSA 2010-22 / CVE-2009-3555: Mozilla developers added support in the\nNetwork Security Services module for preventing a type of\nman-in-the-middle attack against TLS using forced renegotiation.\n\nNote that to benefit from the fix, Firefox 3.6 and Firefox 3.5 users\nwill need to set their security.ssl.require_safe_negotiation\npreference to true. Firefox 3 does not contain the fix for this issue.\n\nMFSA 2010-23 / CVE-2010-0181: phpBB developer Henry Sudhof reported\nthat when an image tag points to a resource that redirects to a\nmailto: URL, the external mail handler application is launched. This\nissue poses no security threat to users but could create an annoyance\nwhen browsing a site that allows users to post arbitrary images.\n\nMFSA 2010-24 / CVE-2010-0182: Mozilla community member Wladimir Palant\nreported that XML documents were failing to call certain security\nchecks when loading new content. This could result in certain\nresources being loaded that would otherwise violate security policies\nset by the browser or installed add-ons.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=586567\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2010-04/msg00011.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected MozillaFirefox packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(310);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-branding-upstream\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner191\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner191-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner191-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner191-gnomevfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner191-gnomevfs-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner191-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner191-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-xpcom191\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/04/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/04/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.2\", reference:\"MozillaFirefox-3.5.9-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"MozillaFirefox-branding-upstream-3.5.9-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"MozillaFirefox-translations-common-3.5.9-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"MozillaFirefox-translations-other-3.5.9-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"mozilla-xulrunner191-1.9.1.9-1.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"mozilla-xulrunner191-devel-1.9.1.9-1.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"mozilla-xulrunner191-gnomevfs-1.9.1.9-1.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"mozilla-xulrunner191-translations-common-1.9.1.9-1.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"mozilla-xulrunner191-translations-other-1.9.1.9-1.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"python-xpcom191-1.9.1.9-1.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", cpu:\"x86_64\", reference:\"mozilla-xulrunner191-32bit-1.9.1.9-1.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", cpu:\"x86_64\", reference:\"mozilla-xulrunner191-gnomevfs-32bit-1.9.1.9-1.1.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MozillaFirefox\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "ubuntu": [{"lastseen": "2018-08-31T00:10:08", "bulletinFamily": "unix", "description": "Martijn Wargers, Josh Soref, Jesse Ruderman, and Ehsan Akhgari discovered flaws in the browser engine of Firefox. If a user were tricked into viewing a malicious website, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-0173, CVE-2010-0174)\n\nIt was discovered that Firefox could be made to access previously freed memory. If a user were tricked into viewing a malicious website, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-0175, CVE-2010-0176, CVE-2010-0177)\n\nPaul Stone discovered that Firefox could be made to change a mouse click into a drag and drop event. If the user could be tricked into performing this action twice on a crafted website, an attacker could execute arbitrary JavaScript with chrome privileges. (CVE-2010-0178)\n\nIt was discovered that the XMLHttpRequestSpy module as used by the Firebug add-on could be used to escalate privileges within the browser. If the user had the Firebug add-on installed and were tricked into viewing a malicious website, an attacker could potentially run arbitrary JavaScript. (CVE-2010-0179)\n\nHenry Sudhof discovered that an image tag could be used as a redirect to a mailto: URL to launch an external mail handler. (CVE-2010-0181)\n\nWladimir Palant discovered that Firefox did not always perform security checks on XML content. An attacker could exploit this to bypass security policies to load certain resources. (CVE-2010-0182)", "modified": "2010-04-09T00:00:00", "published": "2010-04-09T00:00:00", "id": "USN-921-1", "href": "https://usn.ubuntu.com/921-1/", "title": "Firefox 3.5 and Xulrunner vulnerabilities", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "debian": [{"lastseen": "2018-10-16T22:13:05", "bulletinFamily": "unix", "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-2075-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nJuly 27, 2010 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : xulrunner\nVulnerability : several\nProblem type : remote\nDebian-specific: no\nCVE Id(s) : CVE-2010-0182 CVE-2010-0654 CVE-2010-1205 CVE-2010-1208 CVE-2010-1211 CVE-2010-1214 CVE-2010-2751 CVE-2010-2753 CVE-2010-2754\n\nSeveral remote vulnerabilities have been discovered in Xulrunner, a\nruntime environment for XUL applications. The Common Vulnerabilities\nand Exposures project identifies the following problems:\n\nCVE-2010-0182\n\n Wladimir Palant discovered that security checks in XML processing\n were insufficiently enforced.\n\nCVE-2010-0654\n\n Chris Evans discovered that insecure CSS handling could lead to\n reading data across domain boundaries.