-- TippingPoint(TM) IPS Customer Protection:
TippingPoint IPS customers have been protected against this
vulnerability by Digital Vaccine protection filter ID 11198.
For further product information on the TippingPoint IPS, visit:
http://www.tippingpoint.com
-- Vulnerability Details:
This vulnerability allows remote attackers to execute arbitrary code on
vulnerable installations of Mozilla Firefox. User interaction is
required to exploit this vulnerability in that the target must visit a
malicious page or open a malicious file.
The specific flaw exists within Firefox's handling of observer OBJECTs.
If an observer OBJECT is removed from the mObserverList during an
iteration of LOOP_OVER_OBSERVERS macro, one can heap spray over
|mObserverList.mNext| and
change the execution flow. This would allow the attacker to execute
arbitrary code under the context of the user running the browser.
-- Vendor Response:
Mozilla has issued an update to correct this vulnerability. More
details can be found at:
-- Disclosure Timeline:
2011-02-17 - Vulnerability reported to vendor
2011-05-10 - Coordinated public release of advisory
-- Credit:
This vulnerability was discovered by:
* regenrecht
-- About the Zero Day Initiative (ZDI):
Established by TippingPoint, The Zero Day Initiative (ZDI) represents
a best-of-breed model for rewarding security researchers for responsibly
disclosing discovered vulnerabilities.
Researchers interested in getting paid for their security research
through the ZDI can find more information and sign-up at:
http://www.zerodayinitiative.com
The ZDI is unique in how the acquired vulnerability information is
used. TippingPoint does not re-sell the vulnerability details or any
exploit code. Instead, upon notifying the affected product vendor,
TippingPoint provides its customers with zero day protection through
its intrusion prevention technology. Explicit details regarding the
specifics of the vulnerability are not exposed to any parties until
an official vendor patch is publicly available. Furthermore, with the
altruistic aim of helping to secure a broader user base, TippingPoint
provides this vulnerability information confidentially to security
vendors (including competitors) who have a vulnerability protection or
mitigation product.
Our vulnerability disclosure policy is available online at:
{"id": "SECURITYVULNS:DOC:26340", "bulletinFamily": "software", "title": "ZDI-11-159: Mozilla Firefox OBJECT mObserverList Remote Code Execution Vulnerability", "description": "ZDI-11-159: Mozilla Firefox OBJECT mObserverList Remote Code Execution Vulnerability\r\n\r\nhttp://www.zerodayinitiative.com/advisories/ZDI-11-159\r\n\r\nMay 10, 2011\r\n\r\n-- CVE ID:\r\nCVE-2011-0066\r\n\r\n-- CVSS:\r\n9, (AV:N/AC:L/Au:N/C:P/I:P/A:C)\r\n\r\n-- Affected Vendors:\r\nMozilla\r\n\r\n-- Affected Products:\r\nMozilla Firefox\r\n\r\n-- TippingPoint(TM) IPS Customer Protection:\r\nTippingPoint IPS customers have been protected against this\r\nvulnerability by Digital Vaccine protection filter ID 11198. \r\nFor further product information on the TippingPoint IPS, visit:\r\n\r\n http://www.tippingpoint.com\r\n\r\n-- Vulnerability Details:\r\nThis vulnerability allows remote attackers to execute arbitrary code on\r\nvulnerable installations of Mozilla Firefox. User interaction is\r\nrequired to exploit this vulnerability in that the target must visit a\r\nmalicious page or open a malicious file.\r\n\r\nThe specific flaw exists within Firefox's handling of observer OBJECTs.\r\nIf an observer OBJECT is removed from the mObserverList during an\r\niteration of LOOP_OVER_OBSERVERS macro, one can heap spray over\r\n|mObserverList.mNext| and\r\nchange the execution flow. This would allow the attacker to execute\r\narbitrary code under the context of the user running the browser.\r\n\r\n-- Vendor Response:\r\nMozilla has issued an update to correct this vulnerability. More\r\ndetails can be found at:\r\n\r\nhttp://www.mozilla.org/security/announce/2011/mfsa2011-13.html\r\n\r\n-- Disclosure Timeline:\r\n2011-02-17 - Vulnerability reported to vendor\r\n2011-05-10 - Coordinated public release of advisory\r\n\r\n-- Credit:\r\nThis vulnerability was discovered by:\r\n * regenrecht\r\n\r\n-- About the Zero Day Initiative (ZDI):\r\nEstablished by TippingPoint, The Zero Day Initiative (ZDI) represents \r\na best-of-breed model for rewarding security researchers for responsibly\r\ndisclosing discovered vulnerabilities.\r\n\r\nResearchers interested in getting paid for their security research\r\nthrough the ZDI can find more information and sign-up at:\r\n\r\n http://www.zerodayinitiative.com\r\n\r\nThe ZDI is unique in how the acquired vulnerability information is\r\nused. TippingPoint does not re-sell the vulnerability details or any\r\nexploit code. Instead, upon notifying the affected product vendor,\r\nTippingPoint provides its customers with zero day protection through\r\nits intrusion prevention technology. Explicit details regarding the\r\nspecifics of the vulnerability are not exposed to any parties until\r\nan official vendor patch is publicly available. Furthermore, with the\r\naltruistic aim of helping to secure a broader user base, TippingPoint\r\nprovides this vulnerability information confidentially to security\r\nvendors (including competitors) who have a vulnerability protection or\r\nmitigation product.\r\n\r\nOur vulnerability disclosure policy is available online at:\r\n\r\n http://www.zerodayinitiative.com/advisories/disclosure_policy/\r\n\r\nFollow the ZDI on Twitter:\r\n\r\n http://twitter.com/thezdi\r\n", "published": "2011-05-11T00:00:00", "modified": "2011-05-11T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:26340", "reporter": "Securityvulns", "references": [], "cvelist": ["CVE-2011-0066"], "type": "securityvulns", "lastseen": "2018-08-31T11:10:40", "edition": 1, "viewCount": 1, "enchantments": {"score": {"value": 8.1, "vector": "NONE", "modified": "2018-08-31T11:10:40", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2011-0066"]}, {"type": "zdi", "idList": ["ZDI-11-159"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:26238", "SECURITYVULNS:VULN:11633"]}, {"type": "openvas", "idList": ["OPENVAS:850166", "OPENVAS:1361412562310880513", "OPENVAS:1361412562310801883", "OPENVAS:831387", "OPENVAS:840675", "OPENVAS:1361412562310831384", "OPENVAS:880561", "OPENVAS:1361412562310840650", "OPENVAS:1361412562310840652", "OPENVAS:801883"]}, {"type": "nessus", "idList": ["SUSE_11_3_SEAMONKEY-110429.NASL", "SUSE_11_2_MOZILLAFIREFOX-110429.NASL", "SUSE_11_2_SEAMONKEY-110429.NASL", "DEBIAN_DSA-2235.NASL", "MOZILLA_FIREFOX_3617.NASL", "SUSE_11_MOZILLAFIREFOX-110429.NASL", "DEBIAN_DSA-2227.NASL", "CENTOS_RHSA-2011-0471.NASL", "SUSE_11_3_MOZILLA-XULRUNNER191-110429.NASL", "SUSE_11_4_SEAMONKEY-110429.NASL"]}, {"type": "ubuntu", "idList": ["USN-1112-1", "USN-1122-3", "USN-1122-2", "USN-1122-1", "USN-1123-1"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2228-1:3272E", "DEBIAN:DSA-2227-1:C543D", "DEBIAN:BSA-034:9DF39", "DEBIAN:DSA-2235-1:7DA12"]}, {"type": "redhat", "idList": ["RHSA-2011:0471"]}, {"type": "centos", "idList": ["CESA-2011:0471"]}, {"type": "oraclelinux", "idList": ["ELSA-2011-0471"]}, {"type": "suse", "idList": ["SUSE-SA:2011:022"]}, {"type": "gentoo", "idList": ["GLSA-201301-01"]}], "modified": "2018-08-31T11:10:40", "rev": 2}, "vulnersScore": 8.1}, "affectedSoftware": []}
{"cve": [{"lastseen": "2020-12-09T19:39:02", "description": "Use-after-free vulnerability in Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, and SeaMonkey before 2.0.14, allows remote attackers to execute arbitrary code via vectors related to OBJECT's mObserverList.", "edition": 5, "cvss3": {}, "published": "2011-05-07T18:55:00", "title": "CVE-2011-0066", "type": "cve", "cwe": ["CWE-399"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-0066"], "modified": "2017-09-19T01:31:00", "cpe": ["cpe:/a:mozilla:seamonkey:1.0.8", "cpe:/a:mozilla:firefox:2.0.0.9", "cpe:/a:mozilla:firefox:3.0.2", "cpe:/a:mozilla:firefox:3.5.6", "cpe:/a:mozilla:firefox:1.5.0.3", "cpe:/a:mozilla:seamonkey:2.0.6", "cpe:/a:mozilla:seamonkey:2.0", "cpe:/a:mozilla:firefox:1.5.0.2", "cpe:/a:mozilla:firefox:2.0.0.14", "cpe:/a:mozilla:firefox:3.5.12", "cpe:/a:mozilla:seamonkey:2.0.7", "cpe:/a:mozilla:firefox:3.5.14", "cpe:/a:mozilla:firefox:2.0.0.18", "cpe:/a:mozilla:firefox:2.0.0.8", "cpe:/a:mozilla:firefox:3.5.18", "cpe:/a:mozilla:firefox:3.0.12", "cpe:/a:mozilla:firefox:1.5.1", "cpe:/a:mozilla:firefox:1.5.4", "cpe:/a:mozilla:seamonkey:1.1.17", "cpe:/a:mozilla:seamonkey:1.0.2", "cpe:/a:mozilla:seamonkey:1.1.2", "cpe:/a:mozilla:firefox:2.0.0.13", "cpe:/a:mozilla:seamonkey:1.5.0.10", "cpe:/a:mozilla:seamonkey:1.1.18", "cpe:/a:mozilla:seamonkey:2.0.3", "cpe:/a:mozilla:seamonkey:1.0", "cpe:/a:mozilla:firefox:3.5.3", "cpe:/a:mozilla:seamonkey:1.5.0.9", "cpe:/a:mozilla:firefox:2.0.0.3", "cpe:/a:mozilla:seamonkey:2.0.11", "cpe:/a:mozilla:firefox:2.0.0.2", "cpe:/a:mozilla:firefox:1.5.0.1", "cpe:/a:mozilla:firefox:3.6.12", "cpe:/a:mozilla:firefox:3.6.7", "cpe:/a:mozilla:firefox:3.6.2", "cpe:/a:mozilla:firefox:2.0.0.12", "cpe:/a:mozilla:firefox:3.5.13", "cpe:/a:mozilla:firefox:3.0.4", "cpe:/a:mozilla:seamonkey:1.0.9", "cpe:/a:mozilla:firefox:3.0.14", "cpe:/a:mozilla:firefox:3.6.4", "cpe:/a:mozilla:firefox:1.5.7", "cpe:/a:mozilla:firefox:1.0.5", "cpe:/a:mozilla:firefox:2.0.0.17", "cpe:/a:mozilla:seamonkey:1.1.15", "cpe:/a:mozilla:firefox:2.0", "cpe:/a:mozilla:firefox:1.0", "cpe:/a:mozilla:firefox:2.0.0.20", "cpe:/a:mozilla:firefox:1.0.3", "cpe:/a:mozilla:firefox:2.0.0.10", "cpe:/a:mozilla:seamonkey:1.1.9", "cpe:/a:mozilla:firefox:1.5.0.5", "cpe:/a:mozilla:firefox:1.5.0.12", "cpe:/a:mozilla:seamonkey:1.1.10", "cpe:/a:mozilla:firefox:3.5.5", "cpe:/a:mozilla:firefox:3.0.5", "cpe:/a:mozilla:seamonkey:1.1.12", "cpe:/a:mozilla:firefox:3.6", "cpe:/a:mozilla:firefox:1.5.6", "cpe:/a:mozilla:seamonkey:2.0.8", "cpe:/a:mozilla:firefox:1.0.4", "cpe:/a:mozilla:seamonkey:1.1.6", "cpe:/a:mozilla:firefox:2.0.0.7", "cpe:/a:mozilla:firefox:3.5.1", "cpe:/a:mozilla:firefox:3.5.7", "cpe:/a:mozilla:firefox:1.0.7", "cpe:/a:mozilla:seamonkey:1.1.5", "cpe:/a:mozilla:firefox:1.0.6", "cpe:/a:mozilla:firefox:3.0.9", "cpe:/a:mozilla:firefox:3.6.8", "cpe:/a:mozilla:firefox:1.0.1", "cpe:/a:mozilla:seamonkey:1.1.4", "cpe:/a:mozilla:firefox:2.0.0.15", "cpe:/a:mozilla:seamonkey:2.0.4", "cpe:/a:mozilla:firefox:3.6.3", "cpe:/a:mozilla:firefox:3.6.9", "cpe:/a:mozilla:firefox:3.5", "cpe:/a:mozilla:firefox:1.5.0.10", "cpe:/a:mozilla:firefox:3.5.16", "cpe:/a:mozilla:firefox:1.0.2", "cpe:/a:mozilla:seamonkey:1.0.6", "cpe:/a:mozilla:firefox:3.0.16", "cpe:/a:mozilla:firefox:1.5.8", "cpe:/a:mozilla:seamonkey:2.0.2", "cpe:/a:mozilla:firefox:3.0.13", "cpe:/a:mozilla:seamonkey:1.0.4", "cpe:/a:mozilla:seamonkey:2.0.13", "cpe:/a:mozilla:seamonkey:1.0.5", "cpe:/a:mozilla:firefox:1.5.5", "cpe:/a:mozilla:firefox:3.0.11", "cpe:/a:mozilla:firefox:1.5.0.4", "cpe:/a:mozilla:firefox:2.0.0.1", "cpe:/a:mozilla:firefox:1.5.0.9", "cpe:/a:mozilla:seamonkey:1.0.7", "cpe:/a:mozilla:firefox:1.5.2", "cpe:/a:mozilla:seamonkey:1.1.11", "cpe:/a:mozilla:firefox:3.6.16", "cpe:/a:mozilla:seamonkey:1.1.3", "cpe:/a:mozilla:firefox:1.5.0.11", "cpe:/a:mozilla:firefox:3.0.3", "cpe:/a:mozilla:firefox:1.5.0.6", "cpe:/a:mozilla:firefox:2.0.0.6", "cpe:/a:mozilla:firefox:2.0.0.5", "cpe:/a:mozilla:firefox:1.5", "cpe:/a:mozilla:firefox:3.0.6", "cpe:/a:mozilla:seamonkey:1.1.1", "cpe:/a:mozilla:firefox:1.5.0.7", "cpe:/a:mozilla:seamonkey:1.1.7", "cpe:/a:mozilla:seamonkey:2.0.9", "cpe:/a:mozilla:firefox:3.5.17", "cpe:/a:mozilla:seamonkey:2.0.5", "cpe:/a:mozilla:seamonkey:2.0.12", "cpe:/a:mozilla:firefox:3.5.8", "cpe:/a:mozilla:seamonkey:1.5.0.8", "cpe:/a:mozilla:firefox:3.0.15", "cpe:/a:mozilla:firefox:3.0.7", "cpe:/a:mozilla:seamonkey:1.1.14", "cpe:/a:mozilla:seamonkey:1.1.16", "cpe:/a:mozilla:firefox:3.0", "cpe:/a:mozilla:firefox:3.6.15", "cpe:/a:mozilla:firefox:1.5.3", "cpe:/a:mozilla:firefox:3.5.11", "cpe:/a:mozilla:firefox:3.0.10", "cpe:/a:mozilla:firefox:3.6.11", "cpe:/a:mozilla:firefox:3.0.8", "cpe:/a:mozilla:firefox:1.0.8", "cpe:/a:mozilla:firefox:1.5.0.8", "cpe:/a:mozilla:firefox:3.0.1", "cpe:/a:mozilla:seamonkey:1.0.1", "cpe:/a:mozilla:firefox:3.5.15", "cpe:/a:mozilla:firefox:3.6.13", "cpe:/a:mozilla:firefox:3.5.4", "cpe:/a:mozilla:seamonkey:1.0.3", "cpe:/a:mozilla:seamonkey:2.0.10", "cpe:/a:mozilla:firefox:3.5.9", "cpe:/a:mozilla:firefox:3.6.10", "cpe:/a:mozilla:seamonkey:1.1", "cpe:/a:mozilla:firefox:3.5.2", "cpe:/a:mozilla:firefox:2.0.0.16", "cpe:/a:mozilla:firefox:3.5.10", "cpe:/a:mozilla:firefox:3.6.6", "cpe:/a:mozilla:seamonkey:1.1.19", "cpe:/a:mozilla:firefox:2.0.0.19", "cpe:/a:mozilla:firefox:3.0.17", "cpe:/a:mozilla:firefox:2.0.0.11", "cpe:/a:mozilla:firefox:2.0.0.4", "cpe:/a:mozilla:seamonkey:2.0.1", "cpe:/a:mozilla:firefox:3.6.14", "cpe:/a:mozilla:seamonkey:1.1.8", "cpe:/a:mozilla:seamonkey:1.1.13"], "id": "CVE-2011-0066", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0066", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:mozilla:firefox:3.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.18:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:beta_2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.15:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:beta_1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.17:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.11:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.17:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.14:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:alpha_3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1:beta:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.5.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.18:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.15:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.16:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.15:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1:alpha:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.12:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.17:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.14:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.12:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0:beta:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.19:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.16:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.5.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.11:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.11:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.16:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.13:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.17:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.19:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0:alpha:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.20:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:alpha_1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:alpha_2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.18:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.5.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.0:preview_release:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.14:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.13:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.12:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.13:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.13:*:*:*:*:*:*:*"]}], "zdi": [{"lastseen": "2020-06-22T11:41:02", "bulletinFamily": "info", "cvelist": ["CVE-2011-0066"], "edition": 3, "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within Firefox's handling of observer OBJECTs. If an observer OBJECT is removed from the mObserverList during an iteration of LOOP_OVER_OBSERVERS macro, one can heap spray over |mObserverList.mNext| andchange the execution flow. This would allow the attacker to execute arbitrary code under the context of the user running the browser.", "modified": "2011-06-22T00:00:00", "published": "2011-05-10T00:00:00", "href": "https://www.zerodayinitiative.com/advisories/ZDI-11-159/", "id": "ZDI-11-159", "title": "Mozilla Firefox OBJECT mObserverList Remote Code Execution Vulnerability", "type": "zdi", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:40", "bulletinFamily": "software", "cvelist": ["CVE-2011-0073", "CVE-2011-0066", "CVE-2011-0065"], "description": "Mozilla Foundation Security Advisory 2011-13\r\n\r\nTitle: Multiple dangling pointer vulnerabilities\r\nImpact: Critical\r\nAnnounced: April 28, 2011\r\nReporter: regenrecht\r\nProducts: Firefox, SeaMonkey\r\n\r\nFixed in: Firefox 3.6.17\r\n Firefox 3.5.19\r\n SeaMonkey 2.0.14\r\nDescription\r\n\r\nSecurity researcher regenrecht reported several dangling pointer vulnerabilities via TippingPoint's Zero Day Initiative.\r\n\r\nFirefox 4 was not affected by these issues.\r\nReferences\r\n\r\n Use-after-free vulnerability in OBJECT's mChannel\r\n CVE-2011-0065\r\n\r\n Use-after-free vulnerability in OBJECT's mObserverList\r\n CVE-2011-0066\r\n\r\n nsTreeRange Dangling Pointer Remote Code Execution Vulnerability\r\n CVE-2011-0073\r\n", "edition": 1, "modified": "2011-05-01T00:00:00", "published": "2011-05-01T00:00:00", "id": "SECURITYVULNS:DOC:26238", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:26238", "title": "Mozilla Foundation Security Advisory 2011-13", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:42", "bulletinFamily": "software", "cvelist": ["CVE-2011-0077", "CVE-2011-1202", "CVE-2011-0071", "CVE-2011-0068", "CVE-2011-0080", "CVE-2011-0073", "CVE-2011-0079", "CVE-2011-0066", "CVE-2011-0065", "CVE-2011-0081", "CVE-2011-0075", "CVE-2011-0074", "CVE-2011-0069", "CVE-2011-0078", "CVE-2011-0070", "CVE-2011-0076", "CVE-2011-0067", "CVE-2011-0072"], "description": "Multiple memory corruptions, uninitialized pointer dereferences, information leakage, code execution.", "edition": 1, "modified": "2011-05-11T00:00:00", "published": "2011-05-11T00:00:00", "id": "SECURITYVULNS:VULN:11633", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:11633", "title": "Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "openvas": [{"lastseen": "2019-07-19T22:17:19", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-0073", "CVE-2011-0066", "CVE-2011-0065", "CVE-2011-0067"], "description": "The host is installed with Mozilla Firefox or Seamonkey and is prone to\n multiple vulnerabilities.", "modified": "2019-07-17T00:00:00", "published": "2011-05-18T00:00:00", "id": "OPENVAS:1361412562310801883", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310801883", "type": "openvas", "title": "Mozilla Products Multiple Vulnerabilities May-11 (Windows)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mozilla Products Multiple Vulnerabilities May-11 (Windows)\n#\n# Authors:\n# Sooraj KS <kssooraj@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.801883\");\n script_version(\"2019-07-17T11:14:11+0000\");\n script_tag(name:\"last_modification\", value:\"2019-07-17 11:14:11 +0000 (Wed, 17 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2011-05-18 15:37:30 +0200 (Wed, 18 May 2011)\");\n script_cve_id(\"CVE-2011-0065\", \"CVE-2011-0066\", \"CVE-2011-0067\", \"CVE-2011-0073\");\n script_bugtraq_id(47659, 47662, 47667, 47663);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Mozilla Products Multiple Vulnerabilities May-11 (Windows)\");\n\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/44357/\");\n script_xref(name:\"URL\", value:\"http://www.vupen.com/english/advisories/2011/1127\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2011/mfsa2011-12.html\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_firefox_detect_portable_win.nasl\", \"gb_seamonkey_detect_win.nasl\");\n script_mandatory_keys(\"Mozilla/Firefox_or_Seamonkey_or_Thunderbird/Installed\");\n script_tag(name:\"impact\", value:\"Successful exploitation will let remote attackers to execute arbitrary code.\");\n script_tag(name:\"affected\", value:\"SeaMonkey versions before 2.0.14.\n Mozilla Firefox versions before 3.5.19 and 3.6.x before 3.6.17.\");\n script_tag(name:\"insight\", value:\"- Multiple use-after-free errors within the handling of the 'mChannel',\n 'mObserverList', and 'nsTreeRange' object attributes can be exploited\n to execute arbitrary code.\n\n - An error when handling Java applets can be exploited to steal entries\n from the form history via the autocomplete controls.\");\n script_tag(name:\"summary\", value:\"The host is installed with Mozilla Firefox or Seamonkey and is prone to\n multiple vulnerabilities.\");\n script_tag(name:\"solution\", value:\"Upgrade to Firefox version 3.5.19 or 3.6.17 or later,\n Upgrade to Seamonkey version 2.0.14 or later.\");\n\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/projects/seamonkey/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\n\nffVer = get_kb_item(\"Firefox/Win/Ver\");\nif(ffVer)\n{\n if(version_is_less(version:ffVer, test_version:\"3.5.19\") ||\n version_in_range(version:ffVer, test_version:\"3.6.0\", test_version2:\"3.6.16\"))\n {\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n }\n}\n\nsmVer = get_kb_item(\"Seamonkey/Win/Ver\");\nif(smVer != NULL)\n{\n if(version_is_less(version:smVer, test_version:\"2.0.14\")){\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-09-04T14:19:33", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-0073", "CVE-2011-0066", "CVE-2011-0065", "CVE-2011-0067"], "description": "The host is installed with Mozilla Firefox or Seamonkey and is prone to\n multiple vulnerabilities.", "modified": "2017-08-28T00:00:00", "published": "2011-05-18T00:00:00", "id": "OPENVAS:801883", "href": "http://plugins.openvas.org/nasl.php?oid=801883", "type": "openvas", "title": "Mozilla Products Multiple Vulnerabilities May-11 (Windows)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_mozilla_prdts_mult_vuln_win_may11.nasl 7015 2017-08-28 11:51:24Z teissa $\n#\n# Mozilla Products Multiple Vulnerabilities May-11 (Windows)\n#\n# Authors:\n# Sooraj KS <kssooraj@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_solution = \"Upgrade to Firefox version 3.5.19 or 3.6.17 or later\n http://www.mozilla.com/en-US/firefox/all.html\n\n Upgrade to Seamonkey version 2.0.14 or later\n http://www.seamonkey-project.org/releases/\";\n\ntag_impact = \"Successful exploitation will let remote attackers to execute arbitrary code.\n Impact Level: Application\";\ntag_affected = \"SeaMonkey versions before 2.0.14.\n Mozilla Firefox versions before 3.5.19 and 3.6.x before 3.6.17.\";\ntag_insight = \"- Multiple use-after-free errors within the handling of the 'mChannel',\n 'mObserverList', and 'nsTreeRange' object attributes can be exploited\n to execute arbitrary code.\n - An error when handling Java applets can be exploited to steal entries\n from the form history via the autocomplete controls.\";\ntag_summary = \"The host is installed with Mozilla Firefox or Seamonkey and is prone to\n multiple vulnerabilities.\";\n\nif(description)\n{\n script_id(801883);\n script_version(\"$Revision: 7015 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-08-28 13:51:24 +0200 (Mon, 28 Aug 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-05-18 15:37:30 +0200 (Wed, 18 May 2011)\");\n script_cve_id(\"CVE-2011-0065\", \"CVE-2011-0066\", \"CVE-2011-0067\", \"CVE-2011-0073\");\n script_bugtraq_id(47659,47662,47667,47663);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Mozilla Products Multiple Vulnerabilities May-11 (Windows)\");\n\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/44357/\");\n script_xref(name : \"URL\" , value : \"http://www.vupen.com/english/advisories/2011/1127\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2011/mfsa2011-12.html\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_firefox_detect_win.nasl\", \"gb_seamonkey_detect_win.nasl\");\n script_mandatory_keys(\"Mozilla/Firefox_or_Seamonkey_or_Thunderbird/Installed\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"solution\" , value : tag_solution);\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\n## Firefox Check\nffVer = get_kb_item(\"Firefox/Win/Ver\");\nif(ffVer)\n{\n ## Grep for Firefox version before 3.5.19 and 3.6.x before 3.6.17\n if(version_is_less(version:ffVer, test_version:\"3.5.19\") ||\n version_in_range(version:ffVer, test_version:\"3.6.0\", test_version2:\"3.6.16\"))\n {\n security_message(0);\n exit(0);\n }\n}\n\n## Seamonkey Check\nsmVer = get_kb_item(\"Seamonkey/Win/Ver\");\nif(smVer != NULL)\n{\n ## Grep for Seamonkey version 2.0.14\n if(version_is_less(version:smVer, test_version:\"2.0.14\")){\n security_message(0);\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:39:45", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-0077", "CVE-2011-0071", "CVE-2011-0080", "CVE-2011-0073", "CVE-2011-0066", "CVE-2011-0065", "CVE-2011-0081", "CVE-2011-0075", "CVE-2011-0074", "CVE-2011-0069", "CVE-2011-0078", "CVE-2011-0070", "CVE-2011-0067", "CVE-2011-0072"], "description": "The remote host is missing an update to iceape\nannounced via advisory DSA 2227-1.", "modified": "2019-03-18T00:00:00", "published": "2011-05-12T00:00:00", "id": "OPENVAS:136141256231069570", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231069570", "type": "openvas", "title": "Debian Security Advisory DSA 2227-1 (iceape)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2227_1.nasl 14275 2019-03-18 14:39:45Z cfischer $\n# Description: Auto-generated from advisory DSA 2227-1 (iceape)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.69570\");\n script_version(\"$Revision: 14275 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:39:45 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-05-12 19:21:50 +0200 (Thu, 12 May 2011)\");\n script_cve_id(\"CVE-2011-0065\", \"CVE-2011-0066\", \"CVE-2011-0067\", \"CVE-2011-0069\", \"CVE-2011-0070\", \"CVE-2011-0071\", \"CVE-2011-0072\", \"CVE-2011-0073\", \"CVE-2011-0074\", \"CVE-2011-0075\", \"CVE-2011-0077\", \"CVE-2011-0078\", \"CVE-2011-0080\", \"CVE-2011-0081\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Debian Security Advisory DSA 2227-1 (iceape)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB6\");\n script_xref(name:\"URL\", value:\"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202227-1\");\n script_tag(name:\"insight\", value:\"Several vulnerabilities have been found in the Iceape internet suite, an\nunbranded version of Seamonkey:\n\nCVE-2011-0069 CVE-2011-0070 CVE-2011-0072 CVE-2011-0074 CVE-2011-0075 CVE-2011-0077 CVE-2011-0078 CVE-2011-0080 CVE-2011-0081\n\nScoobidiver, Ian Beer Bob Clary, Henri Sivonen, Marco Bonardo,\nMats Palmgren, Jesse Ruderman, Aki Kelin and Martin Barbella\ndiscovered memory corruption bugs, which may lead to the execution\nof arbitrary code.\n\nCVE-2011-0065 CVE-2011-0066 CVE-2011-0073\n\nregenrecht discovered several dangling pointer vulnerabilities,\nwhich may lead to the execution of arbitrary code.\n\nCVE-2011-0067\n\nPaul Stone discovered that Java applets could steal information\nfrom the autocompletion history.\n\nCVE-2011-0071\n\nSoroush Dalili discovered a directory traversal vulnerability in\nhandling resource URIs.\n\nThe oldstable distribution (lenny) is not affected. The iceape package only\nprovides the XPCOM code.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 2.0.11-5.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2.0.14-1.\");\n\n script_tag(name:\"solution\", value:\"We recommend that you upgrade your iceape packages.\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update to iceape\nannounced via advisory DSA 2227-1.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"iceape\", ver:\"2.0.11-5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceape-browser\", ver:\"2.0.11-5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceape-chatzilla\", ver:\"2.0.11-5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceape-dbg\", ver:\"2.0.11-5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceape-dev\", ver:\"2.0.11-5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceape-mailnews\", ver:\"2.0.11-5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-24T12:55:31", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-0077", "CVE-2011-0071", "CVE-2011-0080", "CVE-2011-0073", "CVE-2011-0066", "CVE-2011-0065", "CVE-2011-0081", "CVE-2011-0075", "CVE-2011-0074", "CVE-2011-0069", "CVE-2011-0078", "CVE-2011-0070", "CVE-2011-0067", "CVE-2011-0072"], "description": "The remote host is missing an update to iceweasel\nannounced via advisory DSA 2228-1.", "modified": "2017-07-07T00:00:00", "published": "2011-05-12T00:00:00", "id": "OPENVAS:69573", "href": "http://plugins.openvas.org/nasl.php?oid=69573", "type": "openvas", "title": "Debian Security Advisory DSA 2228-1 (iceweasel)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2228_1.nasl 6613 2017-07-07 12:08:40Z cfischer $\n# Description: Auto-generated from advisory DSA 2228-1 (iceweasel)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several vulnerabilities have been found in Iceweasel, a web browser\nbased on Firefox:\n\nCVE-2011-0069 CVE-2011-0070 CVE-2011-0072 CVE-2011-0074 CVE-2011-0075 CVE-2011-0077 CVE-2011-0078 CVE-2011-0080 CVE-2011-0081\n\nScoobidiver, Ian Beer Bob Clary, Henri Sivonen, Marco Bonardo,\nMats Palmgren, Jesse Ruderman, Aki Kelin and Martin Barbella\ndiscovered memory corruption bugs, which may lead to the execution\nof arbitrary code.\n\nCVE-2011-0065 CVE-2011-0066 CVE-2011-0073\n\nregenrecht discovered several dangling pointer vulnerabilities,\nwhich may lead to the execution of arbitrary code.\n\nCVE-2011-0067\n\nPaul Stone discovered that Java applets could steal information\nfrom the autocompletion history.\n\nCVE-2011-0071\n\nSoroush Dalili discovered a directory traversal vulnerability in\nhandling resource URIs.\n\nFor the oldstable distribution (lenny), this problem will be fixed soon\nwith updated packages of the xulrunner source package.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 3.5.16-7.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 3.5.19-1.\n\nWe recommend that you upgrade your iceweasel packages.\";\ntag_summary = \"The remote host is missing an update to iceweasel\nannounced via advisory DSA 2228-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202228-1\";\n\n\nif(description)\n{\n script_id(69573);\n script_version(\"$Revision: 6613 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:08:40 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-05-12 19:21:50 +0200 (Thu, 12 May 2011)\");\n script_cve_id(\"CVE-2011-0065\", \"CVE-2011-0066\", \"CVE-2011-0067\", \"CVE-2011-0069\", \"CVE-2011-0070\", \"CVE-2011-0071\", \"CVE-2011-0072\", \"CVE-2011-0073\", \"CVE-2011-0074\", \"CVE-2011-0075\", \"CVE-2011-0077\", \"CVE-2011-0078\", \"CVE-2011-0080\", \"CVE-2011-0081\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Debian Security Advisory DSA 2228-1 (iceweasel)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"iceweasel\", ver:\"3.5.16-8\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-dbg\", ver:\"3.5.16-8\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmozjs-dev\", ver:\"1.9.1.16-8\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmozjs2d\", ver:\"1.9.1.16-8\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmozjs2d-dbg\", ver:\"1.9.1.16-8\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"spidermonkey-bin\", ver:\"1.9.1.16-8\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xulrunner-1.9.1\", ver:\"1.9.1.16-8\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xulrunner-1.9.1-dbg\", ver:\"1.9.1.16-8\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xulrunner-dev\", ver:\"1.9.1.16-8\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:55:34", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-0077", "CVE-2011-0071", "CVE-2011-0080", "CVE-2011-0073", "CVE-2011-0066", "CVE-2011-0065", "CVE-2011-0081", "CVE-2011-0075", "CVE-2011-0074", "CVE-2011-0069", "CVE-2011-0078", "CVE-2011-0070", "CVE-2011-0067", "CVE-2011-0072"], "description": "The remote host is missing an update to iceape\nannounced via advisory DSA 2227-1.", "modified": "2017-07-07T00:00:00", "published": "2011-05-12T00:00:00", "id": "OPENVAS:69570", "href": "http://plugins.openvas.org/nasl.php?oid=69570", "type": "openvas", "title": "Debian Security Advisory DSA 2227-1 (iceape)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2227_1.nasl 6613 2017-07-07 12:08:40Z cfischer $\n# Description: Auto-generated from advisory DSA 2227-1 (iceape)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several vulnerabilities have been found in the Iceape internet suite, an\nunbranded version of Seamonkey:\n\nCVE-2011-0069 CVE-2011-0070 CVE-2011-0072 CVE-2011-0074 CVE-2011-0075 CVE-2011-0077 CVE-2011-0078 CVE-2011-0080 CVE-2011-0081\n\nScoobidiver, Ian Beer Bob Clary, Henri Sivonen, Marco Bonardo,\nMats Palmgren, Jesse Ruderman, Aki Kelin and Martin Barbella\ndiscovered memory corruption bugs, which may lead to the execution\nof arbitrary code.\n\nCVE-2011-0065 CVE-2011-0066 CVE-2011-0073\n\nregenrecht discovered several dangling pointer vulnerabilities,\nwhich may lead to the execution of arbitrary code.\n\nCVE-2011-0067\n\nPaul Stone discovered that Java applets could steal information\nfrom the autocompletion history.\n\nCVE-2011-0071\n\nSoroush Dalili discovered a directory traversal vulnerability in\nhandling resource URIs.\n\nThe oldstable distribution (lenny) is not affected. The iceape package only\nprovides the XPCOM code.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 2.0.11-5.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2.0.14-1.\n\nWe recommend that you upgrade your iceape packages.\";\ntag_summary = \"The remote host is missing an update to iceape\nannounced via advisory DSA 2227-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202227-1\";\n\n\nif(description)\n{\n script_id(69570);\n script_version(\"$Revision: 6613 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:08:40 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-05-12 19:21:50 +0200 (Thu, 12 May 2011)\");\n script_cve_id(\"CVE-2011-0065\", \"CVE-2011-0066\", \"CVE-2011-0067\", \"CVE-2011-0069\", \"CVE-2011-0070\", \"CVE-2011-0071\", \"CVE-2011-0072\", \"CVE-2011-0073\", \"CVE-2011-0074\", \"CVE-2011-0075\", \"CVE-2011-0077\", \"CVE-2011-0078\", \"CVE-2011-0080\", \"CVE-2011-0081\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Debian Security Advisory DSA 2227-1 (iceape)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"iceape\", ver:\"2.0.11-5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceape-browser\", ver:\"2.0.11-5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceape-chatzilla\", ver:\"2.0.11-5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceape-dbg\", ver:\"2.0.11-5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceape-dev\", ver:\"2.0.11-5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceape-mailnews\", ver:\"2.0.11-5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:39:36", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-0077", "CVE-2011-0071", "CVE-2011-0080", "CVE-2011-0073", "CVE-2011-0066", "CVE-2011-0065", "CVE-2011-0081", "CVE-2011-0075", "CVE-2011-0074", "CVE-2011-0069", "CVE-2011-0078", "CVE-2011-0070", "CVE-2011-0067", "CVE-2011-0072"], "description": "The remote host is missing an update to icedove\nannounced via advisory DSA 2235-1.", "modified": "2019-03-18T00:00:00", "published": "2011-08-03T00:00:00", "id": "OPENVAS:136141256231069731", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231069731", "type": "openvas", "title": "Debian Security Advisory DSA 2235-1 (icedove)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2235_1.nasl 14275 2019-03-18 14:39:45Z cfischer $\n# Description: Auto-generated from advisory DSA 2235-1 (icedove)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.69731\");\n script_version(\"$Revision: 14275 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:39:45 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-03 04:36:20 +0200 (Wed, 03 Aug 2011)\");\n script_cve_id(\"CVE-2011-0065\", \"CVE-2011-0066\", \"CVE-2011-0067\", \"CVE-2011-0069\", \"CVE-2011-0070\", \"CVE-2011-0071\", \"CVE-2011-0072\", \"CVE-2011-0073\", \"CVE-2011-0074\", \"CVE-2011-0075\", \"CVE-2011-0077\", \"CVE-2011-0078\", \"CVE-2011-0080\", \"CVE-2011-0081\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Debian Security Advisory DSA 2235-1 (icedove)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB6\");\n script_xref(name:\"URL\", value:\"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202235-1\");\n script_tag(name:\"insight\", value:\"Several vulnerabilities have been discovered in Icedove, an unbranded\nversion of the Thunderbird mail/news client.\n\nCVE-2011-0069 CVE-2011-0070 CVE-2011-0072 CVE-2011-0074 CVE-2011-0075 CVE-2011-0077 CVE-2011-0078 CVE-2011-0080 CVE-2011-0081\n\nScoobidiver, Ian Beer Bob Clary, Henri Sivonen, Marco Bonardo,\nMats Palmgren, Jesse Ruderman, Aki Kelin and Martin Barbella\ndiscovered memory corruption bugs, which may lead to the execution\nof arbitrary code.\n\nCVE-2011-0065 CVE-2011-0066 CVE-2011-0073\n\nregenrecht discovered several dangling pointer vulnerabilities,\nwhich may lead to the execution of arbitrary code.\n\nCVE-2011-0067\n\nPaul Stone discovered that Java applets could steal information\nfrom the autocompletion history.\n\nCVE-2011-0071\n\nSoroush Dalili discovered a directory traversal vulnerability in\nhandling resource URIs.\n\nAs indicated in the Lenny (oldstable) release notes, security support for\nthe Icedove packages in the oldstable needed to be stopped before the end\nof the regular Lenny security maintenance life cycle.\nYou are strongly encouraged to upgrade to stable or switch to a different\nmail client.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 3.0.11-1+squeeze2.\n\nFor the unstable distribution (sid), this problem will be fixed soon.\");\n\n script_tag(name:\"solution\", value:\"We recommend that you upgrade your icedove packages.\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update to icedove\nannounced via advisory DSA 2235-1.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"icedove\", ver:\"3.0.11-1+squeeze2\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-dbg\", ver:\"3.0.11-1+squeeze2\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-dev\", ver:\"3.0.11-1+squeeze2\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:39:27", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-0077", "CVE-2011-0071", "CVE-2011-0080", "CVE-2011-0073", "CVE-2011-0066", "CVE-2011-0065", "CVE-2011-0081", "CVE-2011-0075", "CVE-2011-0074", "CVE-2011-0069", "CVE-2011-0078", "CVE-2011-0070", "CVE-2011-0067", "CVE-2011-0072"], "description": "The remote host is missing an update to iceweasel\nannounced via advisory DSA 2228-1.", "modified": "2019-03-18T00:00:00", "published": "2011-05-12T00:00:00", "id": "OPENVAS:136141256231069573", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231069573", "type": "openvas", "title": "Debian Security Advisory DSA 2228-1 (iceweasel)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2228_1.nasl 14275 2019-03-18 14:39:45Z cfischer $\n# Description: Auto-generated from advisory DSA 2228-1 (iceweasel)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.69573\");\n script_version(\"$Revision: 14275 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:39:45 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-05-12 19:21:50 +0200 (Thu, 12 May 2011)\");\n script_cve_id(\"CVE-2011-0065\", \"CVE-2011-0066\", \"CVE-2011-0067\", \"CVE-2011-0069\", \"CVE-2011-0070\", \"CVE-2011-0071\", \"CVE-2011-0072\", \"CVE-2011-0073\", \"CVE-2011-0074\", \"CVE-2011-0075\", \"CVE-2011-0077\", \"CVE-2011-0078\", \"CVE-2011-0080\", \"CVE-2011-0081\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Debian Security Advisory DSA 2228-1 (iceweasel)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB6\");\n script_xref(name:\"URL\", value:\"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202228-1\");\n script_tag(name:\"insight\", value:\"Several vulnerabilities have been found in Iceweasel, a web browser\nbased on Firefox:\n\nCVE-2011-0069 CVE-2011-0070 CVE-2011-0072 CVE-2011-0074 CVE-2011-0075 CVE-2011-0077 CVE-2011-0078 CVE-2011-0080 CVE-2011-0081\n\nScoobidiver, Ian Beer Bob Clary, Henri Sivonen, Marco Bonardo,\nMats Palmgren, Jesse Ruderman, Aki Kelin and Martin Barbella\ndiscovered memory corruption bugs, which may lead to the execution\nof arbitrary code.\n\nCVE-2011-0065 CVE-2011-0066 CVE-2011-0073\n\nregenrecht discovered several dangling pointer vulnerabilities,\nwhich may lead to the execution of arbitrary code.\n\nCVE-2011-0067\n\nPaul Stone discovered that Java applets could steal information\nfrom the autocompletion history.\n\nCVE-2011-0071\n\nSoroush Dalili discovered a directory traversal vulnerability in\nhandling resource URIs.\n\nFor the oldstable distribution (lenny), this problem will be fixed soon\nwith updated packages of the xulrunner source package.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 3.5.16-7.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 3.5.19-1.\");\n\n script_tag(name:\"solution\", value:\"We recommend that you upgrade your iceweasel packages.\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update to iceweasel\nannounced via advisory DSA 2228-1.