\n\nCVE-2010-1205\n\n Aki Helin discovered a buffer overflow in the internal copy of\n libpng, which could lead to the execution of arbitrary code.\n\nCVE-2010-1208\n\n "regenrecht" discovered that incorrect memory handling in DOM\n parsing could lead to the execution of arbitrary code.\n\nCVE-2010-1211\n\n Jesse Ruderman, Ehsan Akhgari, Mats Palmgren, Igor Bukanov, Gary\n Kwong, Tobias Markus and Daniel Holbert discovered crashes in the\n layout engine, which might allow the execution of arbitrary code.\n\nCVE-2010-1214\n\n "JS3" discovered an integer overflow in the plugin code, which\n could lead to the execution of arbitrary code.\n\nCVE-2010-2751\n\n Jordi Chancel discovered that the location could be spoofed to\n appear like a secured page.\n\nCVE-2010-2753\n\n "regenrecht" discovered that incorrect memory handling in XUL\n parsing could lead to the execution of arbitrary code.\n\nCVE-2010-2754\n\n Soroush Dalili discovered an information leak in script processing.\n\n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 1.9.0.19-3.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.9.1.11-1.\n\nFor the experimental distribution, these problems have been fixed in\nversion 1.9.2.7-1.\n\nWe recommend that you upgrade your xulrunner packages.\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 5.0 alias lenny\n- --------------------------------\n\nStable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.9.0.19-3.diff.gz\n Size/MD5 checksum: 149955 e6ec4540373a8dfbea5c1e63f5b628b2\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.9.0.19-3.dsc\n Size/MD5 checksum: 1755 59f9033377f2450ad114d9ee4367f9c7\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.9.0.19.orig.tar.gz\n Size/MD5 checksum: 44174623 83667df1e46399960593fdd8832e958e\n\nArchitecture independent packages:\n\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozillainterfaces-java_1.9.0.19-3_all.deb\n Size/MD5 checksum: 1466246 a3b5c8b34df7e2077a5e3c5c0d911b85\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-3_alpha.deb\n Size/MD5 checksum: 165496 ad7c134eeadc1a2aa751c289052d32f1\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-3_alpha.deb\n Size/MD5 checksum: 433152 57f7a88c05eece5c0ea17517646267bb\n http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-3_alpha.deb\n Size/MD5 checksum: 72550 b581302383396b57f7e07aa4564245b3\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-3_alpha.deb\n Size/MD5 checksum: 51155444 37595efd28303ec3a88d294b58c1e7aa\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-3_alpha.deb\n Size/MD5 checksum: 9487312 452f2c3b26bb249711720ade76e77c3f\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-3_alpha.deb\n Size/MD5 checksum: 223422 9ce6e6f35412321405c27618a3550763\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-3_alpha.deb\n Size/MD5 checksum: 113478 f4946488381af317acb3bd27da3e372e\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-3_alpha.deb\n Size/MD5 checksum: 940250 abb2d020d4cce2e5547d17dd94323cee\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-3_alpha.deb\n Size/MD5 checksum: 3357434 a26b339fee481f1ae5494ee0983e3e75\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-3_amd64.deb\n Size/MD5 checksum: 50381710 4e6df9133e326ca7fe1d91adab87609b\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-3_amd64.deb\n Size/MD5 checksum: 3291324 01a75923a6b796c2e1f3c02e4584072f\n http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-3_amd64.deb\n Size/MD5 checksum: 152266 0a9e05d5e36920cf9cb6c9e39357679b\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-3_amd64.deb\n Size/MD5 checksum: 7735106 eedecb0183cd911bf7416be5f61cf88e\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-3_amd64.deb\n Size/MD5 checksum: 374604 7a71d4ce527727f43225fc1cdc6b3915\n http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-3_amd64.deb\n Size/MD5 checksum: 70226 f8860e988f030333c59f893582e17da0\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-3_amd64.deb\n Size/MD5 checksum: 890738 0db2e5b458ae1495dce575688a27ef2a\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-3_amd64.deb\n Size/MD5 checksum: 223326 1d128ae917c5dab4e977ffb018cb704c\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-3_amd64.deb\n Size/MD5 checksum: 101830 2bb9a62d6454d0b7ef6da98cc07b4013\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-3_arm.deb\n Size/MD5 checksum: 140950 d9044d5f823661f4a1ef11c47971d6e2\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-3_arm.deb\n Size/MD5 checksum: 3584768 6ff8221347684a334d6f358d2c8f2dcc\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-3_arm.deb\n Size/MD5 checksum: 6802070 e489c87976c243d040f568a8e04a7466\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-3_arm.deb\n Size/MD5 checksum: 351056 dd61fc5b425e296ef00120b4cfbc5604\n http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-3_arm.deb\n Size/MD5 checksum: 68552 819703fc0550ee6473572ea3655ab1f5\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-3_arm.deb\n Size/MD5 checksum: 84224 f3915220a86a6a31e48b845d2af7f249\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-3_arm.deb\n Size/MD5 checksum: 222376 cb0563f3e5220ceb6f42b8e6471eb883\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-3_arm.deb\n Size/MD5 checksum: 49349776 4037a4ab7eeb964c24c95fbb905edbe6\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-3_arm.deb\n Size/MD5 checksum: 815334 c055e242c82b7643c67712602e4f3215\n\narmel architecture (ARM EABI)\n\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-3_armel.deb\n Size/MD5 checksum: 822978 f8609edb961b6c71732c17575393644a\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-3_armel.deb\n Size/MD5 checksum: 6962470 fc143ac75279405ef99a3e045439adeb\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-3_armel.deb\n Size/MD5 checksum: 3583846 db81fc2e4c8a30fbaf0b176f6d7e77a5\n http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-3_armel.deb\n Size/MD5 checksum: 142446 016a6aa2efa9e49788c97bc925d90bbb\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-3_armel.deb\n Size/MD5 checksum: 353294 65f40d8a434c6b430685ef1a54246888\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-3_armel.deb\n Size/MD5 checksum: 50182030 97009b62c3d65b5e715f363d7a5a2e0c\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-3_armel.deb\n Size/MD5 checksum: 223380 30fd707dea85e43894c84036115920a3\n http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-3_armel.deb\n Size/MD5 checksum: 70694 e5892c32e9850d86138ebf15ad317b63\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-3_armel.deb\n Size/MD5 checksum: 84758 a94402fed374f82a1ffeb338cb2a4cbb\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-3_hppa.deb\n Size/MD5 checksum: 223614 ea284c98cc97b10b879d6174b81cb486\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-3_hppa.deb\n Size/MD5 checksum: 899460 290c89b8835d773b8fd240f5610dc63c\n http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-3_hppa.deb\n Size/MD5 checksum: 72280 1d32724f444212696e28d15dc22386af\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-3_hppa.deb\n Size/MD5 checksum: 413386 e78a2aabb581f3f7f8da9cb531d6a883\n http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-3_hppa.deb\n Size/MD5 checksum: 158762 89855347fdf8833df8fd643cfd6a2f10\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-3_hppa.deb\n Size/MD5 checksum: 51267722 b51b03ef591a26a4bb72fb0c58e610c0\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-3_hppa.deb\n Size/MD5 checksum: 3632562 2d9a207f01319a7bd8f3eb72b3762c77\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-3_hppa.deb\n Size/MD5 checksum: 9523510 0f38b76b0074881d4b12823eedc40846\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-3_hppa.deb\n Size/MD5 checksum: 106998 32d701f55bd4cc6e0f7160c3b5db43aa\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-3_i386.deb\n Size/MD5 checksum: 49553140 cd9fb750075df895e2ad46a8fe4c8bdf\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-3_i386.deb\n Size/MD5 checksum: 852228 f04ee6f2c26e9bda77477d64a13f3c53\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-3_i386.deb\n Size/MD5 checksum: 79554 e69019a20fc3e8750faf73961cae8a38\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-3_i386.deb\n Size/MD5 checksum: 224454 c7e441828615fa66d9907b6407a2b1ad\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-3_i386.deb\n Size/MD5 checksum: 351828 85e4711445491850841c2f05102f2bd2\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-3_i386.deb\n Size/MD5 checksum: 6609818 b99e5d5f75686adcea1c3570fb82ead5\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-3_i386.deb\n Size/MD5 checksum: 3573826 2869c274453928b8b110d8aee7dcba96\n http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-3_i386.deb\n Size/MD5 checksum: 142966 847a37421b7980378c81c5e818c2df3d\n http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-3_i386.deb\n Size/MD5 checksum: 68968 1eee7343caee6a8a23a141bf6b653fa4\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-3_ia64.deb\n Size/MD5 checksum: 224078 a9dc6949ac6ef39884d1cb58929e20fc\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-3_ia64.deb\n Size/MD5 checksum: 3693822 602f37b927bc425803730a66d17e8bec\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-3_ia64.deb\n Size/MD5 checksum: 542370 6015bef0d96154f73c32b2031c8bbf70\n http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-3_ia64.deb\n Size/MD5 checksum: 77166 1a94ec379b6e210cf35c1116939fc5f7\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-3_ia64.deb\n Size/MD5 checksum: 813100 d0cdc640bf4a68973942cf563b7f7d7b\n http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-3_ia64.deb\n Size/MD5 checksum: 181192 54ef9505c0b0a0b62539dc3d983a8f83\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-3_ia64.deb\n Size/MD5 checksum: 11340432 b833d183a5337231c512aba60e733213\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-3_ia64.deb\n Size/MD5 checksum: 49734538 21b8086eb33e228f4a3800307a721558\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-3_ia64.deb\n Size/MD5 checksum: 121688 1e8f51c8c5d1097d5c0e4b8fd6743ec7\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-3_mips.deb\n Size/MD5 checksum: 3611102 8f2980b314f14ff7cf1c244ed11ee638\n http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-3_mips.deb\n Size/MD5 checksum: 145574 f38aa4d16323e517d075d1de833a7a35\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-3_mips.deb\n Size/MD5 checksum: 380888 73bf50fdf8fd49a2251f3c13db9e0a2c\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-3_mips.deb\n Size/MD5 checksum: 7677088 d034f72357eb3276850bea226dfc3489\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-3_mips.deb\n Size/MD5 checksum: 96932 9c55e0f731b1a507e77abb54ea7c2b08\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-3_mips.deb\n Size/MD5 checksum: 223126 cc6d3e47d51d4a15cd05ef6af47560c2\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-3_mips.deb\n Size/MD5 checksum: 51902590 b9cafda15eba1ae28b5b054bd82e9d62\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-3_mips.deb\n Size/MD5 checksum: 919306 764f458b99647036fbdb1b36768e9b99\n http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-3_mips.deb\n Size/MD5 checksum: 70412 c674d096e73e7f353733e502bbc9cd05\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-3_mipsel.deb\n Size/MD5 checksum: 378984 c66e5ff8815e2386755ece9c9a34b820\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-3_mipsel.deb\n Size/MD5 checksum: 50034074 88479753fa54a417df183b78d0bb6ed1\n http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-3_mipsel.deb\n Size/MD5 checksum: 145324 a801aeefc7fbf555ab407eaeb4c35295\n http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-3_mipsel.deb\n Size/MD5 checksum: 70170 3145be02d89d6e205de5d89b269b9d8d\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-3_mipsel.deb\n Size/MD5 checksum: 3311114 4dac1eff7f53b49976d984606e76afe6\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-3_mipsel.deb\n Size/MD5 checksum: 