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"iceweasel\", ver:\"3.5.16-8\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-dbg\", ver:\"3.5.16-8\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmozjs-dev\", ver:\"1.9.1.16-8\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmozjs2d\", ver:\"1.9.1.16-8\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmozjs2d-dbg\", ver:\"1.9.1.16-8\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"spidermonkey-bin\", ver:\"1.9.1.16-8\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"xulrunner-1.9.1\", ver:\"1.9.1.16-8\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"xulrunner-1.9.1-dbg\", ver:\"1.9.1.16-8\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"xulrunner-dev\", ver:\"1.9.1.16-8\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-24T12:55:27", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-0077", "CVE-2011-0071", "CVE-2011-0080", "CVE-2011-0073", "CVE-2011-0066", "CVE-2011-0065", "CVE-2011-0081", "CVE-2011-0075", "CVE-2011-0074", "CVE-2011-0069", "CVE-2011-0078", "CVE-2011-0070", "CVE-2011-0067", "CVE-2011-0072"], "description": "The remote host is missing an update to icedove\nannounced via advisory DSA 2235-1.", "modified": "2017-07-07T00:00:00", "published": "2011-08-03T00:00:00", "id": "OPENVAS:69731", "href": "http://plugins.openvas.org/nasl.php?oid=69731", "type": "openvas", "title": "Debian Security Advisory DSA 2235-1 (icedove)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2235_1.nasl 6613 2017-07-07 12:08:40Z cfischer $\n# Description: Auto-generated from advisory DSA 2235-1 (icedove)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several vulnerabilities have been discovered in Icedove, an unbranded\nversion of the Thunderbird mail/news client.\n\nCVE-2011-0069 CVE-2011-0070 CVE-2011-0072 CVE-2011-0074 CVE-2011-0075 CVE-2011-0077 CVE-2011-0078 CVE-2011-0080 CVE-2011-0081\n\nScoobidiver, Ian Beer Bob Clary, Henri Sivonen, Marco Bonardo,\nMats Palmgren, Jesse Ruderman, Aki Kelin and Martin Barbella\ndiscovered memory corruption bugs, which may lead to the execution\nof arbitrary code.\n\nCVE-2011-0065 CVE-2011-0066 CVE-2011-0073\n\nregenrecht discovered several dangling pointer vulnerabilities,\nwhich may lead to the execution of arbitrary code.\n\nCVE-2011-0067\n\nPaul Stone discovered that Java applets could steal information\nfrom the autocompletion history.\n\nCVE-2011-0071\n\nSoroush Dalili discovered a directory traversal vulnerability in\nhandling resource URIs.\n\nAs indicated in the Lenny (oldstable) release notes, security support for\nthe Icedove packages in the oldstable needed to be stopped before the end\nof the regular Lenny security maintenance life cycle.\nYou are strongly encouraged to upgrade to stable or switch to a different\nmail client.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 3.0.11-1+squeeze2.\n\nFor the unstable distribution (sid), this problem will be fixed soon.\n\nWe recommend that you upgrade your icedove packages.\";\ntag_summary = \"The remote host is missing an update to icedove\nannounced via advisory DSA 2235-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202235-1\";\n\n\nif(description)\n{\n script_id(69731);\n script_version(\"$Revision: 6613 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:08:40 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-03 04:36:20 +0200 (Wed, 03 Aug 2011)\");\n script_cve_id(\"CVE-2011-0065\", \"CVE-2011-0066\", \"CVE-2011-0067\", \"CVE-2011-0069\", \"CVE-2011-0070\", \"CVE-2011-0071\", \"CVE-2011-0072\", \"CVE-2011-0073\", \"CVE-2011-0074\", \"CVE-2011-0075\", \"CVE-2011-0077\", \"CVE-2011-0078\", \"CVE-2011-0080\", \"CVE-2011-0081\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Debian Security Advisory DSA 2235-1 (icedove)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"icedove\", ver:\"3.0.11-1+squeeze2\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-dbg\", ver:\"3.0.11-1+squeeze2\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-dev\", ver:\"3.0.11-1+squeeze2\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-02T10:56:29", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-0077", "CVE-2011-1202", "CVE-2011-0071", "CVE-2011-0080", "CVE-2011-0073", "CVE-2011-0066", "CVE-2011-0065", "CVE-2011-0081", "CVE-2011-0075", "CVE-2011-0074", "CVE-2011-0069", "CVE-2011-0078", "CVE-2011-0070", "CVE-2011-0067", "CVE-2011-0072"], "description": "Check for the Version of firefox", "modified": "2018-01-02T00:00:00", "published": "2012-07-30T00:00:00", "id": "OPENVAS:881393", "href": "http://plugins.openvas.org/nasl.php?oid=881393", "type": "openvas", "title": "CentOS Update for firefox CESA-2011:0471 centos4 x86_64", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for firefox CESA-2011:0471 centos4 x86_64\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Mozilla Firefox is an open source web browser. XULRunner provides the XUL\n Runtime environment for Mozilla Firefox.\n\n Several flaws were found in the processing of malformed web content. A web\n page containing malicious content could possibly lead to arbitrary code\n execution with the privileges of the user running Firefox. (CVE-2011-0080,\n CVE-2011-0081)\n \n An arbitrary memory write flaw was found in the way Firefox handled\n out-of-memory conditions. If all memory was consumed when a user visited a\n malicious web page, it could possibly lead to arbitrary code execution\n with the privileges of the user running Firefox. (CVE-2011-0078)\n \n An integer overflow flaw was found in the way Firefox handled the HTML\n frameset tag. A web page with a frameset tag containing large values for\n the "rows" and "cols" attributes could trigger this flaw, possibly leading\n to arbitrary code execution with the privileges of the user running\n Firefox. (CVE-2011-0077)\n \n A flaw was found in the way Firefox handled the HTML iframe tag. A web page\n with an iframe tag containing a specially-crafted source address could\n trigger this flaw, possibly leading to arbitrary code execution with the\n privileges of the user running Firefox. (CVE-2011-0075)\n \n A flaw was found in the way Firefox displayed multiple marquee elements. A\n malformed HTML document could cause Firefox to execute arbitrary code with\n the privileges of the user running Firefox. (CVE-2011-0074)\n \n A flaw was found in the way Firefox handled the nsTreeSelection element.\n Malformed content could cause Firefox to execute arbitrary code with the\n privileges of the user running Firefox. (CVE-2011-0073)\n \n A use-after-free flaw was found in the way Firefox appended frame and\n iframe elements to a DOM tree when the NoScript add-on was enabled.\n Malicious HTML content could cause Firefox to execute arbitrary code with\n the privileges of the user running Firefox. (CVE-2011-0072)\n \n A directory traversal flaw was found in the Firefox resource:// protocol\n handler. Malicious content could cause Firefox to access arbitrary files\n accessible to the user running Firefox. (CVE-2011-0071)\n \n A double free flaw was found in the way Firefox handled\n "application/http-index-format" documents. A malformed HTTP response could\n cause Firefox to execute arbitrary code with the privileges of the user\n running Firefox. (CVE-2011-0070)\n \n A flaw was found in the way Firefox handled certain JavaScript cross-domain\n requests. If malicious content generated a large number of cross-domain\n JavaScript reque ... \n\n Description truncated, for more information please check the Reference URL\";\n\ntag_affected = \"firefox on CentOS 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2011-April/017471.html\");\n script_id(881393);\n script_version(\"$Revision: 8267 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-02 07:29:17 +0100 (Tue, 02 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 17:41:20 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2011-0065\", \"CVE-2011-0066\", \"CVE-2011-0067\", \"CVE-2011-0069\",\n \"CVE-2011-0070\", \"CVE-2011-0071\", \"CVE-2011-0072\", \"CVE-2011-0073\",\n \"CVE-2011-0074\", \"CVE-2011-0075\", \"CVE-2011-0077\", \"CVE-2011-0078\",\n \"CVE-2011-0080\", \"CVE-2011-0081\", \"CVE-2011-1202\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2011:0471\");\n script_name(\"CentOS Update for firefox CESA-2011:0471 centos4 x86_64\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of firefox\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~3.6.17~2.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:39:54", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-0077", "CVE-2011-1202", "CVE-2011-0071", "CVE-2011-0080", "CVE-2011-0073", "CVE-2011-0066", "CVE-2011-0065", "CVE-2011-0081", "CVE-2011-0075", "CVE-2011-0074", "CVE-2011-0069", "CVE-2011-0078", "CVE-2011-0070", "CVE-2011-0067", "CVE-2011-0072"], "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1112-1", "modified": "2019-03-13T00:00:00", "published": "2011-05-10T00:00:00", "id": "OPENVAS:1361412562310840640", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840640", "type": "openvas", "title": "Ubuntu Update for firefox USN-1112-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1112_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for firefox USN-1112-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1112-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.840640\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-05-10 14:04:15 +0200 (Tue, 10 May 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"USN\", value:\"1112-1\");\n script_cve_id(\"CVE-2011-0081\", \"CVE-2011-0069\", \"CVE-2011-0070\", \"CVE-2011-0080\", \"CVE-2011-0074\", \"CVE-2011-0075\", \"CVE-2011-0077\", \"CVE-2011-0078\", \"CVE-2011-0072\", \"CVE-2011-0065\", \"CVE-2011-0066\", \"CVE-2011-0073\", \"CVE-2011-0067\", \"CVE-2011-0071\", \"CVE-2011-1202\");\n script_name(\"Ubuntu Update for firefox USN-1112-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(10\\.04 LTS|9\\.10|10\\.10|8\\.04 LTS)\");\n script_tag(name:\"summary\", value:\"Ubuntu Update for Linux kernel vulnerabilities USN-1112-1\");\n script_tag(name:\"affected\", value:\"firefox on Ubuntu 10.10,\n Ubuntu 10.04 LTS,\n Ubuntu 9.10,\n Ubuntu 8.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"It was discovered that there was a vulnerability in the memory handling of\n certain types of content. An attacker could exploit this to possibly run\n arbitrary code as the user running Firefox. (CVE-2011-0081)\n\n It was discovered that Firefox incorrectly handled certain JavaScript\n requests. An attacker could exploit this to possibly run arbitrary code as\n the user running Firefox. (CVE-2011-0069)\n\n Ian Beer discovered a vulnerability in the memory handling of a certain\n types of documents. An attacker could exploit this to possibly run\n arbitrary code as the user running Firefox. (CVE-2011-0070)\n\n Bob Clary, Henri Sivonen, Marco Bonardo, Mats Palmgren and Jesse Ruderman\n discovered several memory vulnerabilities. An attacker could exploit these\n to possibly run arbitrary code as the user running Firefox. (CVE-2011-0080)\n\n Aki Helin discovered multiple vulnerabilities in the HTML rendering code.\n An attacker could exploit these to possibly run arbitrary code as the user\n running Firefox. (CVE-2011-0074, CVE-2011-0075)\n\n Ian Beer discovered multiple overflow vulnerabilities. An attacker could\n exploit these to possibly run arbitrary code as the user running Firefox.\n (CVE-2011-0077, CVE-2011-0078)\n\n Martin Barbella discovered a memory vulnerability in the handling of\n certain DOM elements. An attacker could exploit this to possibly run\n arbitrary code as the user running Firefox. (CVE-2011-0072)\n\n It was discovered that there were use-after-free vulnerabilities in\n Firefox's mChannel and mObserverList objects. An attacker could exploit\n these to possibly run arbitrary code as the user running Firefox.\n (CVE-2011-0065, CVE-2011-0066)\n\n It was discovered that there was a vulnerability in the handling of the\n nsTreeSelection element. An attacker serving malicious content could\n exploit this to possibly run arbitrary code as the user running Firefox.\n (CVE-2011-0073)\n\n Paul Stone discovered a vulnerability in the handling of Java applets. An\n attacker could use this to mimic interaction with form autocomplete\n controls and steal entries from the form history. (CVE-2011-0067)\n\n Soroush Dalili discovered a vulnerability in the resource: protocol. This\n could potentially allow an attacker to load arbitrary files that were\n accessible to the user running Firefox. (CVE-2011-0071)\n\n Chris Evans discovered a vulnerability in Firefox's XSLT generate-id()\n function. An attacker could possibly use this vulnerability to make other\n attacks more reliable. (CVE-2011-1202)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"firefox\", ver:\"3.6.17+build3+nobinonly-0ubuntu0.10.04.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"xulrunner-1.9.2\", ver:\"1.9.2.17+build3+nobinonly-0ubuntu0.10.04.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU9.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"firefox\", ver:\"3.6.17+build3+nobinonly-0ubuntu0.9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"xulrunner-1.9.2\", ver:\"1.9.2.17+build3+nobinonly-0ubuntu0.9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"firefox\", ver:\"3.6.17+build3+nobinonly-0ubuntu0.10.10.1\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"xulrunner-1.9.2\", ver:\"1.9.2.17+build3+nobinonly-0ubuntu0.10.10.1\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU8.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"firefox\", ver:\"3.6.17+build3+nobinonly-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"xulrunner-1.9.2\", ver:\"1.9.2.17+build3+nobinonly-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2021-01-01T05:56:47", "description": "Mozilla SeaMonkey was updated to the 2.0.14 security release.\n\nMFSA 2011-12: Mozilla developers identified and fixed several memory\nsafety bugs in the browser engine used in Firefox and other\nMozilla-based products. Some of these bugs showed evidence of memory\ncorruption under certain circumstances, and we presume that with\nenough effort at least some of these could be exploited to run\narbitrary code. Credits\n\nMozilla developer Scoobidiver reported a memory safety issue which\naffected Firefox 4 and Firefox 3.6 (CVE-2011-0081)\n\nThe web development team of Alcidion reported a crash that affected\nFirefox 4, Firefox 3.6 and Firefox 3.5. (CVE-2011-0069)\n\nIan Beer reported a crash that affected Firefox 4, Firefox 3.6 and\nFirefox 3.5. (CVE-2011-0070)\n\nMozilla developers Bob Clary, Henri Sivonen, Marco Bonardo, Mats\nPalmgren and Jesse Ruderman reported memory safety issues which\naffected Firefox 3.6 and Firefox 3.5. (CVE-2011-0080)\n\nAki Helin reported memory safety issues which affected Firefox 3.6 and\nFirefox 3.5. (CVE-2011-0074 , CVE-2011-0075)\n\nIan Beer reported memory safety issues which affected Firefox 3.6 and\nFirefox 3.5. (CVE-2011-0077 , CVE-2011-0078)\n\nMartin Barbella reported a memory safety issue which affected Firefox\n3.6 and Firefox 3.5. (CVE-2011-0072)\n\nMFSA 2011-13 / CVE-2011-0065 / CVE-2011-0066 / CVE-2011-0073: Security\nresearcher regenrecht reported several dangling pointer\nvulnerabilities via TippingPoint's Zero Day Initiative.\n\nMFSA 2011-14 / CVE-2011-0067: Security researcher Paul Stone reported\nthat a Java applet could be used to mimic interaction with form\nautocomplete controls and steal entries from the form history.", "edition": 23, "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : seamonkey (seamonkey-4462)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-0077", "CVE-2011-0080", "CVE-2011-0073", "CVE-2011-0066", "CVE-2011-0065", "CVE-2011-0081", "CVE-2011-0075", "CVE-2011-0074", "CVE-2011-0069", "CVE-2011-0078", "CVE-2011-0070", "CVE-2011-0067", "CVE-2011-0072"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:seamonkey-debugsource", "p-cpe:/a:novell:opensuse:seamonkey-debuginfo", "p-cpe:/a:novell:opensuse:seamonkey-dom-inspector", "cpe:/o:novell:opensuse:11.4", "p-cpe:/a:novell:opensuse:seamonkey-translations-other", "p-cpe:/a:novell:opensuse:seamonkey-venkman", "p-cpe:/a:novell:opensuse:seamonkey-translations-common", "p-cpe:/a:novell:opensuse:seamonkey-irc", "p-cpe:/a:novell:opensuse:seamonkey"], "id": "SUSE_11_4_SEAMONKEY-110429.NASL", "href": "https://www.tenable.com/plugins/nessus/76019", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update seamonkey-4462.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(76019);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2019/10/25 13:36:42\");\n\n script_cve_id(\"CVE-2011-0065\", \"CVE-2011-0066\", \"CVE-2011-0067\", \"CVE-2011-0069\", \"CVE-2011-0070\", \"CVE-2011-0072\", \"CVE-2011-0073\", \"CVE-2011-0074\", \"CVE-2011-0075\", \"CVE-2011-0077\", \"CVE-2011-0078\", \"CVE-2011-0080\", \"CVE-2011-0081\");\n\n script_name(english:\"openSUSE Security Update : seamonkey (seamonkey-4462)\");\n script_summary(english:\"Check for the seamonkey-4462 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Mozilla SeaMonkey was updated to the 2.0.14 security release.\n\nMFSA 2011-12: Mozilla developers identified and fixed several memory\nsafety bugs in the browser engine used in Firefox and other\nMozilla-based products. Some of these bugs showed evidence of memory\ncorruption under certain circumstances, and we presume that with\nenough effort at least some of these could be exploited to run\narbitrary code. Credits\n\nMozilla developer Scoobidiver reported a memory safety issue which\naffected Firefox 4 and Firefox 3.6 (CVE-2011-0081)\n\nThe web development team of Alcidion reported a crash that affected\nFirefox 4, Firefox 3.6 and Firefox 3.5. (CVE-2011-0069)\n\nIan Beer reported a crash that affected Firefox 4, Firefox 3.6 and\nFirefox 3.5. (CVE-2011-0070)\n\nMozilla developers Bob Clary, Henri Sivonen, Marco Bonardo, Mats\nPalmgren and Jesse Ruderman reported memory safety issues which\naffected Firefox 3.6 and Firefox 3.5. (CVE-2011-0080)\n\nAki Helin reported memory safety issues which affected Firefox 3.6 and\nFirefox 3.5. (CVE-2011-0074 , CVE-2011-0075)\n\nIan Beer reported memory safety issues which affected Firefox 3.6 and\nFirefox 3.5. (CVE-2011-0077 , CVE-2011-0078)\n\nMartin Barbella reported a memory safety issue which affected Firefox\n3.6 and Firefox 3.5. (CVE-2011-0072)\n\nMFSA 2011-13 / CVE-2011-0065 / CVE-2011-0066 / CVE-2011-0073: Security\nresearcher regenrecht reported several dangling pointer\nvulnerabilities via TippingPoint's Zero Day Initiative.\n\nMFSA 2011-14 / CVE-2011-0067: Security researcher Paul Stone reported\nthat a Java applet could be used to mimic interaction with form\nautocomplete controls and steal entries from the form history.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=689281\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected seamonkey packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Mozilla Firefox \"nsTreeRange\" Dangling Pointer Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'White_Phosphorus');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-dom-inspector\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-irc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-venkman\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/04/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2019 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.4)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.4\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.4\", reference:\"seamonkey-2.0.14-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"seamonkey-debuginfo-2.0.14-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"seamonkey-debugsource-2.0.14-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"seamonkey-dom-inspector-2.0.14-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"seamonkey-irc-2.0.14-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"seamonkey-translations-common-2.0.14-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"seamonkey-translations-other-2.0.14-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"seamonkey-venkman-2.0.14-0.2.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"seamonkey\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T14:08:11", "description": "Mozilla SeaMonkey was updated to the 2.0.14 security release.