900836 6727b545324904a39f31261db59f516b\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-3_mipsel.deb\n Size/MD5 checksum: 97046 2953be8b2d4df3994abd68d6f95de215\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-3_mipsel.deb\n Size/MD5 checksum: 7384772 6666f68f98fa2cc81d9e3106c958360b\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-3_mipsel.deb\n Size/MD5 checksum: 223416 a3ad25d92dc8f8e09352bc1fbce07989\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-3_powerpc.deb\n Size/MD5 checksum: 95068 18f76fe7d470194c6320df8b42e7b09b\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-3_powerpc.deb\n Size/MD5 checksum: 888120 b426372622e1ac0164db3f25589a5447\n http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-3_powerpc.deb\n Size/MD5 checksum: 152544 e3b9205b45b66a3fcf4937c44897a7d8\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-3_powerpc.deb\n Size/MD5 checksum: 3285670 a63c4ce33c3f482584b32cfe50488700\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-3_powerpc.deb\n Size/MD5 checksum: 7287440 f9d042196ccedd4dfb4da6d3e45ca2b1\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-3_powerpc.deb\n Size/MD5 checksum: 51458688 a669258d296192b6bd48b68006f9b618\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-3_powerpc.deb\n Size/MD5 checksum: 223412 b900b19a182c059590bfcdb9495851ef\n http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-3_powerpc.deb\n Size/MD5 checksum: 73306 94fdad8b176e63c0c791d19a026ce4b0\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-3_powerpc.deb\n Size/MD5 checksum: 362778 79f1ea4633cf0147da60871533750312\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-3_s390.deb\n Size/MD5 checksum: 156410 6e986f5714d7052295a32253daea02a9\n http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-3_s390.deb\n Size/MD5 checksum: 73182 f3b9b343586f554ac37e5c7c8970a28a\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-3_s390.deb\n Size/MD5 checksum: 407006 5919961e64253609b9eacc6a31a19b87\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-3_s390.deb\n Size/MD5 checksum: 8401766 a23f6d0b7ac0b83997635feff3977ac2\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-3_s390.deb\n Size/MD5 checksum: 223402 f08c12d85314436f6331b75e2e18b1c7\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-3_s390.deb\n Size/MD5 checksum: 909824 8c8c3aa62be4c19e97351562dcbe1694\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-3_s390.deb\n Size/MD5 checksum: 3308768 50226e505e97362404ffbe3e770775fe\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-3_s390.deb\n Size/MD5 checksum: 105828 1e5fc5d7be3c5ab803dd71e8391c06bb\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-3_s390.deb\n Size/MD5 checksum: 51242096 ebae3e5b1eb3fd2d9470cbe117b8ced9\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-3_sparc.deb\n Size/MD5 checksum: 49406432 caf251c788fe4f76679f600bd1d7b1c0\n http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-3_sparc.deb\n Size/MD5 checksum: 70192 33434a3b887ac076d88c0a4e425b3c29\n http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-3_sparc.deb\n Size/MD5 checksum: 144136 359a3cac1ee340f79eb9a53ac65f62ed\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-3_sparc.deb\n Size/MD5 checksum: 7181582 4b0f8aaf9a51e7c76073afbb7ea33c6e\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-3_sparc.deb\n Size/MD5 checksum: 3583844 11cb9b988b9eac3564f11ed310a8d77e\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-3_sparc.deb\n Size/MD5 checksum: 84544 0646f157f384a6a1ffcc3052035d1789\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-3_sparc.deb\n Size/MD5 checksum: 350470 1c643effc57e45c6afc964f2284cda7e\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-3_sparc.deb\n Size/MD5 checksum: 223260 77281a13fcc78aacd93cf479621ccf74\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-3_sparc.deb\n Size/MD5 checksum: 821854 32eba751571daa1dcd4db30e7a3b7b2c\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n", "modified": "2010-07-27T19:47:58", "published": "2010-07-27T19:47:58", "id": "DEBIAN:DSA-2075-1:0D9EA", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2010/msg00120.html", "title": "[SECURITY] [DSA 2075-1] New xulrunner packages fix several vulnerabilities", "type": "debian", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "redhat": [{"lastseen": "2018-12-11T17:41:40", "bulletinFamily": "unix", "description": "Mozilla Firefox is an open source web browser.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nFirefox. (CVE-2010-1121, CVE-2010-1200, CVE-2010-1202, CVE-2010-1203)\n\nA flaw was found in the way browser plug-ins interact. It was possible for\na plug-in to reference the freed memory from a different plug-in, resulting\nin the execution of arbitrary code with the privileges of the user running\nFirefox. (CVE-2010-1198)\n\nSeveral integer overflow flaws were found in the processing of malformed\nweb content. A web page containing malicious content could cause Firefox to\ncrash or, potentially, execute arbitrary code with the privileges of the\nuser running Firefox. (CVE-2010-1196, CVE-2010-1199)\n\nA focus stealing flaw was found in the way Firefox handled focus changes. A\nmalicious website could use this flaw to steal sensitive data from a user,\nsuch as usernames and passwords. (CVE-2010-1125)\n\nA flaw was found in the way Firefox handled the \"Content-Disposition:\nattachment\" HTTP header when the \"Content-Type: multipart\" HTTP header was\nalso present. A website that allows arbitrary uploads and relies on the\n\"Content-Disposition: attachment\" HTTP header to prevent content from being\ndisplayed inline, could be used by an attacker to serve malicious content\nto users. (CVE-2010-1197)\n\nA flaw was found in the Firefox Math.random() function. This function could\nbe used to identify a browsing session and track a user across different\nwebsites. (CVE-2008-5913)\n\nA flaw was found in the Firefox XML document loading security checks.