\n\nMFSA 2011-12: Mozilla developers identified and fixed several memory\nsafety bugs in the browser engine used in Firefox and other\nMozilla-based products. Some of these bugs showed evidence of memory\ncorruption under certain circumstances, and we presume that with\nenough effort at least some of these could be exploited to run\narbitrary code. Credits\n\nMozilla developer Scoobidiver reported a memory safety issue which\naffected Firefox 4 and Firefox 3.6 (CVE-2011-0081)\n\nThe web development team of Alcidion reported a crash that affected\nFirefox 4, Firefox 3.6 and Firefox 3.5. (CVE-2011-0069)\n\nIan Beer reported a crash that affected Firefox 4, Firefox 3.6 and\nFirefox 3.5. (CVE-2011-0070)\n\nMozilla developers Bob Clary, Henri Sivonen, Marco Bonardo, Mats\nPalmgren and Jesse Ruderman reported memory safety issues which\naffected Firefox 3.6 and Firefox 3.5. (CVE-2011-0080)\n\nAki Helin reported memory safety issues which affected Firefox 3.6 and\nFirefox 3.5. (CVE-2011-0074 , CVE-2011-0075)\n\nIan Beer reported memory safety issues which affected Firefox 3.6 and\nFirefox 3.5. (CVE-2011-0077 , CVE-2011-0078)\n\nMartin Barbella reported a memory safety issue which affected Firefox\n3.6 and Firefox 3.5. (CVE-2011-0072)\n\nMFSA 2011-13 / CVE-2011-0065 / CVE-2011-0066 / CVE-2011-0073: Security\nresearcher regenrecht reported several dangling pointer\nvulnerabilities via TippingPoint's Zero Day Initiative.\n\nMFSA 2011-14 / CVE-2011-0067: Security researcher Paul Stone reported\nthat a Java applet could be used to mimic interaction with form\nautocomplete controls and steal entries from the form history.", "edition": 24, "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : seamonkey (seamonkey-4462)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-0077", "CVE-2011-0080", "CVE-2011-0073", "CVE-2011-0066", "CVE-2011-0065", "CVE-2011-0081", "CVE-2011-0075", "CVE-2011-0074", "CVE-2011-0069", "CVE-2011-0078", "CVE-2011-0070", "CVE-2011-0067", "CVE-2011-0072"], "modified": "2014-06-13T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:seamonkey-dom-inspector", "p-cpe:/a:novell:opensuse:seamonkey-translations-other", "p-cpe:/a:novell:opensuse:seamonkey-venkman", "p-cpe:/a:novell:opensuse:seamonkey-translations-common", "p-cpe:/a:novell:opensuse:seamonkey-irc", "cpe:/o:novell:opensuse:11.3", "p-cpe:/a:novell:opensuse:seamonkey"], "id": "SUSE_11_3_SEAMONKEY-110429.NASL", "href": "https://www.tenable.com/plugins/nessus/75738", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update seamonkey-4462.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(75738);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-0065\", \"CVE-2011-0066\", \"CVE-2011-0067\", \"CVE-2011-0069\", \"CVE-2011-0070\", \"CVE-2011-0072\", \"CVE-2011-0073\", \"CVE-2011-0074\", \"CVE-2011-0075\", \"CVE-2011-0077\", \"CVE-2011-0078\", \"CVE-2011-0080\", \"CVE-2011-0081\");\n\n script_name(english:\"openSUSE Security Update : seamonkey (seamonkey-4462)\");\n script_summary(english:\"Check for the seamonkey-4462 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Mozilla SeaMonkey was updated to the 2.0.14 security release.\n\nMFSA 2011-12: Mozilla developers identified and fixed several memory\nsafety bugs in the browser engine used in Firefox and other\nMozilla-based products. Some of these bugs showed evidence of memory\ncorruption under certain circumstances, and we presume that with\nenough effort at least some of these could be exploited to run\narbitrary code. Credits\n\nMozilla developer Scoobidiver reported a memory safety issue which\naffected Firefox 4 and Firefox 3.6 (CVE-2011-0081)\n\nThe web development team of Alcidion reported a crash that affected\nFirefox 4, Firefox 3.6 and Firefox 3.5. (CVE-2011-0069)\n\nIan Beer reported a crash that affected Firefox 4, Firefox 3.6 and\nFirefox 3.5. (CVE-2011-0070)\n\nMozilla developers Bob Clary, Henri Sivonen, Marco Bonardo, Mats\nPalmgren and Jesse Ruderman reported memory safety issues which\naffected Firefox 3.6 and Firefox 3.5. (CVE-2011-0080)\n\nAki Helin reported memory safety issues which affected Firefox 3.6 and\nFirefox 3.5. (CVE-2011-0074 , CVE-2011-0075)\n\nIan Beer reported memory safety issues which affected Firefox 3.6 and\nFirefox 3.5. (CVE-2011-0077 , CVE-2011-0078)\n\nMartin Barbella reported a memory safety issue which affected Firefox\n3.6 and Firefox 3.5. (CVE-2011-0072)\n\nMFSA 2011-13 / CVE-2011-0065 / CVE-2011-0066 / CVE-2011-0073: Security\nresearcher regenrecht reported several dangling pointer\nvulnerabilities via TippingPoint's Zero Day Initiative.\n\nMFSA 2011-14 / CVE-2011-0067: Security researcher Paul Stone reported\nthat a Java applet could be used to mimic interaction with form\nautocomplete controls and steal entries from the form history.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=689281\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected seamonkey packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Mozilla Firefox \"nsTreeRange\" Dangling Pointer Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'White_Phosphorus');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-dom-inspector\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-irc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-venkman\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/04/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.3\", reference:\"seamonkey-2.0.14-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"seamonkey-dom-inspector-2.0.14-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"seamonkey-irc-2.0.14-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"seamonkey-translations-common-2.0.14-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"seamonkey-translations-other-2.0.14-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"seamonkey-venkman-2.0.14-0.2.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"seamonkey\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T14:06:40", "description": "Mozilla SeaMonkey was updated to the 2.0.14 security release.\n\nMFSA 2011-12: Mozilla developers identified and fixed several memory\nsafety bugs in the browser engine used in Firefox and other\nMozilla-based products. Some of these bugs showed evidence of memory\ncorruption under certain circumstances, and we presume that with\nenough effort at least some of these could be exploited to run\narbitrary code. Credits\n\nMozilla developer Scoobidiver reported a memory safety issue which\naffected Firefox 4 and Firefox 3.6 (CVE-2011-0081)\n\nThe web development team of Alcidion reported a crash that affected\nFirefox 4, Firefox 3.6 and Firefox 3.5. (CVE-2011-0069)\n\nIan Beer reported a crash that affected Firefox 4, Firefox 3.6 and\nFirefox 3.5. (CVE-2011-0070)\n\nMozilla developers Bob Clary, Henri Sivonen, Marco Bonardo, Mats\nPalmgren and Jesse Ruderman reported memory safety issues which\naffected Firefox 3.6 and Firefox 3.5. (CVE-2011-0080)\n\nAki Helin reported memory safety issues which affected Firefox 3.6 and\nFirefox 3.5. (CVE-2011-0074 , CVE-2011-0075)\n\nIan Beer reported memory safety issues which affected Firefox 3.6 and\nFirefox 3.5. (CVE-2011-0077 , CVE-2011-0078)\n\nMartin Barbella reported a memory safety issue which affected Firefox\n3.6 and Firefox 3.5. (CVE-2011-0072)\n\nMFSA 2011-13 / CVE-2011-0065 / CVE-2011-0066 / CVE-2011-0073: Security\nresearcher regenrecht reported several dangling pointer\nvulnerabilities via TippingPoint's Zero Day Initiative.\n\nMFSA 2011-14 / CVE-2011-0067: Security researcher Paul Stone reported\nthat a Java applet could be used to mimic interaction with form\nautocomplete controls and steal entries from the form history.", "edition": 24, "published": "2011-05-05T00:00:00", "title": "openSUSE Security Update : seamonkey (seamonkey-4462)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-0077", "CVE-2011-0080", "CVE-2011-0073", "CVE-2011-0066", "CVE-2011-0065", "CVE-2011-0081", "CVE-2011-0075", "CVE-2011-0074", "CVE-2011-0069", "CVE-2011-0078", "CVE-2011-0070", "CVE-2011-0067", "CVE-2011-0072"], "modified": "2011-05-05T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:seamonkey-dom-inspector", "cpe:/o:novell:opensuse:11.2", "p-cpe:/a:novell:opensuse:seamonkey-venkman", "p-cpe:/a:novell:opensuse:seamonkey-irc", "p-cpe:/a:novell:opensuse:seamonkey"], "id": "SUSE_11_2_SEAMONKEY-110429.NASL", "href": "https://www.tenable.com/plugins/nessus/53800", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update seamonkey-4462.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(53800);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-0065\", \"CVE-2011-0066\", \"CVE-2011-0067\", \"CVE-2011-0069\", \"CVE-2011-0070\", \"CVE-2011-0072\", \"CVE-2011-0073\", \"CVE-2011-0074\", \"CVE-2011-0075\", \"CVE-2011-0077\", \"CVE-2011-0078\", \"CVE-2011-0080\", \"CVE-2011-0081\");\n\n script_name(english:\"openSUSE Security Update : seamonkey (seamonkey-4462)\");\n script_summary(english:\"Check for the seamonkey-4462 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Mozilla SeaMonkey was updated to the 2.0.14 security release.\n\nMFSA 2011-12: Mozilla developers identified and fixed several memory\nsafety bugs in the browser engine used in Firefox and other\nMozilla-based products. Some of these bugs showed evidence of memory\ncorruption under certain circumstances, and we presume that with\nenough effort at least some of these could be exploited to run\narbitrary code. Credits\n\nMozilla developer Scoobidiver reported a memory safety issue which\naffected Firefox 4 and Firefox 3.6 (CVE-2011-0081)\n\nThe web development team of Alcidion reported a crash that affected\nFirefox 4, Firefox 3.6 and Firefox 3.5. (CVE-2011-0069)\n\nIan Beer reported a crash that affected Firefox 4, Firefox 3.6 and\nFirefox 3.5. (CVE-2011-0070)\n\nMozilla developers Bob Clary, Henri Sivonen, Marco Bonardo, Mats\nPalmgren and Jesse Ruderman reported memory safety issues which\naffected Firefox 3.6 and Firefox 3.5. (CVE-2011-0080)\n\nAki Helin reported memory safety issues which affected Firefox 3.6 and\nFirefox 3.5. (CVE-2011-0074 , CVE-2011-0075)\n\nIan Beer reported memory safety issues which affected Firefox 3.6 and\nFirefox 3.5. (CVE-2011-0077 , CVE-2011-0078)\n\nMartin Barbella reported a memory safety issue which affected Firefox\n3.6 and Firefox 3.5. (CVE-2011-0072)\n\nMFSA 2011-13 / CVE-2011-0065 / CVE-2011-0066 / CVE-2011-0073: Security\nresearcher regenrecht reported several dangling pointer\nvulnerabilities via TippingPoint's Zero Day Initiative.\n\nMFSA 2011-14 / CVE-2011-0067: Security researcher Paul Stone reported\nthat a Java applet could be used to mimic interaction with form\nautocomplete controls and steal entries from the form history.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=689281\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected seamonkey packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Mozilla Firefox \"nsTreeRange\" Dangling Pointer Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'White_Phosphorus');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-dom-inspector\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-irc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-venkman\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/04/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/05/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.2\", reference:\"seamonkey-2.0.14-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"seamonkey-dom-inspector-2.0.14-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"seamonkey-irc-2.0.14-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"seamonkey-venkman-2.0.14-0.2.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"seamonkey\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T05:32:02", "description": "The installed version of SeaMonkey is earlier than 2.0.14. Such\nversions are potentially affected by the following security issues :\n\n - Multiple use-after-free errors exist in the handling of\n the object attributes 'mChannel', 'mObserverList' and\n 'nsTreeRange'. (CVE-2011-0065, CVE-2011-0066, \n CVE-2011-0073)\n\n - An error exists in the handling of Java applets that\n could allow sensitive form history data to be accessed.\n (CVE-2011-0067)\n\n - An error in the resource protocol could allow directory\n traversal. (CVE-2011-0071)\n\n - Multiple memory safety issues could lead to application \n crashes and possibly remote code execution.\n (CVE-2011-0069, CVE-2011-0070, CVE-2011-0072, \n CVE-2011-0074, CVE-2011-0075, CVE-2011-0077, \n CVE-2011-0078, CVE-2011-0080)\n\n - An information disclosure vulnerability exists in the\n 'xsltGenerateIdFunction' function in the included\n libxslt library. (CVE-2011-1202)", "edition": 27, "published": "2011-04-29T00:00:00", "title": "SeaMonkey < 2.0.14 Multiple Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-0077", "CVE-2011-1202", "CVE-2011-0071", "CVE-2011-0080", "CVE-2011-0073", "CVE-2011-0066", "CVE-2011-0065", "CVE-2011-0075", "CVE-2011-0074", "CVE-2011-0069", "CVE-2011-0078", "CVE-2011-0070", "CVE-2011-0067", "CVE-2011-0072"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:mozilla:seamonkey"], "id": "SEAMONKEY_2014.NASL", "href": "https://www.tenable.com/plugins/nessus/53597", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(53597);\n script_version(\"1.29\");\n script_cvs_date(\"Date: 2018/11/15 20:50:28\");\n\n script_cve_id(\n \"CVE-2011-0065\",\n \"CVE-2011-0066\",\n \"CVE-2011-0067\",\n \"CVE-2011-0069\",\n \"CVE-2011-0070\",\n \"CVE-2011-0071\",\n \"CVE-2011-0072\",\n \"CVE-2011-0073\",\n \"CVE-2011-0074\",\n \"CVE-2011-0075\",\n \"CVE-2011-0077\",\n \"CVE-2011-0078\",\n \"CVE-2011-0080\",\n \"CVE-2011-1202\"\n );\n script_bugtraq_id(\n 47641,\n 47646,\n 47647,\n 47648,\n 47651,\n 47653,\n 47654,\n 47655,\n 47656,\n 47657,\n 47659,\n 47660,\n 47662,\n 47663,\n 47666,\n 47667,\n 47668\n );\n script_xref(name:\"EDB-ID\", value:\"17419\");\n script_xref(name:\"EDB-ID\", value:\"17520\");\n script_xref(name:\"EDB-ID\", value:\"18377\");\n script_xref(name:\"Secunia\", value:\"44357\");\n\n script_name(english:\"SeaMonkey < 2.0.14 Multiple Vulnerabilities\");\n script_summary(english:\"Checks version of SeaMonkey\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host contains a web browser that is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\",value:\n\"The installed version of SeaMonkey is earlier than 2.0.14. Such\nversions are potentially affected by the following security issues :\n\n - Multiple use-after-free errors exist in the handling of\n the object attributes 'mChannel', 'mObserverList' and\n 'nsTreeRange'. (CVE-2011-0065, CVE-2011-0066, \n CVE-2011-0073)\n\n - An error exists in the handling of Java applets that\n could allow sensitive form history data to be accessed.\n (CVE-2011-0067)\n\n - An error in the resource protocol could allow directory\n traversal. (CVE-2011-0071)\n\n - Multiple memory safety issues could lead to application \n crashes and possibly remote code execution.\n (CVE-2011-0069, CVE-2011-0070, CVE-2011-0072, \n CVE-2011-0074, CVE-2011-0075, CVE-2011-0077, \n CVE-2011-0078, CVE-2011-0080)\n\n - An information disclosure vulnerability exists in the\n 'xsltGenerateIdFunction' function in the included\n libxslt library. (CVE-2011-1202)\");\n\n script_set_attribute(attribute:\"see_also\", value:\"https://www.zerodayinitiative.com/advisories/ZDI-11-157/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.zerodayinitiative.com/advisories/ZDI-11-158/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.zerodayinitiative.com/advisories/ZDI-11-159/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2011-12/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2011-13/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2011-14/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2011-16/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2011-18/\");\n # http://www.mozilla.org/security/known-vulnerabilities/seamonkey20.html#seamonkey2.0.14\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?340fe7b3\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to SeaMonkey 2.0.14 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Mozilla Firefox \"nsTreeRange\" Dangling Pointer Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'White_Phosphorus');\nscript_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/04/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/04/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/04/29\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:seamonkey\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.\");\n script_dependencies(\"mozilla_org_installed.nasl\");\n script_require_keys(\"SeaMonkey/Version\");\n exit(0);\n}\n\ninclude(\"mozilla_version.inc\");\nport = get_kb_item(\"SMB/transport\");\nif (!port) port = 445;\n\ninstalls = get_kb_list(\"SMB/SeaMonkey/*\");\nif (isnull(installs)) audit(AUDIT_NOT_INST, \"SeaMonkey\");\n\nmozilla_check_version(installs:installs, product:'seamonkey', fix:'2.0.14', severity:SECURITY_HOLE);", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T06:01:04", "description": "Mozilla XULRunner 1.9.1 was updated to the 1.9.1.19 security release.\n\n - Mozilla developers identified and fixed several memory\n safety bugs in the browser engine used in Firefox and\n other Mozilla-based products. Some of these bugs showed\n evidence of memory corruption under certain\n circumstances, and we presume that with enough effort at\n least some of these could be exploited to run arbitrary\n code. Credits. (MFSA 2011-12)\n\n - Mozilla developer Scoobidiver reported a memory safety\n issue which affected Firefox 4 and Firefox 3.6\n (CVE-2011-0081) The web development team of Alcidion\n reported a crash that affected Firefox 4, Firefox 3.6\n and Firefox 3.5. (CVE-2011-0069)\n\n Ian Beer reported a crash that affected Firefox 4,\n Firefox 3.6 and Firefox 3.5. (CVE-2011-0070)\n\n Mozilla developers Bob Clary, Henri Sivonen, Marco\n Bonardo, Mats Palmgren and Jesse Ruderman reported\n memory safety issues which affected Firefox 3.6 and\n Firefox 3.5. (CVE-2011-0080)\n\n Aki Helin reported memory safety issues which affected\n Firefox 3.6 and Firefox 3.5. (CVE-2011-0074 /\n CVE-2011-0075)\n\n Ian Beer reported memory safety issues which affected\n Firefox 3.6 and Firefox 3.5. (CVE-2011-0077 /\n CVE-2011-0078)\n\n Martin Barbella reported a memory safety issue which\n affected Firefox 3.6 and Firefox 3.5. (CVE-2011-0072)\n\n - Security researcher regenrecht reported several dangling\n pointer vulnerabilities via TippingPoint's Zero Day\n Initiative. (MFSA 2011-13 / CVE-2011-0065 /\n CVE-2011-0066 / CVE-2011-0073)\n\n - Security researcher Paul Stone reported that a Java\n applet could be used to mimic interaction with form\n autocomplete controls and steal entries from the form\n history. (MFSA 2011-14 / CVE-2011-0067)\n\n - Chris Evans of the Chrome Security Team reported that\n the XSLT generate-id() function returned a string that\n revealed a specific valid address of an object on the\n memory heap. It is possible that in some cases this\n address would be valuable information that could be used\n by an attacker while exploiting a different memory\n corruption but, in order to make an exploit more\n reliable or work around mitigation features in the\n browser or operating system. (MFSA 2011-18 /\n CVE-2011-1202)", "edition": 23, "published": "2011-05-05T00:00:00", "title": "SuSE 11.1 Security Update : Mozilla-XULrunner (SAT Patch Number 4461)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-0077", "CVE-2011-1202", "CVE-2011-0080", "CVE-2011-0073", "CVE-2011-0066", "CVE-2011-0065", "CVE-2011-0081", "CVE-2011-0075", "CVE-2011-0074", "CVE-2011-0069", "CVE-2011-0078", "CVE-2011-0070", "CVE-2011-0067", "CVE-2011-0072"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191", "p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191-32bit", "p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191-gnomevfs-32bit", "cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191-translations-32bit", "p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191-translations", "p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191-gnomevfs"], "id": "SUSE_11_MOZILLA-XULRUNNER191-110429.NASL", "href": "https://www.tenable.com/plugins/nessus/53648", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(53648);\n script_version(\"1.16\");\n script_cvs_date(\"Date: 2019/10/25 13:36:43\");\n\n script_cve_id(\"CVE-2011-0065\", \"CVE-2011-0066\", \"CVE-2011-0067\", \"CVE-2011-0069\", \"CVE-2011-0070\", \"CVE-2011-0072\", \"CVE-2011-0073\", \"CVE-2011-0074\", \"CVE-2011-0075\", \"CVE-2011-0077\", \"CVE-2011-0078\", \"CVE-2011-0080\", \"CVE-2011-0081\", \"CVE-2011-1202\");\n\n script_name(english:\"SuSE 11.1 Security Update : Mozilla-XULrunner (SAT Patch Number 4461)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Mozilla XULRunner 1.9.1 was updated to the 1.9.1.19 security release.