\nCertain security checks were not being called when an XML document was\nloaded. This could possibly be leveraged later by an attacker to load\ncertain resources that violate the security policies of the browser or its\nadd-ons. Note that this issue cannot be exploited by only loading an XML\ndocument. (CVE-2010-0182)\n\nFor technical details regarding these flaws, refer to the Mozilla security\nadvisories for Firefox 3.6.4. You can find a link to the Mozilla advisories\nin the References section of this erratum.\n\nThis erratum upgrades Firefox from version 3.0.19 to version 3.6.4, and as\nsuch, contains multiple bug fixes and numerous enhancements. Space\nprecludes documenting these changes in this advisory. For details\nconcerning these changes, refer to the Firefox Release Notes links in the\nReferences section of this erratum.\n\nImportant: Firefox 3.6.4 is not completely backwards-compatible with all\nMozilla Add-ons and Firefox plug-ins that worked with Firefox 3.0.19.\nFirefox 3.6 checks compatibility on first-launch, and, depending on the\nindividual configuration and the installed Add-ons and plug-ins, may\ndisable said Add-ons and plug-ins, or attempt to check for updates and\nupgrade them. Add-ons and plug-ins may have to be manually updated.\n\nAll Firefox users should upgrade to this updated package, which contains\nFirefox version 3.6.4. After installing the update, Firefox must be\nrestarted for the changes to take effect.\n", "modified": "2017-09-08T12:16:13", "published": "2010-06-22T04:00:00", "id": "RHSA-2010:0500", "href": "https://access.redhat.com/errata/RHSA-2010:0500", "type": "redhat", "title": "(RHSA-2010:0500) Critical: firefox security, bug fix, and enhancement update", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-12-11T17:41:38", "bulletinFamily": "unix", "description": "Mozilla Firefox is an open source web browser.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nFirefox. (CVE-2010-1121, CVE-2010-1200, CVE-2010-1202, CVE-2010-1203)\n\nA flaw was found in the way browser plug-ins interact. It was possible for\na plug-in to reference the freed memory from a different plug-in, resulting\nin the execution of arbitrary code with the privileges of the user running\nFirefox. (CVE-2010-1198)\n\nSeveral integer overflow flaws were found in the processing of malformed\nweb content. A web page containing malicious content could cause Firefox to\ncrash or, potentially, execute arbitrary code with the privileges of the\nuser running Firefox. (CVE-2010-1196, CVE-2010-1199)\n\nA focus stealing flaw was found in the way Firefox handled focus changes. A\nmalicious website could use this flaw to steal sensitive data from a user,\nsuch as usernames and passwords. (CVE-2010-1125)\n\nA flaw was found in the way Firefox handled the \"Content-Disposition:\nattachment\" HTTP header when the \"Content-Type: multipart\" HTTP header was\nalso present. A website that allows arbitrary uploads and relies on the\n\"Content-Disposition: attachment\" HTTP header to prevent content from being\ndisplayed inline, could be used by an attacker to serve malicious content\nto users. (CVE-2010-1197)\n\nA flaw was found in the Firefox Math.random() function. This function could\nbe used to identify a browsing session and track a user across different\nwebsites. (CVE-2008-5913)\n\nA flaw was found in the Firefox XML document loading security checks.\nCertain security checks were not being called when an XML document was\nloaded. This could possibly be leveraged later by an attacker to load\ncertain resources that violate the security policies of the browser or its\nadd-ons. Note that this issue cannot be exploited by only loading an XML\ndocument. (CVE-2010-0182)\n\nFor technical details regarding these flaws, refer to the Mozilla security\nadvisories for Firefox 3.6.4. You can find a link to the Mozilla advisories\nin the References section of this erratum.\n\nThis erratum upgrades Firefox from version 3.0.19 to version 3.6.4. Due to\nthe requirements of Firefox 3.6.4, this erratum also provides a number of\nother updated packages, including esc, totem, and yelp.\n\nThis erratum also contains multiple bug fixes and numerous enhancements.\nSpace precludes documenting these changes in this advisory. For details\nconcerning these changes, refer to the Firefox Release Notes links in the\nReferences section of this erratum.\n\nImportant: Firefox 3.6.4 is not completely backwards-compatible with all\nMozilla Add-ons and Firefox plug-ins that worked with Firefox 3.0.19.\nFirefox 3.6 checks compatibility on first-launch, and, depending on the\nindividual configuration and the installed Add-ons and plug-ins, may\ndisable said Add-ons and plug-ins, or attempt to check for updates and\nupgrade them. Add-ons and plug-ins may have to be manually updated.\n\nAll Firefox users should upgrade to these updated packages, which contain\nFirefox version 3.6.4. After installing the update, Firefox must be\nrestarted for the changes to take effect.\n", "modified": "2017-09-08T11:55:24", "published": "2010-06-22T04:00:00", "id": "RHSA-2010:0501", "href": "https://access.redhat.com/errata/RHSA-2010:0501", "type": "redhat", "title": "(RHSA-2010:0501) Critical: firefox security, bug fix, and enhancement update", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "suse": [{"lastseen": "2016-09-04T12:30:16", "bulletinFamily": "unix", "description": "The Mozilla Firefox browser was updated to version 3.5.9 fixing lots of bugs and security issues. On openSUSE 11.0 and 11.1 the browser was updated from the 3.0 branch to 3.5.9\n#### Solution\nThere is no known workaround, please install the update packages.", "modified": "2010-04-14T16:54:51", "published": "2010-04-14T16:54:51", "id": "SUSE-SA:2010:021", "href": "http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00003.html", "title": "remote code execution in MozillaFirefox,MozillaThunderbird,seamonkey,mozilla-nss", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:21:58", "bulletinFamily": "unix", "description": "This patch contains security updates for\n\n * mozilla-nss 3.16.4\n - The following 1024-bit root CA certificate was restored to allow more\n time to develop a better transition strategy for affected sites. It\n was removed in NSS 3.16.3, but discussion in the\n mozilla.dev.security.policy forum led to the decision to keep this\n root included longer in order to give website administrators more time\n to update their web servers.