\n\n - Mozilla developers identified and fixed several memory\n safety bugs in the browser engine used in Firefox and\n other Mozilla-based products. Some of these bugs showed\n evidence of memory corruption under certain\n circumstances, and we presume that with enough effort at\n least some of these could be exploited to run arbitrary\n code. Credits. (MFSA 2011-12)\n\n - Mozilla developer Scoobidiver reported a memory safety\n issue which affected Firefox 4 and Firefox 3.6\n (CVE-2011-0081) The web development team of Alcidion\n reported a crash that affected Firefox 4, Firefox 3.6\n and Firefox 3.5. (CVE-2011-0069)\n\n Ian Beer reported a crash that affected Firefox 4,\n Firefox 3.6 and Firefox 3.5. (CVE-2011-0070)\n\n Mozilla developers Bob Clary, Henri Sivonen, Marco\n Bonardo, Mats Palmgren and Jesse Ruderman reported\n memory safety issues which affected Firefox 3.6 and\n Firefox 3.5. (CVE-2011-0080)\n\n Aki Helin reported memory safety issues which affected\n Firefox 3.6 and Firefox 3.5. (CVE-2011-0074 /\n CVE-2011-0075)\n\n Ian Beer reported memory safety issues which affected\n Firefox 3.6 and Firefox 3.5. (CVE-2011-0077 /\n CVE-2011-0078)\n\n Martin Barbella reported a memory safety issue which\n affected Firefox 3.6 and Firefox 3.5. (CVE-2011-0072)\n\n - Security researcher regenrecht reported several dangling\n pointer vulnerabilities via TippingPoint's Zero Day\n Initiative. (MFSA 2011-13 / CVE-2011-0065 /\n CVE-2011-0066 / CVE-2011-0073)\n\n - Security researcher Paul Stone reported that a Java\n applet could be used to mimic interaction with form\n autocomplete controls and steal entries from the form\n history. (MFSA 2011-14 / CVE-2011-0067)\n\n - Chris Evans of the Chrome Security Team reported that\n the XSLT generate-id() function returned a string that\n revealed a specific valid address of an object on the\n memory heap. It is possible that in some cases this\n address would be valuable information that could be used\n by an attacker while exploiting a different memory\n corruption but, in order to make an exploit more\n reliable or work around mitigation features in the\n browser or operating system. (MFSA 2011-18 /\n CVE-2011-1202)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2011/mfsa2011-12.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2011/mfsa2011-13.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2011/mfsa2011-14.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2011/mfsa2011-18.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=689281\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-0065.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-0066.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-0067.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-0069.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-0070.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-0072.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-0073.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-0074.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-0075.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-0077.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-0078.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-0080.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-0081.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1202.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 4461.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Mozilla Firefox \"nsTreeRange\" Dangling Pointer Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'White_Phosphorus');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191-gnomevfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191-gnomevfs-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191-translations\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191-translations-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/04/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/05/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2019 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 1) audit(AUDIT_OS_NOT, \"SuSE 11.1\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"mozilla-xulrunner191-1.9.1.19-0.2.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"mozilla-xulrunner191-gnomevfs-1.9.1.19-0.2.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"mozilla-xulrunner191-translations-1.9.1.19-0.2.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-1.9.1.19-0.2.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-32bit-1.9.1.19-0.2.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-gnomevfs-1.9.1.19-0.2.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-gnomevfs-32bit-1.9.1.19-0.2.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-translations-1.9.1.19-0.2.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-translations-32bit-1.9.1.19-0.2.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"mozilla-xulrunner191-1.9.1.19-0.2.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"mozilla-xulrunner191-gnomevfs-1.9.1.19-0.2.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"mozilla-xulrunner191-translations-1.9.1.19-0.2.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"s390x\", reference:\"mozilla-xulrunner191-32bit-1.9.1.19-0.2.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-32bit-1.9.1.19-0.2.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T06:32:48", "description": "Mozilla XULRunner 1.9.1 was updated to the 1.9.1.19 security release.\n\n - Mozilla developers identified and fixed several memory\n safety bugs in the browser engine used in Firefox and\n other Mozilla-based products. Some of these bugs showed\n evidence of memory corruption under certain\n circumstances, and we presume that with enough effort at\n least some of these could be exploited to run arbitrary\n code. Credits. (MFSA 2011-12)\n\n Mozilla developer Scoobidiver reported a memory safety\n issue which affected Firefox 4 and Firefox 3.6.\n (CVE-2011-0081)\n\n The web development team of Alcidion reported a crash\n that affected Firefox 4, Firefox 3.6 and Firefox 3.5.\n (CVE-2011-0069)\n\n Ian Beer reported a crash that affected Firefox 4,\n Firefox 3.6 and Firefox 3.5. (CVE-2011-0070)\n\n Mozilla developers Bob Clary, Henri Sivonen, Marco\n Bonardo, Mats Palmgren and Jesse Ruderman reported\n memory safety issues which affected Firefox 3.6 and\n Firefox 3.5. (CVE-2011-0080)\n\n Aki Helin reported memory safety issues which affected\n Firefox 3.6 and Firefox 3.5. (CVE-2011-0074 /\n CVE-2011-0075)\n\n Ian Beer reported memory safety issues which affected\n Firefox 3.6 and Firefox 3.5. (CVE-2011-0077 /\n CVE-2011-0078)\n\n Martin Barbella reported a memory safety issue which\n affected Firefox 3.6 and Firefox 3.5. (CVE-2011-0072)\n\n - Security researcher regenrecht reported several dangling\n pointer vulnerabilities via TippingPoint's Zero Day\n Initiative. (MFSA 2011-13 / CVE-2011-0065 /\n CVE-2011-0066 / CVE-2011-0073)\n\n - Security researcher Paul Stone reported that a Java\n applet could be used to mimic interaction with form\n autocomplete controls and steal entries from the form\n history. (MFSA 2011-14 / CVE-2011-0067)\n\n - Chris Evans of the Chrome Security Team reported that\n the XSLT generate-id() function returned a string that\n revealed a specific valid address of an object on the\n memory heap. It is possible that in some cases this\n address would be valuable information that could be used\n by an attacker while exploiting a different memory\n corruption but, in order to make an exploit more\n reliable or work around mitigation features in the\n browser or operating system. (MFSA 2011-18 /\n CVE-2011-1202)", "edition": 23, "published": "2011-12-13T00:00:00", "title": "SuSE 10 Security Update : Mozilla XULrunner (ZYPP Patch Number 7492)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-0077", "CVE-2011-1202", "CVE-2011-0080", "CVE-2011-0073", "CVE-2011-0066", "CVE-2011-0065", "CVE-2011-0081", "CVE-2011-0075", "CVE-2011-0074", "CVE-2011-0069", "CVE-2011-0078", "CVE-2011-0070", "CVE-2011-0067", "CVE-2011-0072"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_MOZILLA-XULRUNNER191-7492.NASL", "href": "https://www.tenable.com/plugins/nessus/57228", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(57228);\n script_version (\"1.12\");\n script_cvs_date(\"Date: 2019/10/25 13:36:43\");\n\n script_cve_id(\"CVE-2011-0065\", \"CVE-2011-0066\", \"CVE-2011-0067\", \"CVE-2011-0069\", \"CVE-2011-0070\", \"CVE-2011-0072\", \"CVE-2011-0073\", \"CVE-2011-0074\", \"CVE-2011-0075\", \"CVE-2011-0077\", \"CVE-2011-0078\", \"CVE-2011-0080\", \"CVE-2011-0081\", \"CVE-2011-1202\");\n\n script_name(english:\"SuSE 10 Security Update : Mozilla XULrunner (ZYPP Patch Number 7492)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Mozilla XULRunner 1.9.1 was updated to the 1.9.1.19 security release.\n\n - Mozilla developers identified and fixed several memory\n safety bugs in the browser engine used in Firefox and\n other Mozilla-based products. Some of these bugs showed\n evidence of memory corruption under certain\n circumstances, and we presume that with enough effort at\n least some of these could be exploited to run arbitrary\n code. Credits. (MFSA 2011-12)\n\n Mozilla developer Scoobidiver reported a memory safety\n issue which affected Firefox 4 and Firefox 3.6.\n (CVE-2011-0081)\n\n The web development team of Alcidion reported a crash\n that affected Firefox 4, Firefox 3.6 and Firefox 3.5.\n (CVE-2011-0069)\n\n Ian Beer reported a crash that affected Firefox 4,\n Firefox 3.6 and Firefox 3.5. (CVE-2011-0070)\n\n Mozilla developers Bob Clary, Henri Sivonen, Marco\n Bonardo, Mats Palmgren and Jesse Ruderman reported\n memory safety issues which affected Firefox 3.6 and\n Firefox 3.5. (CVE-2011-0080)\n\n Aki Helin reported memory safety issues which affected\n Firefox 3.6 and Firefox 3.5. (CVE-2011-0074 /\n CVE-2011-0075)\n\n Ian Beer reported memory safety issues which affected\n Firefox 3.6 and Firefox 3.5. (CVE-2011-0077 /\n CVE-2011-0078)\n\n Martin Barbella reported a memory safety issue which\n affected Firefox 3.6 and Firefox 3.5. (CVE-2011-0072)\n\n - Security researcher regenrecht reported several dangling\n pointer vulnerabilities via TippingPoint's Zero Day\n Initiative. (MFSA 2011-13 / CVE-2011-0065 /\n CVE-2011-0066 / CVE-2011-0073)\n\n - Security researcher Paul Stone reported that a Java\n applet could be used to mimic interaction with form\n autocomplete controls and steal entries from the form\n history. (MFSA 2011-14 / CVE-2011-0067)\n\n - Chris Evans of the Chrome Security Team reported that\n the XSLT generate-id() function returned a string that\n revealed a specific valid address of an object on the\n memory heap. It is possible that in some cases this\n address would be valuable information that could be used\n by an attacker while exploiting a different memory\n corruption but, in order to make an exploit more\n reliable or work around mitigation features in the\n browser or operating system. (MFSA 2011-18 /\n CVE-2011-1202)\"\n );\n # http://www.mozilla.org/security/announce/2011/mfsa2011-12.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2011-12/\"\n );\n # http://www.mozilla.org/security/announce/2011/mfsa2011-13.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2011-13/\"\n );\n # http://www.mozilla.org/security/announce/2011/mfsa2011-14.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2011-14/\"\n );\n # http://www.mozilla.org/security/announce/2011/mfsa2011-18.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2011-18/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-0065.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-0066.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-0067.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-0069.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-0070.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-0072.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-0073.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-0074.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-0075.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-0077.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-0078.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-0080.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-0081.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1202.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 7492.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Mozilla Firefox \"nsTreeRange\" Dangling Pointer Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'White_Phosphorus');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/03/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/04/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/12/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"mozilla-xulrunner191-1.9.1.19-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"mozilla-xulrunner191-gnomevfs-1.9.1.19-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"mozilla-xulrunner191-translations-1.9.1.19-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-32bit-1.9.1.19-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-gnomevfs-32bit-1.9.1.19-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-translations-32bit-1.9.1.19-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"mozilla-xulrunner191-1.9.1.19-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"mozilla-xulrunner191-gnomevfs-1.9.1.19-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"mozilla-xulrunner191-translations-1.9.1.19-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-32bit-1.9.1.19-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-gnomevfs-32bit-1.9.1.19-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-translations-32bit-1.9.1.19-0.5.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T03:49:20", "description": "The installed version of Firefox is earlier than 3.5.19. Such\nversions are potentially affected by the following security issues :\n\n - Multiple use-after-free errors exist in the handling of\n the object attributes 'mChannel', 'mObserverList' and\n 'nsTreeRange'. (CVE-2011-0065, CVE-2011-0066, \n CVE-2011-0073)\n\n - An error exists in the handling of Java applets that\n can allow sensitive form history data to be accessed.\n (CVE-2011-0067)\n\n - An error in the resource protocol can allow a directory\n traversal attack. (CVE-2011-0071)\n\n - Multiple memory safety issues can lead to application \n crashes and possibly remote code execution.\n (CVE-2011-0069, CVE-2011-0070, CVE-2011-0072, \n CVE-2011-0074, CVE-2011-0075, CVE-2011-0077, \n CVE-2011-0078, CVE-2011-0080)\n\n - An information disclosure vulnerability exists in the\n 'xsltGenerateIdFunction' function in the included\n libxslt library. (CVE-2011-1202)", "edition": 27, "published": "2011-04-29T00:00:00", "title": "Firefox < 3.5.19 Multiple Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-0077", "CVE-2011-1202", "CVE-2011-0071", "CVE-2011-0080", "CVE-2011-0073", "CVE-2011-0066", "CVE-2011-0065", "CVE-2011-0075", "CVE-2011-0074", "CVE-2011-0069", "CVE-2011-0078", "CVE-2011-0070", "CVE-2011-0067", "CVE-2011-0072"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:mozilla:firefox"], "id": "MOZILLA_FIREFOX_3519.NASL", "href": "https://www.tenable.com/plugins/nessus/53593", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(53593);\n script_version(\"1.31\");\n script_cvs_date(\"Date: 2018/11/15 20:50:27\");\n\n script_cve_id(\n \"CVE-2011-0065\",\n \"CVE-2011-0066\",\n \"CVE-2011-0067\",\n \"CVE-2011-0069\",\n \"CVE-2011-0070\",\n \"CVE-2011-0071\",\n \"CVE-2011-0072\",\n \"CVE-2011-0073\",\n \"CVE-2011-0074\",\n \"CVE-2011-0075\",\n \"CVE-2011-0077\",\n \"CVE-2011-0078\",\n \"CVE-2011-0080\",\n \"CVE-2011-1202\"\n );\n script_bugtraq_id(\n 47641,\n 47646,\n 47647,\n 47648,\n 47651,\n 47653,\n 47654,\n 47655,\n 47656,\n 47657,\n 47659,\n 47660,\n 47662,\n 47663,\n 47666,\n 47667,\n 47668\n );\n script_xref(name:\"EDB-ID\", value:\"17419\");\n script_xref(name:\"EDB-ID\", value:\"17520\");\n script_xref(name:\"EDB-ID\", value:\"17612\");\n script_xref(name:\"EDB-ID\", value:\"17650\");\n script_xref(name:\"EDB-ID\", value:\"17672\");\n script_xref(name:\"EDB-ID\", value:\"18377\");\n script_xref(name:\"Secunia\", value:\"44357\");\n\n script_name(english:\"Firefox < 3.5.19 Multiple Vulnerabilities\");\n script_summary(english:\"Checks version of Firefox\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host contains a web browser that is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The installed version of Firefox is earlier than 3.5.19. Such\nversions are potentially affected by the following security issues :\n\n - Multiple use-after-free errors exist in the handling of\n the object attributes 'mChannel', 'mObserverList' and\n 'nsTreeRange'. (CVE-2011-0065, CVE-2011-0066, \n CVE-2011-0073)\n\n - An error exists in the handling of Java applets that\n can allow sensitive form history data to be accessed.\n (CVE-2011-0067)\n\n - An error in the resource protocol can allow a directory\n traversal attack. (CVE-2011-0071)\n\n - Multiple memory safety issues can lead to application \n crashes and possibly remote code execution.\n (CVE-2011-0069, CVE-2011-0070, CVE-2011-0072, \n CVE-2011-0074, CVE-2011-0075, CVE-2011-0077, \n CVE-2011-0078, CVE-2011-0080)\n\n - An information disclosure vulnerability exists in the\n 'xsltGenerateIdFunction' function in the included\n libxslt library. (CVE-2011-1202)\");\n\n script_set_attribute(attribute:\"see_also\", value:\"https://www.zerodayinitiative.com/advisories/ZDI-11-157/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.zerodayinitiative.com/advisories/ZDI-11-158/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.zerodayinitiative.com/advisories/ZDI-11-159/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2011-12/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2011-13/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2011-14/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2011-16/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2011-18/\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?82f2fc1c\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Firefox 3.5.19 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Mozilla Firefox \"nsTreeRange\" Dangling Pointer Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'White_Phosphorus');\nscript_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/04/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/04/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/04/29\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:firefox\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.\");\n script_dependencies(\"mozilla_org_installed.nasl\");\n script_require_keys(\"Mozilla/Firefox/Version\");\n exit(0);\n}\n\ninclude(\"mozilla_version.inc\");\nport = get_kb_item_or_exit(\"SMB/transport\"); \n\ninstalls = get_kb_list(\"SMB/Mozilla/Firefox/*\");\nif (isnull(installs)) audit(AUDIT_NOT_INST, \"Firefox\");\n\nmozilla_check_version(installs:installs, product:'firefox', esr:FALSE, fix:'3.5.19', min:'3.5', severity:SECURITY_HOLE);", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T06:32:48", "description": "Mozilla XULRunner 1.9.1 was updated to the 1.9.1.19 security release.\n\n - Mozilla developers identified and fixed several memory\n safety bugs in the browser engine used in Firefox and\n other Mozilla-based products. Some of these bugs showed\n evidence of memory corruption under certain\n circumstances, and we presume that with enough effort at\n least some of these could be exploited to run arbitrary\n code. Credits. (MFSA 2011-12)\n\n - Mozilla developer Scoobidiver reported a memory safety\n issue which affected Firefox 4 and Firefox 3.6.\n (CVE-2011-0081)\n\n The web development team of Alcidion reported a crash\n that affected Firefox 4, Firefox 3.6 and Firefox 3.5.