\n - CN = GTE CyberTrust Global Root\n * In NSS 3.16.3, the 1024-bit "Entrust.net Secure Server Certification\n Authority" root CA certificate was removed. In NSS 3.16.4, a 2048-bit\n intermediate CA certificate has been included, without explicit trust.\n The intention is to mitigate the effects of the previous removal of\n the 1024-bit Entrust.net root certificate, because many public\n Internet sites still use the "USERTrust Legacy Secure Server CA"\n intermediate certificate that is signed by the 1024-bit Entrust.net\n root certificate. The inclusion of the intermediate certificate is a\n temporary measure to allow those sites to function, by allowing them\n to find a trust path to another 2048-bit root CA certificate. The\n temporarily included intermediate certificate expires November 1, 2015.\n\n * Firefox 31.1esr Firefox is updated from 24esr to 31esr as maintenance\n for version 24 stopped\n\n", "modified": "2014-09-09T18:04:16", "published": "2014-09-09T18:04:16", "href": "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00004.html", "id": "OPENSUSE-SU-2014:1100-1", "title": "Firefox update to 31.1esr (important)", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "centos": [{"lastseen": "2019-04-03T05:18:32", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2010:0501\n\n\nMozilla Firefox is an open source web browser.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nFirefox. (CVE-2010-1121, CVE-2010-1200, CVE-2010-1202, CVE-2010-1203)\n\nA flaw was found in the way browser plug-ins interact. It was possible for\na plug-in to reference the freed memory from a different plug-in, resulting\nin the execution of arbitrary code with the privileges of the user running\nFirefox. (CVE-2010-1198)\n\nSeveral integer overflow flaws were found in the processing of malformed\nweb content. A web page containing malicious content could cause Firefox to\ncrash or, potentially, execute arbitrary code with the privileges of the\nuser running Firefox. (CVE-2010-1196, CVE-2010-1199)\n\nA focus stealing flaw was found in the way Firefox handled focus changes. A\nmalicious website could use this flaw to steal sensitive data from a user,\nsuch as usernames and passwords. (CVE-2010-1125)\n\nA flaw was found in the way Firefox handled the \"Content-Disposition:\nattachment\" HTTP header when the \"Content-Type: multipart\" HTTP header was\nalso present. A website that allows arbitrary uploads and relies on the\n\"Content-Disposition: attachment\" HTTP header to prevent content from being\ndisplayed inline, could be used by an attacker to serve malicious content\nto users. (CVE-2010-1197)\n\nA flaw was found in the Firefox Math.random() function. This function could\nbe used to identify a browsing session and track a user across different\nwebsites. (CVE-2008-5913)\n\nA flaw was found in the Firefox XML document loading security checks.\nCertain security checks were not being called when an XML document was\nloaded. This could possibly be leveraged later by an attacker to load\ncertain resources that violate the security policies of the browser or its\nadd-ons. Note that this issue cannot be exploited by only loading an XML\ndocument. (CVE-2010-0182)\n\nFor technical details regarding these flaws, refer to the Mozilla security\nadvisories for Firefox 3.6.4. You can find a link to the Mozilla advisories\nin the References section of this erratum.\n\nThis erratum upgrades Firefox from version 3.0.19 to version 3.6.4. Due to\nthe requirements of Firefox 3.6.4, this erratum also provides a number of\nother updated packages, including esc, totem, and yelp.\n\nThis erratum also contains multiple bug fixes and numerous enhancements.\nSpace precludes documenting these changes in this advisory. For details\nconcerning these changes, refer to the Firefox Release Notes links in the\nReferences section of this erratum.\n\nImportant: Firefox 3.6.4 is not completely backwards-compatible with all\nMozilla Add-ons and Firefox plug-ins that worked with Firefox 3.0.19.\nFirefox 3.6 checks compatibility on first-launch, and, depending on the\nindividual configuration and the installed Add-ons and plug-ins, may\ndisable said Add-ons and plug-ins, or attempt to check for updates and\nupgrade them. Add-ons and plug-ins may have to be manually updated.\n\nAll Firefox users should upgrade to these updated packages, which contain\nFirefox version 3.6.4. After installing the update, Firefox must be\nrestarted for the changes to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2010-June/016745.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-June/016746.html\n\n**Affected packages:**\ndevhelp\ndevhelp-devel\nesc\nfirefox\ngnome-python2-extras\ngnome-python2-gtkhtml2\ngnome-python2-gtkmozembed\ngnome-python2-gtkspell\ngnome-python2-libegg\ntotem\ntotem-devel\ntotem-mozplugin\nxulrunner\nxulrunner-devel\nyelp\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2010-0501.html", "modified": "2010-06-24T12:14:17", "published": "2010-06-24T12:14:16", "href": "http://lists.centos.org/pipermail/centos-announce/2010-June/016746.html", "id": "CESA-2010:0501", "title": "devhelp, esc, firefox, gnome, totem, xulrunner, yelp security update", "type": "centos", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-04-03T05:19:07", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2010:0500\n\n\nMozilla Firefox is an open source web browser.