\n (CVE-2011-0069)\n\n Ian Beer reported a crash that affected Firefox 4,\n Firefox 3.6 and Firefox 3.5. (CVE-2011-0070)\n\n Mozilla developers Bob Clary, Henri Sivonen, Marco\n Bonardo, Mats Palmgren and Jesse Ruderman reported\n memory safety issues which affected Firefox 3.6 and\n Firefox 3.5. (CVE-2011-0080)\n\n Aki Helin reported memory safety issues which affected\n Firefox 3.6 and Firefox 3.5. (CVE-2011-0074 /\n CVE-2011-0075)\n\n Ian Beer reported memory safety issues which affected\n Firefox 3.6 and Firefox 3.5. (CVE-2011-0077 /\n CVE-2011-0078)\n\n Martin Barbella reported a memory safety issue which\n affected Firefox 3.6 and Firefox 3.5. (CVE-2011-0072)\n\n - Security researcher regenrecht reported several dangling\n pointer vulnerabilities via TippingPoint's Zero Day\n Initiative. (MFSA 2011-13 / CVE-2011-0065 /\n CVE-2011-0066 / CVE-2011-0073)\n\n - Security researcher Paul Stone reported that a Java\n applet could be used to mimic interaction with form\n autocomplete controls and steal entries from the form\n history. (MFSA 2011-14 / CVE-2011-0067)\n\n - Chris Evans of the Chrome Security Team reported that\n the XSLT generate-id() function returned a string that\n revealed a specific valid address of an object on the\n memory heap. It is possible that in some cases this\n address would be valuable information that could be used\n by an attacker while exploiting a different memory\n corruption but, in order to make an exploit more\n reliable or work around mitigation features in the\n browser or operating system. (MFSA 2011-18 /\n CVE-2011-1202)", "edition": 23, "published": "2011-05-05T00:00:00", "title": "SuSE 10 Security Update : Mozilla XULrunner (ZYPP Patch Number 7493)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-0077", "CVE-2011-1202", "CVE-2011-0080", "CVE-2011-0073", "CVE-2011-0066", "CVE-2011-0065", "CVE-2011-0081", "CVE-2011-0075", "CVE-2011-0074", "CVE-2011-0069", "CVE-2011-0078", "CVE-2011-0070", "CVE-2011-0067", "CVE-2011-0072"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_MOZILLA-XULRUNNER191-7493.NASL", "href": "https://www.tenable.com/plugins/nessus/53650", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(53650);\n script_version (\"1.18\");\n script_cvs_date(\"Date: 2019/10/25 13:36:43\");\n\n script_cve_id(\"CVE-2011-0065\", \"CVE-2011-0066\", \"CVE-2011-0067\", \"CVE-2011-0069\", \"CVE-2011-0070\", \"CVE-2011-0072\", \"CVE-2011-0073\", \"CVE-2011-0074\", \"CVE-2011-0075\", \"CVE-2011-0077\", \"CVE-2011-0078\", \"CVE-2011-0080\", \"CVE-2011-0081\", \"CVE-2011-1202\");\n\n script_name(english:\"SuSE 10 Security Update : Mozilla XULrunner (ZYPP Patch Number 7493)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Mozilla XULRunner 1.9.1 was updated to the 1.9.1.19 security release.\n\n - Mozilla developers identified and fixed several memory\n safety bugs in the browser engine used in Firefox and\n other Mozilla-based products. Some of these bugs showed\n evidence of memory corruption under certain\n circumstances, and we presume that with enough effort at\n least some of these could be exploited to run arbitrary\n code. Credits. (MFSA 2011-12)\n\n - Mozilla developer Scoobidiver reported a memory safety\n issue which affected Firefox 4 and Firefox 3.6.\n (CVE-2011-0081)\n\n The web development team of Alcidion reported a crash\n that affected Firefox 4, Firefox 3.6 and Firefox 3.5.\n (CVE-2011-0069)\n\n Ian Beer reported a crash that affected Firefox 4,\n Firefox 3.6 and Firefox 3.5. (CVE-2011-0070)\n\n Mozilla developers Bob Clary, Henri Sivonen, Marco\n Bonardo, Mats Palmgren and Jesse Ruderman reported\n memory safety issues which affected Firefox 3.6 and\n Firefox 3.5. (CVE-2011-0080)\n\n Aki Helin reported memory safety issues which affected\n Firefox 3.6 and Firefox 3.5. (CVE-2011-0074 /\n CVE-2011-0075)\n\n Ian Beer reported memory safety issues which affected\n Firefox 3.6 and Firefox 3.5. (CVE-2011-0077 /\n CVE-2011-0078)\n\n Martin Barbella reported a memory safety issue which\n affected Firefox 3.6 and Firefox 3.5. (CVE-2011-0072)\n\n - Security researcher regenrecht reported several dangling\n pointer vulnerabilities via TippingPoint's Zero Day\n Initiative. (MFSA 2011-13 / CVE-2011-0065 /\n CVE-2011-0066 / CVE-2011-0073)\n\n - Security researcher Paul Stone reported that a Java\n applet could be used to mimic interaction with form\n autocomplete controls and steal entries from the form\n history. (MFSA 2011-14 / CVE-2011-0067)\n\n - Chris Evans of the Chrome Security Team reported that\n the XSLT generate-id() function returned a string that\n revealed a specific valid address of an object on the\n memory heap. It is possible that in some cases this\n address would be valuable information that could be used\n by an attacker while exploiting a different memory\n corruption but, in order to make an exploit more\n reliable or work around mitigation features in the\n browser or operating system. (MFSA 2011-18 /\n CVE-2011-1202)\"\n );\n # http://www.mozilla.org/security/announce/2011/mfsa2011-12.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2011-12/\"\n );\n # http://www.mozilla.org/security/announce/2011/mfsa2011-13.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2011-13/\"\n );\n # http://www.mozilla.org/security/announce/2011/mfsa2011-14.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2011-14/\"\n );\n # http://www.mozilla.org/security/announce/2011/mfsa2011-18.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2011-18/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-0065.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-0066.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-0067.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-0069.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-0070.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-0072.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-0073.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-0074.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-0075.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-0077.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-0078.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-0080.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-0081.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1202.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 7493.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Mozilla Firefox \"nsTreeRange\" Dangling Pointer Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'White_Phosphorus');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/03/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/04/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/05/05\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"mozilla-xulrunner191-1.9.1.19-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"mozilla-xulrunner191-gnomevfs-1.9.1.19-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"mozilla-xulrunner191-translations-1.9.1.19-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-32bit-1.9.1.19-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-gnomevfs-32bit-1.9.1.19-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-translations-32bit-1.9.1.19-0.5.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T14:07:56", "description": "Mozilla XULRunner 1.9.1 was updated to the 1.9.1.19 security release.\n\nMFSA 2011-12: Mozilla developers identified and fixed several memory\nsafety bugs in the browser engine used in Firefox and other\nMozilla-based products. Some of these bugs showed evidence of memory\ncorruption under certain circumstances, and we presume that with\nenough effort at least some of these could be exploited to run\narbitrary code. Credits\n\nMozilla developer Scoobidiver reported a memory safety issue which\naffected Firefox 4 and Firefox 3.6 (CVE-2011-0081)\n\nThe web development team of Alcidion reported a crash that affected\nFirefox 4, Firefox 3.6 and Firefox 3.5. (CVE-2011-0069)\n\nIan Beer reported a crash that affected Firefox 4, Firefox 3.6 and\nFirefox 3.5. (CVE-2011-0070)\n\nMozilla developers Bob Clary, Henri Sivonen, Marco Bonardo, Mats\nPalmgren and Jesse Ruderman reported memory safety issues which\naffected Firefox 3.6 and Firefox 3.5. (CVE-2011-0080)\n\nAki Helin reported memory safety issues which affected Firefox 3.6 and\nFirefox 3.5. (CVE-2011-0074 , CVE-2011-0075)\n\nIan Beer reported memory safety issues which affected Firefox 3.6 and\nFirefox 3.5. (CVE-2011-0077 , CVE-2011-0078)\n\nMartin Barbella reported a memory safety issue which affected Firefox\n3.6 and Firefox 3.5. (CVE-2011-0072)\n\nMFSA 2011-13 / CVE-2011-0065 / CVE-2011-0066 / CVE-2011-0073: Security\nresearcher regenrecht reported several dangling pointer\nvulnerabilities via TippingPoint's Zero Day Initiative.\n\nMFSA 2011-14 / CVE-2011-0067: Security researcher Paul Stone reported\nthat a Java applet could be used to mimic interaction with form\nautocomplete controls and steal entries from the form history.\n\nMFSA 2011-18 / CVE-2011-1202: Chris Evans of the Chrome Security Team\nreported that the XSLT generate-id() function returned a string that\nrevealed a specific valid address of an object on the memory heap. It\nis possible that in some cases this address would be valuable\ninformation that could be used by an attacker while exploiting a\ndifferent memory corruption but, in order to make an exploit more\nreliable or work around mitigation features in the browser or\noperating system.", "edition": 24, "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : mozilla-xulrunner191 (mozilla-xulrunner191-4456)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-0077", "CVE-2011-1202", "CVE-2011-0080", "CVE-2011-0073", "CVE-2011-0066", "CVE-2011-0065", "CVE-2011-0081", "CVE-2011-0075", "CVE-2011-0074", "CVE-2011-0069", "CVE-2011-0078", "CVE-2011-0070", "CVE-2011-0067", "CVE-2011-0072"], "modified": "2014-06-13T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:mozilla-xulrunner191-32bit", "p-cpe:/a:novell:opensuse:mozilla-xulrunner191-gnomevfs", "p-cpe:/a:novell:opensuse:mozilla-xulrunner191", "p-cpe:/a:novell:opensuse:mozilla-xulrunner191-gnomevfs-32bit", "p-cpe:/a:novell:opensuse:mozilla-xulrunner191-devel", "p-cpe:/a:novell:opensuse:python-xpcom191", "p-cpe:/a:novell:opensuse:mozilla-xulrunner191-translations-other", "cpe:/o:novell:opensuse:11.3", "p-cpe:/a:novell:opensuse:mozilla-xulrunner191-translations-common"], "id": "SUSE_11_3_MOZILLA-XULRUNNER191-110429.NASL", "href": "https://www.tenable.com/plugins/nessus/75675", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update mozilla-xulrunner191-4456.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(75675);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-0065\", \"CVE-2011-0066\", \"CVE-2011-0067\", \"CVE-2011-0069\", \"CVE-2011-0070\", \"CVE-2011-0072\", \"CVE-2011-0073\", \"CVE-2011-0074\", \"CVE-2011-0075\", \"CVE-2011-0077\", \"CVE-2011-0078\", \"CVE-2011-0080\", \"CVE-2011-0081\", \"CVE-2011-1202\");\n\n script_name(english:\"openSUSE Security Update : mozilla-xulrunner191 (mozilla-xulrunner191-4456)\");\n script_summary(english:\"Check for the mozilla-xulrunner191-4456 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Mozilla XULRunner 1.9.1 was updated to the 1.9.1.19 security release.\n\nMFSA 2011-12: Mozilla developers identified and fixed several memory\nsafety bugs in the browser engine used in Firefox and other\nMozilla-based products. Some of these bugs showed evidence of memory\ncorruption under certain circumstances, and we presume that with\nenough effort at least some of these could be exploited to run\narbitrary code. Credits\n\nMozilla developer Scoobidiver reported a memory safety issue which\naffected Firefox 4 and Firefox 3.6 (CVE-2011-0081)\n\nThe web development team of Alcidion reported a crash that affected\nFirefox 4, Firefox 3.6 and Firefox 3.5. (CVE-2011-0069)\n\nIan Beer reported a crash that affected Firefox 4, Firefox 3.6 and\nFirefox 3.5. (CVE-2011-0070)\n\nMozilla developers Bob Clary, Henri Sivonen, Marco Bonardo, Mats\nPalmgren and Jesse Ruderman reported memory safety issues which\naffected Firefox 3.6 and Firefox 3.5. (CVE-2011-0080)\n\nAki Helin reported memory safety issues which affected Firefox 3.6 and\nFirefox 3.5. (CVE-2011-0074 , CVE-2011-0075)\n\nIan Beer reported memory safety issues which affected Firefox 3.6 and\nFirefox 3.5. (CVE-2011-0077 , CVE-2011-0078)\n\nMartin Barbella reported a memory safety issue which affected Firefox\n3.6 and Firefox 3.5. (CVE-2011-0072)\n\nMFSA 2011-13 / CVE-2011-0065 / CVE-2011-0066 / CVE-2011-0073: Security\nresearcher regenrecht reported several dangling pointer\nvulnerabilities via TippingPoint's Zero Day Initiative.\n\nMFSA 2011-14 / CVE-2011-0067: Security researcher Paul Stone reported\nthat a Java applet could be used to mimic interaction with form\nautocomplete controls and steal entries from the form history.\n\nMFSA 2011-18 / CVE-2011-1202: Chris Evans of the Chrome Security Team\nreported that the XSLT generate-id() function returned a string that\nrevealed a specific valid address of an object on the memory heap. It\nis possible that in some cases this address would be valuable\ninformation that could be used by an attacker while exploiting a\ndifferent memory corruption but, in order to make an exploit more\nreliable or work around mitigation features in the browser or\noperating system.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=689281\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mozilla-xulrunner191 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Mozilla Firefox \"nsTreeRange\" Dangling Pointer Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'White_Phosphorus');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner191\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner191-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner191-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner191-gnomevfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner191-gnomevfs-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner191-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner191-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-xpcom191\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/04/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.3\", reference:\"mozilla-xulrunner191-1.9.1.19-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"mozilla-xulrunner191-devel-1.9.1.19-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"mozilla-xulrunner191-gnomevfs-1.9.1.19-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"mozilla-xulrunner191-translations-common-1.9.1.19-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"mozilla-xulrunner191-translations-other-1.9.1.19-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"python-xpcom191-1.9.1.19-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", cpu:\"x86_64\", reference:\"mozilla-xulrunner191-32bit-1.9.1.19-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", cpu:\"x86_64\", reference:\"mozilla-xulrunner191-gnomevfs-32bit-1.9.1.19-0.2.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mozilla-xulrunner191\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-06T09:46:27", "description": "Several vulnerabilities have been found in the Iceape internet suite,\nan unbranded version of SeaMonkey :\n\n - CVE-2011-0069 CVE-2011-0070 CVE-2011-0072 CVE-2011-0074\n CVE-2011-0075 CVE-2011-0077 CVE-2011-0078 CVE-2011-0080\n CVE-2011-0081\n 'Scoobidiver', Ian Beer Bob Clary, Henri Sivonen, Marco\n Bonardo, Mats Palmgren, Jesse Ruderman, Aki Kelin and\n Martin Barbella discovered memory corruption bugs, which\n may lead to the execution of arbitrary code.\n\n - CVE-2011-0065 CVE-2011-0066 CVE-2011-0073\n 'regenrecht' discovered several dangling pointer\n vulnerabilities, which may lead to the execution of\n arbitrary code.\n\n - CVE-2011-0067\n Paul Stone discovered that Java applets could steal\n information from the autocompletion history.\n\n - CVE-2011-0071\n Soroush Dalili discovered a directory traversal\n vulnerability in handling resource URIs.\n\nThe oldstable distribution (lenny) is not affected. The iceape package\nonly provides the XPCOM code.", "edition": 17, "published": "2011-05-02T00:00:00", "title": "Debian DSA-2227-1 : iceape - several vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-0077", "CVE-2011-0071", "CVE-2011-0080", "CVE-2011-0073", "CVE-2011-0066", "CVE-2011-0065", "CVE-2011-0081", "CVE-2011-0075", "CVE-2011-0074", "CVE-2011-0069", "CVE-2011-0078", "CVE-2011-0070", "CVE-2011-0067", "CVE-2011-0072"], "modified": "2011-05-02T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:6.0", "p-cpe:/a:debian:debian_linux:iceape"], "id": "DEBIAN_DSA-2227.NASL", "href": "https://www.tenable.com/plugins/nessus/53602", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2227. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(53602);\n script_version(\"1.20\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2011-0065\", \"CVE-2011-0066\", \"CVE-2011-0067\", \"CVE-2011-0069\", \"CVE-2011-0070\", \"CVE-2011-0071\", \"CVE-2011-0072\", \"CVE-2011-0073\", \"CVE-2011-0074\", \"CVE-2011-0075\", \"CVE-2011-0077\", \"CVE-2011-0078\", \"CVE-2011-0080\", \"CVE-2011-0081\");\n script_xref(name:\"DSA\", value:\"2227\");\n\n script_name(english:\"Debian DSA-2227-1 : iceape - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been found in the Iceape internet suite,\nan unbranded version of SeaMonkey :\n\n - CVE-2011-0069 CVE-2011-0070 CVE-2011-0072 CVE-2011-0074\n CVE-2011-0075 CVE-2011-0077 CVE-2011-0078 CVE-2011-0080\n CVE-2011-0081\n 'Scoobidiver', Ian Beer Bob Clary, Henri Sivonen, Marco\n Bonardo, Mats Palmgren, Jesse Ruderman, Aki Kelin and\n Martin Barbella discovered memory corruption bugs, which\n may lead to the execution of arbitrary code.\n\n - CVE-2011-0065 CVE-2011-0066 CVE-2011-0073\n 'regenrecht' discovered several dangling pointer\n vulnerabilities, which may lead to the execution of\n arbitrary code.\n\n - CVE-2011-0067\n Paul Stone discovered that Java applets could steal\n information from the autocompletion history.\n\n - CVE-2011-0071\n Soroush Dalili discovered a directory traversal\n vulnerability in handling resource URIs.\n\nThe oldstable distribution (lenny) is not affected. The iceape package\nonly provides the XPCOM code.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-0069\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-0070\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-0072\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-0074\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-0075\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-0077\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-0078\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-0080\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-0081\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-0065\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-0066\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-0073\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-0067\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-0071\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze/iceape\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2011/dsa-2227\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the iceape packages.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 2.0.11-5.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Mozilla Firefox \"nsTreeRange\" Dangling Pointer Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'White_Phosphorus');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceape\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/04/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/05/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"iceape\", reference:\"2.0.11-5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"iceape-browser\", reference:\"2.0.11-5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"iceape-chatzilla\", reference:\"2.0.11-5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"iceape-dbg\", reference:\"2.0.11-5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"iceape-dev\", reference:\"2.0.11-5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"iceape-mailnews\", reference:\"2.0.11-5\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "debian": [{"lastseen": "2020-11-11T13:19:00", "bulletinFamily": "unix", "cvelist": ["CVE-2011-0077", "CVE-2011-0071", "CVE-2011-0080", "CVE-2011-0073", "CVE-2011-0066", "CVE-2011-0065", "CVE-2011-0081", "CVE-2011-0075", "CVE-2011-0074", "CVE-2011-0069", "CVE-2011-0078", "CVE-2011-0070", "CVE-2011-0067", "CVE-2011-0072"], "description": "Mike Hommey uploaded new packages for iceweasel which fixed the\nfollowing security problems:\n\nCVE-2011-0069 CVE-2011-0070 CVE-2011-0072 CVE-2011-0074 CVE-2011-0075 CVE-2011-0077 CVE-2011-0078 CVE-2011-0080 CVE-2011-0081\n\n "Scoobidiver", Ian Beer Bob Clary, Henri Sivonen, Marco Bonardo,\n Mats Palmgren, Jesse Ruderman, Aki Kelin and Martin Barbella \n discovered memory corruption bugs, which may lead to the execution\n of arbitrary code.\n\nCVE-2011-0065 CVE-2011-0066 CVE-2011-0073\n\n "regenrecht" discovered several dangling pointer vulnerabilities,\n which may lead to the execution of arbitrary code.