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nFirefox. (CVE-2010-1121, CVE-2010-1200, CVE-2010-1202, CVE-2010-1203)\n\nA flaw was found in the way browser plug-ins interact. It was possible for\na plug-in to reference the freed memory from a different plug-in, resulting\nin the execution of arbitrary code with the privileges of the user running\nFirefox. (CVE-2010-1198)\n\nSeveral integer overflow flaws were found in the processing of malformed\nweb content. A web page containing malicious content could cause Firefox to\ncrash or, potentially, execute arbitrary code with the privileges of the\nuser running Firefox. (CVE-2010-1196, CVE-2010-1199)\n\nA focus stealing flaw was found in the way Firefox handled focus changes. A\nmalicious website could use this flaw to steal sensitive data from a user,\nsuch as usernames and passwords. (CVE-2010-1125)\n\nA flaw was found in the way Firefox handled the \"Content-Disposition:\nattachment\" HTTP header when the \"Content-Type: multipart\" HTTP header was\nalso present. A website that allows arbitrary uploads and relies on the\n\"Content-Disposition: attachment\" HTTP header to prevent content from being\ndisplayed inline, could be used by an attacker to serve malicious content\nto users. (CVE-2010-1197)\n\nA flaw was found in the Firefox Math.random() function. This function could\nbe used to identify a browsing session and track a user across different\nwebsites. (CVE-2008-5913)\n\nA flaw was found in the Firefox XML document loading security checks.\nCertain security checks were not being called when an XML document was\nloaded. This could possibly be leveraged later by an attacker to load\ncertain resources that violate the security policies of the browser or its\nadd-ons. Note that this issue cannot be exploited by only loading an XML\ndocument. (CVE-2010-0182)\n\nFor technical details regarding these flaws, refer to the Mozilla security\nadvisories for Firefox 3.6.4. You can find a link to the Mozilla advisories\nin the References section of this erratum.\n\nThis erratum upgrades Firefox from version 3.0.19 to version 3.6.4, and as\nsuch, contains multiple bug fixes and numerous enhancements. Space\nprecludes documenting these changes in this advisory. For details\nconcerning these changes, refer to the Firefox Release Notes links in the\nReferences section of this erratum.\n\nImportant: Firefox 3.6.4 is not completely backwards-compatible with all\nMozilla Add-ons and Firefox plug-ins that worked with Firefox 3.0.19.\nFirefox 3.6 checks compatibility on first-launch, and, depending on the\nindividual configuration and the installed Add-ons and plug-ins, may\ndisable said Add-ons and plug-ins, or attempt to check for updates and\nupgrade them. Add-ons and plug-ins may have to be manually updated.\n\nAll Firefox users should upgrade to this updated package, which contains\nFirefox version 3.6.4. After installing the update, Firefox must be\nrestarted for the changes to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2010-August/016876.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-August/016877.html\n\n**Affected packages:**\nfirefox\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2010-0500.html", "modified": "2010-08-06T19:15:15", "published": "2010-08-06T19:15:15", "href": "http://lists.centos.org/pipermail/centos-announce/2010-August/016876.html", "id": "CESA-2010:0500", "title": "firefox security update", "type": "centos", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "oraclelinux": [{"lastseen": "2018-08-31T01:47:51", "bulletinFamily": "unix", "description": "[3.6.4-8.0.1.el4]\n- Add firefox-oracle-default-prefs.js and firefox-oracle-default-bookmarks.html\n and remove the corresponding Red Hat ones\n[3.6.4-8.el4]\n- Update to 3.6.4 build 7\n- Disable checking for updates since they can't be applied\n[3.6.4-7.el4]\n- Update to 3.6.4 build 6\n[3.6.4-6.el4]\n- Update to 3.6.4 build 5\n[3.6.4-5.el4]\n- Update to 3.6.4 build 4\n[3.6.4-3.el4]\n- Update to 3.6.4 build 3\n[3.6.4-2.el4]\n- Update to 3.6.4 build 2\n[3.6.4-1.el4]\n- Update to 3.6.4\n[3.6.3-2.el4]\n- s390(x) build fix\n[3.6.3-1.el4]\n- Rebase to 3.6.3 ", "modified": "2010-06-23T00:00:00", "published": "2010-06-23T00:00:00", "id": "ELSA-2010-0500", "href": "http://linux.oracle.com/errata/ELSA-2010-0500.html", "title": "firefox security, bug fix, and enhancement update", "type": "oraclelinux", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T01:46:58", "bulletinFamily": "unix", "description": "devhelp:\n[0.12-21]\n- Rebuild against xulrunner\nesc:\n[1.1.0-12]\n- Rebuild for xulrunner update\nfirefox:\n[3.6.4-8.0.1.el5]\n- Add firefox-oracle-default-prefs.js and firefox-oracle-default-bookmarks.html\n and remove the corresponding Red Hat ones\n[3.6.4-8]\n- Fixing NVR\n[3.6.4-7]\n- Update to 3.6.4 build7\n- Disable checking for updates since they can't be applied\n[3.6.4-6]\n- Update to 3.6.4 build6\n[3.6.4-5]\n- Update to 3.6.4 build5\n[3.6.4-4]\n- Update to 3.6.4 build4\n[3.6.4-3]\n- Update to 3.6.4 build 3\n[3.6.4-2]\n- Update to 3.6.4 build 2\n[3.6.4-1]\n- Update to 3.6.4\n[3.6.3-3]\n- Fixed language packs (#581392)\n[3.6.3-2]\n- Fixed multilib conflict\n[3.6.3-1]\n- Rebase to 3.6.3\ngnome-python2-extras:\n[2.14.2-7]\n- rebuild agains xulrunner\ntotem:\n[2.16.7-7]\n- rebuild against new xulrunner\nxulrunner:\n[1.9.2.4-9.0.1]\n- Added xulrunner-oracle-default-prefs.js and removed the corresponding\n RedHat one.