\n\nCVE-2011-0067\n\n Paul Stone discovered that Java applets could steal information\n from the autocompletion history.\n\nCVE-2011-0071\n\n Soroush Dalili discovered a directory traversal vulnerability in\n handling resource URIs.\n\nFor the lenny-backports distribution the problems have been fixed in\nversion 3.5.16-7~bpo50+1.\n\nFor the oldstable distribution (lenny), this problem will be fixed soon\nwith updated packages of the xulrunner source package.\n \nFor the stable distribution (squeeze), this problem has been fixed in\nversion 3.5.16-7.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 3.5.19-1.\n\nUpgrade instructions\n--------------------\n\nIf you don't use pinning (see [1]) you have to update the package\nmanually via "apt-get -t lenny-backports install <packagelist>" with\nthe packagelist of your installed packages affected by this update.\n[1] <http://backports.debian.org/Instructions>\n\nWe recommend to pin (in /etc/apt/preferences) the backports repository\nto 200 so that new versions of installed backports will be installed\nautomatically. \n\n Package: *\n Pin: release a=lenny-backports\n Pin-Priority: 200\n", "edition": 3, "modified": "2011-05-12T10:01:56", "published": "2011-05-12T10:01:56", "id": "DEBIAN:BSA-034:9DF39", "href": "https://lists.debian.org/debian-backports-announce/2011/debian-backports-announce-201105/msg00000.html", "title": "[BSA-034] Security Update for iceweasel", "type": "debian", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-30T02:22:03", "bulletinFamily": "unix", "cvelist": ["CVE-2011-0077", "CVE-2011-0071", "CVE-2011-0080", "CVE-2011-0073", "CVE-2011-0066", "CVE-2011-0065", "CVE-2011-0081", "CVE-2011-0075", "CVE-2011-0074", "CVE-2011-0069", "CVE-2011-0078", "CVE-2011-0070", "CVE-2011-0067", "CVE-2011-0072"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2227-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nApril 30, 2011 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : iceape\nVulnerability : several\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2011-0065 CVE-2011-0066 CVE-2011-0067 CVE-2011-0069 \n CVE-2011-0070 CVE-2011-0071 CVE-2011-0072 CVE-2011-0073 \n CVE-2011-0074 CVE-2011-0075 CVE-2011-0077 CVE-2011-0078 \n CVE-2011-0080 CVE-2011-0081 \n\nSeveral vulnerabilities have been found in the Iceape internet suite, an\nunbranded version of Seamonkey:\n\nCVE-2011-0069 CVE-2011-0070 CVE-2011-0072 CVE-2011-0074 CVE-2011-0075 CVE-2011-0077 CVE-2011-0078 CVE-2011-0080 CVE-2011-0081\n\n "Scoobidiver", Ian Beer Bob Clary, Henri Sivonen, Marco Bonardo,\n Mats Palmgren, Jesse Ruderman, Aki Kelin and Martin Barbella \n discovered memory corruption bugs, which may lead to the execution\n of arbitrary code.\n\nCVE-2011-0065 CVE-2011-0066 CVE-2011-0073\n\n "regenrecht" discovered several dangling pointer vulnerabilities,\n which may lead to the execution of arbitrary code.\n\nCVE-2011-0067\n\n Paul Stone discovered that Java applets could steal information\n from the autocompletion history.\n\nCVE-2011-0071\n\n Soroush Dalili discovered a directory traversal vulnerability in\n handling resource URIs.\n \nThe oldstable distribution (lenny) is not affected. The iceape package only\nprovides the XPCOM code.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 2.0.11-5.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2.0.14-1.\n\nWe recommend that you upgrade your iceape packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 2, "modified": "2011-04-30T15:09:09", "published": "2011-04-30T15:09:09", "id": "DEBIAN:DSA-2227-1:C543D", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2011/msg00096.html", "title": "[SECURITY] [DSA 2227-1] iceape security update", "type": "debian", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-11-11T13:30:56", "bulletinFamily": "unix", "cvelist": ["CVE-2011-0077", "CVE-2011-0071", "CVE-2011-0080", "CVE-2011-0073", "CVE-2011-0066", "CVE-2011-0065", "CVE-2011-0081", "CVE-2011-0075", "CVE-2011-0074", "CVE-2011-0069", "CVE-2011-0078", "CVE-2011-0070", "CVE-2011-0067", "CVE-2011-0072"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2228-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nMay 01, 2011 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : iceweasel\nVulnerability : several\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2011-0065 CVE-2011-0066 CVE-2011-0067 CVE-2011-0069 \n CVE-2011-0070 CVE-2011-0071 CVE-2011-0072 CVE-2011-0073\n CVE-2011-0074 CVE-2011-0075 CVE-2011-0077 CVE-2011-0078\n CVE-2011-0080 CVE-2011-0081 \n\nSeveral vulnerabilities have been found in Iceweasel, a web browser \nbased on Firefox:\n\nCVE-2011-0069 CVE-2011-0070 CVE-2011-0072 CVE-2011-0074 CVE-2011-0075 CVE-2011-0077 CVE-2011-0078 CVE-2011-0080 CVE-2011-0081\n\n "Scoobidiver", Ian Beer Bob Clary, Henri Sivonen, Marco Bonardo,\n Mats Palmgren, Jesse Ruderman, Aki Kelin and Martin Barbella \n discovered memory corruption bugs, which may lead to the execution\n of arbitrary code.\n\nCVE-2011-0065 CVE-2011-0066 CVE-2011-0073\n\n "regenrecht" discovered several dangling pointer vulnerabilities,\n which may lead to the execution of arbitrary code.\n\nCVE-2011-0067\n\n Paul Stone discovered that Java applets could steal information\n from the autocompletion history.\n\nCVE-2011-0071\n\n Soroush Dalili discovered a directory traversal vulnerability in\n handling resource URIs.\n\nFor the oldstable distribution (lenny), this problem will be fixed soon\nwith updated packages of the xulrunner source package.\n \nFor the stable distribution (squeeze), this problem has been fixed in\nversion 3.5.16-7.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 3.5.19-1.\n\nWe recommend that you upgrade your iceweasel packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 3, "modified": "2011-05-01T16:51:09", "published": "2011-05-01T16:51:09", "id": "DEBIAN:DSA-2228-1:3272E", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2011/msg00097.html", "title": "[SECURITY] [DSA 2228-1] iceweasel security update", "type": "debian", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-11-11T13:21:55", "bulletinFamily": "unix", "cvelist": ["CVE-2011-0077", "CVE-2011-0071", "CVE-2011-0080", "CVE-2011-0073", "CVE-2011-0066", "CVE-2011-0065", "CVE-2011-0081", "CVE-2011-0075", "CVE-2011-0074", "CVE-2011-0069", "CVE-2011-0078", "CVE-2011-0070", "CVE-2011-0067", "CVE-2011-0072"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2235-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nMay 10, 2011 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : icedove\nVulnerability : several\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2011-0065 CVE-2011-0066 CVE-2011-0067 CVE-2011-0069 \n CVE-2011-0070 CVE-2011-0071 CVE-2011-0072 CVE-2011-0073\n CVE-2011-0074 CVE-2011-0075 CVE-2011-0077 CVE-2011-0078\n CVE-2011-0080 CVE-2011-0081 \n\nSeveral vulnerabilities have been discovered in Icedove, an unbranded\nversion of the Thunderbird mail/news client.\n\nCVE-2011-0069 CVE-2011-0070 CVE-2011-0072 CVE-2011-0074 CVE-2011-0075 CVE-2011-0077 CVE-2011-0078 CVE-2011-0080 CVE-2011-0081\n\n "Scoobidiver", Ian Beer Bob Clary, Henri Sivonen, Marco Bonardo,\n Mats Palmgren, Jesse Ruderman, Aki Kelin and Martin Barbella \n discovered memory corruption bugs, which may lead to the execution\n of arbitrary code.\n\nCVE-2011-0065 CVE-2011-0066 CVE-2011-0073\n\n "regenrecht" discovered several dangling pointer vulnerabilities,\n which may lead to the execution of arbitrary code.\n\nCVE-2011-0067\n\n Paul Stone discovered that Java applets could steal information\n from the autocompletion history.\n\nCVE-2011-0071\n\n Soroush Dalili discovered a directory traversal vulnerability in\n handling resource URIs.\n\nAs indicated in the Lenny (oldstable) release notes, security support for\nthe Icedove packages in the oldstable needed to be stopped before the end\nof the regular Lenny security maintenance life cycle.\nYou are strongly encouraged to upgrade to stable or switch to a different\nmail client.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 3.0.11-1+squeeze2.\n\nFor the unstable distribution (sid), this problem will be fixed soon.\n\nWe recommend that you upgrade your icedove packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 3, "modified": "2011-05-10T20:15:08", "published": "2011-05-10T20:15:08", "id": "DEBIAN:DSA-2235-1:7DA12", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2011/msg00104.html", "title": "[SECURITY] [DSA 2235-1] icedove security update", "type": "debian", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "centos": [{"lastseen": "2019-12-20T18:25:00", "bulletinFamily": "unix", "cvelist": ["CVE-2011-0077", "CVE-2011-1202", "CVE-2011-0071", "CVE-2011-0080", "CVE-2011-0073", "CVE-2011-0066", "CVE-2011-0065", "CVE-2011-0081", "CVE-2011-0075", "CVE-2011-0074", "CVE-2011-0069", "CVE-2011-0078", "CVE-2011-0070", "CVE-2011-0067", "CVE-2011-0072"], "description": "**CentOS Errata and Security Advisory** CESA-2011:0471\n\n\nMozilla Firefox is an open source web browser. XULRunner provides the XUL\nRuntime environment for Mozilla Firefox.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could possibly lead to arbitrary code\nexecution with the privileges of the user running Firefox. (CVE-2011-0080,\nCVE-2011-0081)\n\nAn arbitrary memory write flaw was found in the way Firefox handled\nout-of-memory conditions. If all memory was consumed when a user visited a\nmalicious web page, it could possibly lead to arbitrary code execution\nwith the privileges of the user running Firefox. (CVE-2011-0078)\n\nAn integer overflow flaw was found in the way Firefox handled the HTML\nframeset tag. A web page with a frameset tag containing large values for\nthe \"rows\" and \"cols\" attributes could trigger this flaw, possibly leading\nto arbitrary code execution with the privileges of the user running\nFirefox. (CVE-2011-0077)\n\nA flaw was found in the way Firefox handled the HTML iframe tag. A web page\nwith an iframe tag containing a specially-crafted source address could\ntrigger this flaw, possibly leading to arbitrary code execution with the\nprivileges of the user running Firefox. (CVE-2011-0075)\n\nA flaw was found in the way Firefox displayed multiple marquee elements. A\nmalformed HTML document could cause Firefox to execute arbitrary code with\nthe privileges of the user running Firefox. (CVE-2011-0074)\n\nA flaw was found in the way Firefox handled the nsTreeSelection element.\nMalformed content could cause Firefox to execute arbitrary code with the\nprivileges of the user running Firefox. (CVE-2011-0073)\n\nA use-after-free flaw was found in the way Firefox appended frame and\niframe elements to a DOM tree when the NoScript add-on was enabled.\nMalicious HTML content could cause Firefox to execute arbitrary code with\nthe privileges of the user running Firefox. (CVE-2011-0072)\n\nA directory traversal flaw was found in the Firefox resource:// protocol\nhandler. Malicious content could cause Firefox to access arbitrary files\naccessible to the user running Firefox. (CVE-2011-0071)\n\nA double free flaw was found in the way Firefox handled\n\"application/http-index-format\" documents. A malformed HTTP response could\ncause Firefox to execute arbitrary code with the privileges of the user\nrunning Firefox. (CVE-2011-0070)\n\nA flaw was found in the way Firefox handled certain JavaScript cross-domain\nrequests. If malicious content generated a large number of cross-domain\nJavaScript requests, it could cause Firefox to execute arbitrary code with\nthe privileges of the user running Firefox. (CVE-2011-0069)\n\nA flaw was found in the way Firefox displayed the autocomplete pop-up.\nMalicious content could use this flaw to steal form history information.\n(CVE-2011-0067)\n\nTwo use-after-free flaws were found in the Firefox mObserverList and\nmChannel objects. Malicious content could use these flaws to execute\narbitrary code with the privileges of the user running Firefox.\n(CVE-2011-0066, CVE-2011-0065)\n\nA flaw was found in the Firefox XSLT generate-id() function. This function\nreturned the memory address of an object in memory, which could possibly be\nused by attackers to bypass address randomization protections.\n(CVE-2011-1202)\n\nFor technical details regarding these flaws, refer to the Mozilla security\nadvisories for Firefox 3.6.17. You can find a link to the Mozilla\nadvisories in the References section of this erratum.\n\nAll Firefox users should upgrade to these updated packages, which contain\nFirefox version 3.6.17, which corrects these issues. After installing the\nupdate, Firefox must be restarted for the changes to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2011-April/029498.html\nhttp://lists.centos.org/pipermail/centos-announce/2011-April/029499.html\nhttp://lists.centos.org/pipermail/centos-announce/2011-April/029508.html\nhttp://lists.centos.org/pipermail/centos-announce/2011-April/029509.html\n\n**Affected packages:**\nfirefox\nxulrunner\nxulrunner-devel\n\n**Upstream details at:**\n", "edition": 3, "modified": "2011-04-29T21:10:44", "published": "2011-04-29T15:48:25", "href": "http://lists.centos.org/pipermail/centos-announce/2011-April/029498.html", "id": "CESA-2011:0471", "title": "firefox, xulrunner security update", "type": "centos", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "redhat": [{"lastseen": "2019-08-13T18:45:10", "bulletinFamily": "unix", "cvelist": ["CVE-2011-0065", "CVE-2011-0066", "CVE-2011-0067", "CVE-2011-0069", "CVE-2011-0070", "CVE-2011-0071", "CVE-2011-0072", "CVE-2011-0073", "CVE-2011-0074", "CVE-2011-0075", "CVE-2011-0077", "CVE-2011-0078", "CVE-2011-0080", "CVE-2011-0081", "CVE-2011-1202"], "description": "Mozilla Firefox is an open source web browser. XULRunner provides the XUL\nRuntime environment for Mozilla Firefox.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could possibly lead to arbitrary code\nexecution with the privileges of the user running Firefox. (CVE-2011-0080,\nCVE-2011-0081)\n\nAn arbitrary memory write flaw was found in the way Firefox handled\nout-of-memory conditions. If all memory was consumed when a user visited a\nmalicious web page, it could possibly lead to arbitrary code execution\nwith the privileges of the user running Firefox. (CVE-2011-0078)\n\nAn integer overflow flaw was found in the way Firefox handled the HTML\nframeset tag. A web page with a frameset tag containing large values for\nthe \"rows\" and \"cols\" attributes could trigger this flaw, possibly leading\nto arbitrary code execution with the privileges of the user running\nFirefox. (CVE-2011-0077)\n\nA flaw was found in the way Firefox handled the HTML iframe tag. A web page\nwith an iframe tag containing a specially-crafted source address could\ntrigger this flaw, possibly leading to arbitrary code execution with the\nprivileges of the user running Firefox. (CVE-2011-0075)\n\nA flaw was found in the way Firefox displayed multiple marquee elements. A\nmalformed HTML document could cause Firefox to execute arbitrary code with\nthe privileges of the user running Firefox. (CVE-2011-0074)\n\nA flaw was found in the way Firefox handled the nsTreeSelection element.\nMalformed content could cause Firefox to execute arbitrary code with the\nprivileges of the user running Firefox. (CVE-2011-0073)\n\nA use-after-free flaw was found in the way Firefox appended frame and\niframe elements to a DOM tree when the NoScript add-on was enabled.\nMalicious HTML content could cause Firefox to execute arbitrary code with\nthe privileges of the user running Firefox. (CVE-2011-0072)\n\nA directory traversal flaw was found in the Firefox resource:// protocol\nhandler. Malicious content could cause Firefox to access arbitrary files\naccessible to the user running Firefox. (CVE-2011-0071)\n\nA double free flaw was found in the way Firefox handled\n\"application/http-index-format\" documents. A malformed HTTP response could\ncause Firefox to execute arbitrary code with the privileges of the user\nrunning Firefox. (CVE-2011-0070)\n\nA flaw was found in the way Firefox handled certain JavaScript cross-domain\nrequests. If malicious content generated a large number of cross-domain\nJavaScript requests, it could cause Firefox to execute arbitrary code with\nthe privileges of the user running Firefox. (CVE-2011-0069)\n\nA flaw was found in the way Firefox displayed the autocomplete pop-up.\nMalicious content could use this flaw to steal form history information.\n(CVE-2011-0067)\n\nTwo use-after-free flaws were found in the Firefox mObserverList and\nmChannel objects. Malicious content could use these flaws to execute\narbitrary code with the privileges of the user running Firefox.\n(CVE-2011-0066, CVE-2011-0065)\n\nA flaw was found in the Firefox XSLT generate-id() function. This function\nreturned the memory address of an object in memory, which could possibly be\nused by attackers to bypass address randomization protections.\n(CVE-2011-1202)\n\nFor technical details regarding these flaws, refer to the Mozilla security\nadvisories for Firefox 3.6.17. You can find a link to the Mozilla\nadvisories in the References section of this erratum.\n\nAll Firefox users should upgrade to these updated packages, which contain\nFirefox version 3.6.17, which corrects these issues. After installing the\nupdate, Firefox must be restarted for the changes to take effect.\n", "modified": "2018-06-06T20:24:10", "published": "2011-04-28T04:00:00", "id": "RHSA-2011:0471", "href": "https://access.redhat.com/errata/RHSA-2011:0471", "type": "redhat", "title": "(RHSA-2011:0471) Critical: firefox security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "ubuntu": [{"lastseen": "2020-07-09T00:25:56", "bulletinFamily": "unix", "cvelist": ["CVE-2011-0077", "CVE-2011-1202", "CVE-2011-0071", "CVE-2011-0080", "CVE-2011-0073", "CVE-2011-0066", "CVE-2011-0065", "CVE-2011-0081", "CVE-2011-0075", "CVE-2011-0074", "CVE-2011-0069", "CVE-2011-0078", "CVE-2011-0070", "CVE-2011-0067", "CVE-2011-0072"], "description": "It was discovered that there was a vulnerability in the memory handling of \ncertain types of content. An attacker could exploit this to possibly run \narbitrary code as the user running Thunderbird. (CVE-2011-0081)\n\nIt was discovered that Thunderbird incorrectly handled certain JavaScript \nrequests. If JavaScript were enabled, an attacker could exploit this to \npossibly run arbitrary code as the user running Thunderbird. \n(CVE-2011-0069)\n\nIan Beer discovered a vulnerability in the memory handling of a certain \ntypes of documents. An attacker could exploit this to possibly run \narbitrary code as the user running Thunderbird. (CVE-2011-0070)\n\nBob Clary, Henri Sivonen, Marco Bonardo, Mats Palmgren and Jesse Ruderman \ndiscovered several memory vulnerabilities. An attacker could exploit these \nto possibly run arbitrary code as the user running Thunderbird. \n(CVE-2011-0080)\n\nAki Helin discovered multiple vulnerabilities in the HTML rendering code. \nAn attacker could exploit these to possibly run arbitrary code as the user \nrunning Thunderbird. (CVE-2011-0074, CVE-2011-0075)\n\nIan Beer discovered multiple overflow vulnerabilities. An attacker could \nexploit these to possibly run arbitrary code as the user running \nThunderbird. (CVE-2011-0077, CVE-2011-0078)\n\nMartin Barbella discovered a memory vulnerability in the handling of \ncertain DOM elements. An attacker could exploit this to possibly run \narbitrary code as the user running Thunderbird. (CVE-2011-0072)\n\nIt was discovered that there were use-after-free vulnerabilities in \nThunderbird's mChannel and mObserverList objects. An attacker could exploit \nthese to possibly run arbitrary code as the user running Thunderbird. \n(CVE-2011-0065, CVE-2011-0066)\n\nIt was discovered that there was a vulnerability in the handling of the \nnsTreeSelection element. An attacker sending a specially crafted E-Mail \ncould exploit this to possibly run arbitrary code as the user running \nThunderbird. (CVE-2011-0073)\n\nPaul Stone discovered a vulnerability in the handling of Java applets. If \nplugins were enabled, an attacker could use this to mimic interaction with \nform autocomplete controls and steal entries from the form history. \n(CVE-2011-0067)\n\nSoroush Dalili discovered a vulnerability in the resource: protocol. This \ncould potentially allow an attacker to load arbitrary files that were \naccessible to the user running Thunderbird. (CVE-2011-0071)\n\nChris Evans discovered a vulnerability in Thunderbird's XSLT generate-id() \nfunction. An attacker could possibly use this vulnerability to make other \nattacks more reliable. (CVE-2011-1202)", "edition": 5, "modified": "2011-05-05T00:00:00", "published": "2011-05-05T00:00:00", "id": "USN-1122-1", "href": "https://ubuntu.com/security/notices/USN-1122-1", "title": "Thunderbird vulnerabilities", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-09T00:28:28", "bulletinFamily": "unix", "cvelist": ["CVE-2011-0077", "CVE-2011-1202", "CVE-2011-0071", "CVE-2011-0080", "CVE-2011-0073", "CVE-2011-0066", "CVE-2011-0065", "CVE-2011-0081", "CVE-2011-0075", "CVE-2011-0074", "CVE-2011-0069", "CVE-2011-0078", "CVE-2011-0070", "CVE-2011-0067", "CVE-2011-0072"], "description": "USN-1122-2 fixed vulnerabilities in Thunderbird on Ubuntu 11.04. A \nregression was introduced which caused Thunderbird to display an empty menu \nbar. This update fixes the problem. We apologize for the inconvenience.