\n[1.9.2.4-9]\n- Update to 1.9.2.4 build 7\n[1.9.2.4-8]\n- Update to 1.9.2.4 build 6\n[1.9.2.4-7]\n- Update to 1.9.2.4 build 5\n[1.9.2.4-6]\n- Update to 1.9.2.4 build 4\n- Fixed mozbz#546270 patch\n[1.9.2.4-5]\n- Update to 1.9.2.4 build 3\n[1.9.2.4-4]\n- Update to 1.9.2.4 build 2\n- Enabled oopp\n[1.9.2.4-3]\n- Disabled libnotify\n[1.9.2.4-2]\n- Disabled oopp, causes TEXTREL\n[1.9.2.4-1]\n- Update to 1.9.2.4\n[1.9.2.3-3]\n- fixed js-config.h multilib conflict\n- fixed file list\n[1.9.2.3-2]\n- Added fix for rhbz#555760 - Firefox Javascript anomily, \n landscape print orientation reverts to portrait (mozbz#546270)\n[1.9.2.3-1]\n- Update to 1.9.2.3\n[1.9.2.2-1]\n- Rebase to 1.9.2.2\nyelp:\n[2.16.0-26]\n- rebuild against xulrunner\n[2.16.0-25]\n- rebuild against xulrunner\n- added xulrunner fix\n- added -fno-strict-aliasing to build flags", "modified": "2010-06-23T00:00:00", "published": "2010-06-23T00:00:00", "id": "ELSA-2010-0501", "href": "http://linux.oracle.com/errata/ELSA-2010-0501.html", "title": "firefox security, bug fix, and enhancement update", "type": "oraclelinux", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:36", "bulletinFamily": "software", "description": "Multiple memory corruptions, integer overflows, array index overflows, information leak.", "modified": "2013-08-20T00:00:00", "published": "2013-08-20T00:00:00", "id": "SECURITYVULNS:VULN:10745", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:10745", "title": "\u041c\u043d\u043e\u0433\u043e\u0447\u0438\u0441\u043b\u0435\u043d\u043d\u044b\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 Mozilla Firefox / Seamonkey multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:13", "bulletinFamily": "unix", "description": "### Background\n\nMozilla Firefox is an open-source web browser and Mozilla Thunderbird an open-source email client, both from the Mozilla Project. The SeaMonkey project is a community effort to deliver production-quality releases of code derived from the application formerly known as the \u2018Mozilla Application Suite\u2019. XULRunner is a Mozilla runtime package that can be used to bootstrap XUL+XPCOM applications such as Firefox and Thunderbird. NSS is Mozilla\u2019s Network Security Services library that implements PKI support. IceCat is the GNU version of Firefox. \n\n### Description\n\nMultiple vulnerabilities have been discovered in Mozilla Firefox, Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could entice a user to view a specially crafted web page or email, possibly resulting in execution of arbitrary code or a Denial of Service condition. Furthermore, a remote attacker may be able to perform Man-in-the-Middle attacks, obtain sensitive information, bypass restrictions and protection mechanisms, force file downloads, conduct XML injection attacks, conduct XSS attacks, bypass the Same Origin Policy, spoof URL\u2019s for phishing attacks, trigger a vertical scroll, spoof the location bar, spoof an SSL indicator, modify the browser\u2019s font, conduct clickjacking attacks, or have other unspecified impact. \n\nA local attacker could gain escalated privileges, obtain sensitive information, or replace an arbitrary downloaded file. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Mozilla Firefox users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/firefox-10.0.11\"\n \n\nAll users of the Mozilla Firefox binary package should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/firefox-bin-10.0.11\"\n \n\nAll Mozilla Thunderbird users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=mail-client/thunderbird-10.0.11\"\n \n\nAll users of the Mozilla Thunderbird binary package should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=mail-client/thunderbird-bin-10.0.11\"\n \n\nAll Mozilla SeaMonkey users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/seamonkey-2.14-r1\"\n \n\nAll users of the Mozilla SeaMonkey binary package should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/seamonkey-bin-2.14\"\n \n\nAll NSS users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-libs/nss-3.14\"\n \n\nThe \u201cwww-client/mozilla-firefox\u201d package has been merged into the \u201cwww-client/firefox\u201d package. To upgrade, please unmerge \u201cwww-client/mozilla-firefox\u201d and then emerge the latest \u201cwww-client/firefox\u201d package: \n \n \n # emerge --sync\n # emerge --unmerge \"www-client/mozilla-firefox\"\n # emerge --ask --oneshot --verbose \">=www-client/firefox-10.0.11\"\n \n\nThe \u201cwww-client/mozilla-firefox-bin\u201d package has been merged into the \u201cwww-client/firefox-bin\u201d package. To upgrade, please unmerge \u201cwww-client/mozilla-firefox-bin\u201d and then emerge the latest \u201cwww-client/firefox-bin\u201d package: \n \n \n # emerge --sync\n # emerge --unmerge \"www-client/mozilla-firefox-bin\"\n # emerge --ask --oneshot --verbose \">=www-client/firefox-bin-10.0.11\"\n \n\nThe \u201cmail-client/mozilla-thunderbird\u201d package has been merged into the \u201cmail-client/thunderbird\u201d package. To upgrade, please unmerge \u201cmail-client/mozilla-thunderbird\u201d and then emerge the latest \u201cmail-client/thunderbird\u201d package: \n \n \n # emerge --sync\n # emerge --unmerge \"mail-client/mozilla-thunderbird\"\n # emerge --ask --oneshot --verbose \">=mail-client/thunderbird-10.0.11\"\n \n\nThe \u201cmail-client/mozilla-thunderbird-bin\u201d package has been merged into the \u201cmail-client/thunderbird-bin\u201d package. To upgrade, please unmerge \u201cmail-client/mozilla-thunderbird-bin\u201d and then emerge the latest \u201cmail-client/thunderbird-bin\u201d package: \n \n \n # emerge --sync\n # emerge --unmerge \"mail-client/mozilla-thunderbird-bin\"\n # emerge --ask --oneshot --verbose\n \">=mail-client/thunderbird-bin-10.0.11\"\n \n\nGentoo discontinued support for GNU IceCat. We recommend that users unmerge GNU IceCat: \n \n \n # emerge --unmerge \"www-client/icecat\"\n \n\nGentoo discontinued support for XULRunner. We recommend that users unmerge XULRunner: \n \n \n # emerge --unmerge \"net-libs/xulrunner\"\n \n\nGentoo discontinued support for the XULRunner binary package. We recommend that users unmerge XULRunner: \n \n \n # emerge --unmerge \"net-libs/xulrunner-bin\"", "modified": "2013-01-08T00:00:00", "published": "2013-01-08T00:00:00", "id": "GLSA-201301-01", "href": "https://security.gentoo.org/glsa/201301-01", "type": "gentoo", "title": "Mozilla Products: Multiple vulnerabilities", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