\n\nOriginal advisory details:\n\nIt was discovered that there was a vulnerability in the memory handling of \ncertain types of content. An attacker could exploit this to possibly run \narbitrary code as the user running Thunderbird. (CVE-2011-0081)\n\nIt was discovered that Thunderbird incorrectly handled certain JavaScript \nrequests. If JavaScript were enabled, an attacker could exploit this to \npossibly run arbitrary code as the user running Thunderbird. \n(CVE-2011-0069)\n\nIan Beer discovered a vulnerability in the memory handling of a certain \ntypes of documents. An attacker could exploit this to possibly run \narbitrary code as the user running Thunderbird. (CVE-2011-0070)\n\nBob Clary, Henri Sivonen, Marco Bonardo, Mats Palmgren and Jesse Ruderman \ndiscovered several memory vulnerabilities. An attacker could exploit these \nto possibly run arbitrary code as the user running Thunderbird. \n(CVE-2011-0080)\n\nAki Helin discovered multiple vulnerabilities in the HTML rendering code. \nAn attacker could exploit these to possibly run arbitrary code as the user \nrunning Thunderbird. (CVE-2011-0074, CVE-2011-0075)\n\nIan Beer discovered multiple overflow vulnerabilities. An attacker could \nexploit these to possibly run arbitrary code as the user running \nThunderbird. (CVE-2011-0077, CVE-2011-0078)\n\nMartin Barbella discovered a memory vulnerability in the handling of \ncertain DOM elements. An attacker could exploit this to possibly run \narbitrary code as the user running Thunderbird. (CVE-2011-0072)\n\nIt was discovered that there were use-after-free vulnerabilities in \nThunderbird's mChannel and mObserverList objects. An attacker could exploit \nthese to possibly run arbitrary code as the user running Thunderbird. \n(CVE-2011-0065, CVE-2011-0066)\n\nIt was discovered that there was a vulnerability in the handling of the \nnsTreeSelection element. An attacker sending a specially crafted E-Mail \ncould exploit this to possibly run arbitrary code as the user running \nThunderbird. (CVE-2011-0073)\n\nPaul Stone discovered a vulnerability in the handling of Java applets. If \nplugins were enabled, an attacker could use this to mimic interaction with \nform autocomplete controls and steal entries from the form history. \n(CVE-2011-0067)\n\nSoroush Dalili discovered a vulnerability in the resource: protocol. This \ncould potentially allow an attacker to load arbitrary files that were \naccessible to the user running Thunderbird. (CVE-2011-0071)\n\nChris Evans discovered a vulnerability in Thunderbird's XSLT generate-id() \nfunction. An attacker could possibly use this vulnerability to make other \nattacks more reliable. (CVE-2011-1202)", "edition": 5, "modified": "2011-06-06T00:00:00", "published": "2011-06-06T00:00:00", "id": "USN-1122-3", "href": "https://ubuntu.com/security/notices/USN-1122-3", "title": "Thunderbird regression", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-09T00:28:58", "bulletinFamily": "unix", "cvelist": ["CVE-2011-0077", "CVE-2011-1202", "CVE-2011-0071", "CVE-2011-0080", "CVE-2011-0073", "CVE-2011-0066", "CVE-2011-0065", "CVE-2011-0081", "CVE-2011-0075", "CVE-2011-0074", "CVE-2011-0069", "CVE-2011-0078", "CVE-2011-0070", "CVE-2011-0067", "CVE-2011-0072"], "description": "USN-1122-1 fixed vulnerabilities in Thunderbird for Lucid and Maverick. \nThis update provides the corresponding fixes for Natty.\n\nOriginal advisory details:\n\nIt was discovered that there was a vulnerability in the memory handling of \ncertain types of content. An attacker could exploit this to possibly run \narbitrary code as the user running Thunderbird. (CVE-2011-0081)\n\nIt was discovered that Thunderbird incorrectly handled certain JavaScript \nrequests. If JavaScript were enabled, an attacker could exploit this to \npossibly run arbitrary code as the user running Thunderbird. \n(CVE-2011-0069)\n\nIan Beer discovered a vulnerability in the memory handling of a certain \ntypes of documents. An attacker could exploit this to possibly run \narbitrary code as the user running Thunderbird. (CVE-2011-0070)\n\nBob Clary, Henri Sivonen, Marco Bonardo, Mats Palmgren and Jesse Ruderman \ndiscovered several memory vulnerabilities. An attacker could exploit these \nto possibly run arbitrary code as the user running Thunderbird. \n(CVE-2011-0080)\n\nAki Helin discovered multiple vulnerabilities in the HTML rendering code. \nAn attacker could exploit these to possibly run arbitrary code as the user \nrunning Thunderbird. (CVE-2011-0074, CVE-2011-0075)\n\nIan Beer discovered multiple overflow vulnerabilities. An attacker could \nexploit these to possibly run arbitrary code as the user running \nThunderbird. (CVE-2011-0077, CVE-2011-0078)\n\nMartin Barbella discovered a memory vulnerability in the handling of \ncertain DOM elements. An attacker could exploit this to possibly run \narbitrary code as the user running Thunderbird. (CVE-2011-0072)\n\nIt was discovered that there were use-after-free vulnerabilities in \nThunderbird's mChannel and mObserverList objects. An attacker could exploit \nthese to possibly run arbitrary code as the user running Thunderbird. \n(CVE-2011-0065, CVE-2011-0066)\n\nIt was discovered that there was a vulnerability in the handling of the \nnsTreeSelection element. An attacker sending a specially crafted E-Mail \ncould exploit this to possibly run arbitrary code as the user running \nThunderbird. (CVE-2011-0073)\n\nPaul Stone discovered a vulnerability in the handling of Java applets. If \nplugins were enabled, an attacker could use this to mimic interaction with \nform autocomplete controls and steal entries from the form history. \n(CVE-2011-0067)\n\nSoroush Dalili discovered a vulnerability in the resource: protocol. This \ncould potentially allow an attacker to load arbitrary files that were \naccessible to the user running Thunderbird. (CVE-2011-0071)\n\nChris Evans discovered a vulnerability in Thunderbird's XSLT generate-id() \nfunction. An attacker could possibly use this vulnerability to make other \nattacks more reliable. (CVE-2011-1202)", "edition": 5, "modified": "2011-05-05T00:00:00", "published": "2011-05-05T00:00:00", "id": "USN-1122-2", "href": "https://ubuntu.com/security/notices/USN-1122-2", "title": "Thunderbird vulnerabilities", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-08T23:42:23", "bulletinFamily": "unix", "cvelist": ["CVE-2011-0077", "CVE-2011-1202", "CVE-2011-0071", "CVE-2011-0080", "CVE-2011-0073", "CVE-2011-0066", "CVE-2011-0065", "CVE-2011-0081", "CVE-2011-0075", "CVE-2011-0074", "CVE-2011-0069", "CVE-2011-0078", "CVE-2011-0070", "CVE-2011-0067", "CVE-2011-0072"], "description": "It was discovered that there was a vulnerability in the memory handling of \ncertain types of content. An attacker could exploit this to possibly run \narbitrary code as the user running Firefox. (CVE-2011-0081)\n\nIt was discovered that Firefox incorrectly handled certain JavaScript \nrequests. An attacker could exploit this to possibly run arbitrary code as \nthe user running Firefox. (CVE-2011-0069)\n\nIan Beer discovered a vulnerability in the memory handling of a certain \ntypes of documents. An attacker could exploit this to possibly run \narbitrary code as the user running Firefox. (CVE-2011-0070)\n\nBob Clary, Henri Sivonen, Marco Bonardo, Mats Palmgren and Jesse Ruderman \ndiscovered several memory vulnerabilities. An attacker could exploit these \nto possibly run arbitrary code as the user running Firefox. (CVE-2011-0080)\n\nAki Helin discovered multiple vulnerabilities in the HTML rendering code. \nAn attacker could exploit these to possibly run arbitrary code as the user \nrunning Firefox. (CVE-2011-0074, CVE-2011-0075)\n\nIan Beer discovered multiple overflow vulnerabilities. An attacker could \nexploit these to possibly run arbitrary code as the user running Firefox. \n(CVE-2011-0077, CVE-2011-0078)\n\nMartin Barbella discovered a memory vulnerability in the handling of \ncertain DOM elements. An attacker could exploit this to possibly run \narbitrary code as the user running Firefox. (CVE-2011-0072)\n\nIt was discovered that there were use-after-free vulnerabilities in \nFirefox's mChannel and mObserverList objects. An attacker could exploit \nthese to possibly run arbitrary code as the user running Firefox. \n(CVE-2011-0065, CVE-2011-0066)\n\nIt was discovered that there was a vulnerability in the handling of the \nnsTreeSelection element. An attacker serving malicious content could \nexploit this to possibly run arbitrary code as the user running Firefox. \n(CVE-2011-0073)\n\nPaul Stone discovered a vulnerability in the handling of Java applets. An \nattacker could use this to mimic interaction with form autocomplete \ncontrols and steal entries from the form history. (CVE-2011-0067)\n\nSoroush Dalili discovered a vulnerability in the resource: protocol. This \ncould potentially allow an attacker to load arbitrary files that were \naccessible to the user running Firefox. (CVE-2011-0071)\n\nChris Evans discovered a vulnerability in Firefox's XSLT generate-id() \nfunction. An attacker could possibly use this vulnerability to make other \nattacks more reliable. (CVE-2011-1202)", "edition": 5, "modified": "2011-04-29T00:00:00", "published": "2011-04-29T00:00:00", "id": "USN-1112-1", "href": "https://ubuntu.com/security/notices/USN-1112-1", "title": "Firefox and Xulrunner vulnerabilities", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-08T23:34:12", "bulletinFamily": "unix", "cvelist": ["CVE-2011-0077", "CVE-2011-1202", "CVE-2011-0071", "CVE-2010-3778", "CVE-2011-0080", "CVE-2011-0073", "CVE-2011-0053", "CVE-2011-0066", "CVE-2011-0056", "CVE-2010-3776", "CVE-2011-0065", "CVE-2011-0062", "CVE-2011-0075", "CVE-2011-0074", "CVE-2010-1585", "CVE-2011-0051", "CVE-2011-0057", "CVE-2011-0069", "CVE-2011-0078", "CVE-2011-0070", "CVE-2011-0059", "CVE-2011-0054", "CVE-2011-0058", "CVE-2011-0067", "CVE-2011-0055", "CVE-2011-0072"], "description": "A large number of security issues were discovered in the Gecko rendering \nengine. If a user were tricked into viewing a malicious website, a remote \nattacker could exploit a variety of issues related to web browser security, \nincluding cross-site scripting attacks, denial of service attacks, and \narbitrary code execution.", "edition": 5, "modified": "2011-04-30T00:00:00", "published": "2011-04-30T00:00:00", "id": "USN-1123-1", "href": "https://ubuntu.com/security/notices/USN-1123-1", "title": "Xulrunner vulnerabilities", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:34:29", "bulletinFamily": "unix", "cvelist": ["CVE-2011-0077", "CVE-2011-1202", "CVE-2011-0071", "CVE-2011-0080", "CVE-2011-0073", "CVE-2011-0066", "CVE-2011-0065", "CVE-2011-0081", "CVE-2011-0075", "CVE-2011-0074", "CVE-2011-0069", "CVE-2011-0078", "CVE-2011-0070", "CVE-2011-0067", "CVE-2011-0072"], "description": "firefox:\n[3.6.17-1.0.1.el6_0]\n- Added firefox-oracle-default-prefs.js and removed firefox-redhat-default-prefs.js\n[3.6.17-1]\n- Update to 3.6.17\nxulrunner:\n[1.9.2.17-4.0.1.el6_0]\n- Replace xulrunner-redhat-default-prefs.js with\n xulrunner-oracle-default-prefs.js\n[1.9.2.17-4]\n- Rebuild\n[1.9.2.17-3]\n- Update to 1.9.2.17", "edition": 4, "modified": "2011-04-29T00:00:00", "published": "2011-04-29T00:00:00", "id": "ELSA-2011-0471", "href": "http://linux.oracle.com/errata/ELSA-2011-0471.html", "title": "firefox security update", "type": "oraclelinux", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "suse": [{"lastseen": "2016-09-04T11:32:37", "bulletinFamily": "unix", "cvelist": ["CVE-2011-0077", "CVE-2011-1202", "CVE-2011-0071", "CVE-2011-0068", "CVE-2011-0080", "CVE-2011-0073", "CVE-2011-0079", "CVE-2011-0066", "CVE-2011-0065", "CVE-2011-0081", "CVE-2011-0075", "CVE-2011-0074", "CVE-2011-0069", "CVE-2011-0078", "CVE-2011-0070", "CVE-2011-0076", "CVE-2011-0067", "CVE-2011-0072"], "description": "The Mozilla suite of browsers received security updates.\n#### Solution\nThere is no known workaround, please install the update packages.", "edition": 1, "modified": "2011-05-05T17:46:39", "published": "2011-05-05T17:46:39", "id": "SUSE-SA:2011:022", "href": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00001.html", "title": "remote code execution, remote denial of service in MozillaFirefox,seamonkey,MozillaThunderbird", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:13", "bulletinFamily": "unix", "cvelist": ["CVE-2012-1945", "CVE-2011-3648", "CVE-2009-0355", "CVE-2011-0061", "CVE-2011-0077", "CVE-2012-0478", "CVE-2012-4193", "CVE-2011-1202", "CVE-2012-0442", "CVE-2010-3772", "CVE-2011-0071", "CVE-2009-2470", "CVE-2010-0654", "CVE-2009-3388", "CVE-2012-1962", "CVE-2012-0443", "CVE-2011-3866", "CVE-2011-0068", "CVE-2012-5842", "CVE-2012-4212", "CVE-2009-2477", "CVE-2009-1563", "CVE-2010-0176", "CVE-2011-3640", "CVE-2011-0083", "CVE-2010-1203", "CVE-2009-3076", "CVE-2012-1970", "CVE-2009-3389", "CVE-2008-3835", "CVE-2012-3989", "CVE-2010-2762", "CVE-2012-5830", "CVE-2012-4210", "CVE-2009-1305", "CVE-2011-3026", "CVE-2009-3979", "CVE-2011-2370", "CVE-2012-0460", "CVE-2012-1973", "CVE-2009-3376", "CVE-2011-2369", "CVE-2011-2998", "CVE-2011-3654", "CVE-2011-2605", "CVE-2009-1833", "CVE-2010-0165", "CVE-2012-1974", "CVE-2010-0220", "CVE-2010-2766", "CVE-2011-2993", "CVE-2012-4195", "CVE-2010-0168", "CVE-2012-3986", "CVE-2010-0160", "CVE-2009-1169", "CVE-2011-2371", "CVE-2009-3379", "CVE-2012-4185", "CVE-2010-3777", "CVE-2012-3991", "CVE-2012-5354", "CVE-2012-4206", "CVE-2009-3071", "CVE-2012-3968", "CVE-2010-1214", "CVE-2012-3963", "CVE-2010-0174", "CVE-2010-0172", "CVE-2009-2535", "CVE-2012-0452", "CVE-2009-1312", "CVE-2012-1956", "CVE-2012-3978", "CVE-2012-3985", "CVE-2011-2995", "CVE-2012-5829", "CVE-2009-1571", "CVE-2008-5505", "CVE-2012-5838", "CVE-2011-2986", "CVE-2010-1205", "CVE-2009-2210", "CVE-2009-2478", "CVE-2008-6961", "CVE-2012-0479", "CVE-2012-0450", "CVE-2012-1940", "CVE-2012-3993", "CVE-2008-5500", "CVE-2012-5836", "CVE-2009-3274", "CVE-2010-1125", "CVE-2009-0772", "CVE-2012-3995", "CVE-2012-4201", "CVE-2010-0159", "CVE-2009-0773", "CVE-2011-3659", "CVE-2011-3663", "CVE-2010-3131", "CVE-2012-0470", "CVE-2012-0446", "CVE-2008-4063", "CVE-2012-3976", "CVE-2012-1972", "CVE-2010-1200", "CVE-2010-0175", "CVE-2010-0170", "CVE-2012-3988", "CVE-2012-0457", "CVE-2010-3778", "CVE-2012-3994", "CVE-2007-2436", "CVE-2012-3962", "CVE-2010-2770", "CVE-2010-3774", "CVE-2012-0459", "CVE-2011-2362", "CVE-2009-1304", "CVE-2010-1213", "CVE-2010-3177", "CVE-2012-5843", "CVE-2009-1835", "CVE-2011-0085", "CVE-2009-0352", "CVE-2009-3984", "CVE-2009-3380", "CVE-2008-5510", "CVE-2011-0080", "CVE-2012-1950", "CVE-2008-5502", "CVE-2009-3981", "CVE-2010-3765", "CVE-2010-0167", "CVE-2009-3373", "CVE-2009-3980", "CVE-2008-4070", "CVE-2012-4183", "CVE-2010-3178", "CVE-2012-1994", "CVE-2011-3661", "CVE-2009-3383", "CVE-2012-4181", "CVE-2011-3652", "CVE-2009-1311", "CVE-2011-1712", "CVE-2008-4067", "CVE-2010-1210", "CVE-2011-2364", "CVE-2009-2469", "CVE-2011-0073", "CVE-2010-1197", "CVE-2010-1207", "CVE-2009-0652", "CVE-2012-4186", "CVE-2012-1948", "CVE-2008-5012", "CVE-2011-2982", "CVE-2012-1938", "CVE-2012-0449", "CVE-2010-3769", "CVE-2012-3969", "CVE-2009-1838", "CVE-2012-1953", "CVE-2008-5013", "CVE-2012-1949", "CVE-2012-0456", "CVE-2011-2372", "CVE-2010-3773", "CVE-2009-1309", "CVE-2011-0079", "CVE-2010-3169", "CVE-2009-2662", "CVE-2012-3970", "CVE-2011-2997", "CVE-2011-0053", "CVE-2009-1832", "CVE-2012-5840", "CVE-2010-3176", "CVE-2012-4191", "CVE-2010-3174", "CVE-2012-1966", "CVE-2010-3768", "CVE-2009-3372", "CVE-2010-2763", "CVE-2011-0066", "CVE-2010-1212", "CVE-2009-1837", "CVE-2010-1206", "CVE-2010-1211", "CVE-2009-2464", "CVE-2011-2990", "CVE-2010-1121", "CVE-2009-0356", "CVE-2011-3389", "CVE-2010-0164", "CVE-2008-3836", "CVE-2010-3167", "CVE-2012-4202", "CVE-2007-2671", "CVE-2011-2984", "CVE-2010-3180", "CVE-2012-3957", "CVE-2011-3660", "CVE-2009-3986", "CVE-2012-1941", "CVE-2009-2408", "CVE-2010-3399", "CVE-2009-2665", "CVE-2008-4066", "CVE-2008-5018", "CVE-2009-3978", "CVE-2012-3984", "CVE-2009-0354", "CVE-2009-3079", "CVE-2011-0056", "CVE-2012-0444", "CVE-2011-3650", "CVE-2010-2753", "CVE-2012-1946", "CVE-2010-3776", "CVE-2010-1215", "CVE-2012-4182", "CVE-2011-2980", "CVE-2012-4187", "CVE-2008-4069", "CVE-2010-0166", "CVE-2011-3647", "CVE-2011-0065", "CVE-2011-0062", "CVE-2008-0016", "CVE-2009-0358", "CVE-2011-3101", "CVE-2010-3168", "CVE-2010-0173", "CVE-2009-1044", "CVE-2008-5513", "CVE-2008-4059", "CVE-2010-2764", "CVE-2011-0081", "CVE-2009-0771", "CVE-2009-1392", "CVE-2008-5504", "CVE-2008-5019", "CVE-2012-1954", "CVE-2009-0774", "CVE-2009-3375", "CVE-2012-0461", "CVE-2011-2376", "CVE-2009-2472", "CVE-2012-3958", "CVE-2009-0071", "CVE-2008-5023", "CVE-2012-0469", "CVE-2010-3171", "CVE-2009-3072", "CVE-2012-3973", "CVE-2008-5822", "CVE-2012-1975", "CVE-2011-0075", "CVE-2012-0464", "CVE-2012-1967", "CVE-2011-3653", "CVE-2010-0648", "CVE-2010-0178", "CVE-2010-3166", "CVE-2010-0177", "CVE-2011-0074", "CVE-2012-3956", "CVE-2010-2769", "CVE-2011-3649", "CVE-2012-3982", "CVE-2009-3555", "CVE-2011-2989", "CVE-2010-1196", "CVE-2008-3837", "CVE-2009-0357", "CVE-2008-5021", "CVE-2008-5017", "CVE-2012-3966", "CVE-2012-5839", "CVE-2011-2378", "CVE-2009-1308", "CVE-2010-3775", "CVE-2009-2467", "CVE-2012-1961", "CVE-2010-5074", "CVE-2011-2996", "CVE-2010-3173", "CVE-2012-4216", "CVE-2008-4062", "CVE-2010-3179", "CVE-2010-0182", "CVE-2012-3967", "CVE-2011-3651", "CVE-2008-4060", "CVE-2010-0181", "CVE-2012-1951", "CVE-2012-0475", "CVE-2012-3965", "CVE-2012-1952", "CVE-2010-1201", "CVE-2011-4688", "CVE-2009-1306", "CVE-2010-1585", "CVE-2009-2479", "CVE-2012-3959", "CVE-2012-0455", "CVE-2009-0777", "CVE-2010-2755", "CVE-2011-0084", "CVE-2011-0051", "CVE-2010-3767", "CVE-2012-1939", "CVE-2009-1834", "CVE-2010-3771", "CVE-2010-0183", "CVE-2012-0474", "CVE-2012-3975", "CVE-2010-2768", "CVE-2008-5014", "CVE-2008-0367", "CVE-2008-4058", "CVE-2011-3002", "CVE-2012-4184", "CVE-2011-0057", "CVE-2012-0447", "CVE-2011-3232", "CVE-2008-5913", "CVE-2007-3073", "CVE-2012-4205", "CVE-2010-2751", "CVE-2009-1836", "CVE-2011-0069", "CVE-2008-5022", "CVE-2008-5512", "CVE-2012-3992", "CVE-2009-3374", "CVE-2008-5501", "CVE-2008-4068", "CVE-2008-5016", "CVE-2011-3004", "CVE-2012-3980", "CVE-2008-5503", "CVE-2011-2374", "CVE-2012-1955", "CVE-2009-1839", "CVE-2012-1960", "CVE-2012-0445", "CVE-2009-3074", "CVE-2012-1965", "CVE-2011-3670", "CVE-2012-0462", "CVE-2010-1028", "CVE-2010-0162", "CVE-2011-2377", "CVE-2009-2463", "CVE-2009-2061", "CVE-2009-3070", "CVE-2012-3977", "CVE-2011-3000", "CVE-2010-2765", "CVE-2009-3069", "CVE-2010-0171", "CVE-2010-2767", "CVE-2009-0353", "CVE-2011-0078", "CVE-2012-3960", "CVE-2010-3175", "CVE-2009-0775", "CVE-2012-0451", "CVE-2011-3655", "CVE-2012-4180", "CVE-2009-2044", "CVE-2010-3182", "CVE-2009-0776", "CVE-2009-3371", "CVE-2009-3377", "CVE-2012-1959", "CVE-2011-2363", "CVE-2009-3075", "CVE-2010-0163", "CVE-2010-1208", "CVE-2011-0070", "CVE-2012-1947", "CVE-2009-1841", "CVE-2010-3170", "CVE-2011-3005", "CVE-2011-0059", "CVE-2012-1971", "CVE-2009-3983", "CVE-2012-4208", "CVE-2009-3987", "CVE-2011-3658", "CVE-2011-2373", "CVE-2008-5511", "CVE-2012-1957", "CVE-2012-1958", "CVE-2011-0054", "CVE-2012-4190", "CVE-2008-4064", "CVE-2012-1976", "CVE-2011-1187", "CVE-2012-5835", "CVE-2010-3183", "CVE-2009-2654", "CVE-2010-1202", "CVE-2012-0468", "CVE-2009-3982", "CVE-2009-3985", "CVE-2009-2065", "CVE-2009-1313", "CVE-2009-3382", "CVE-2008-5508", "CVE-2012-3972", "CVE-2012-4207", "CVE-2011-2988", "CVE-2010-3770", "CVE-2008-4061", "CVE-2010-1199", "CVE-2012-4204", "CVE-2008-0017", "CVE-2009-3988", "CVE-2010-3400", "CVE-2009-1302", "CVE-2011-2985", "CVE-2009-2466", "CVE-2012-4192", "CVE-2011-0058", "CVE-2011-2987", "CVE-2012-4188", "CVE-2012-0441", "CVE-2008-5024", "CVE-2011-0076", "CVE-2007-2437", "CVE-2012-5833", "CVE-2011-2999", "CVE-2012-3964", "CVE-2012-5841", "CVE-2010-0179", "CVE-2010-1209", "CVE-2010-2754", "CVE-2008-5507", "CVE-2009-2471", "CVE-2012-3990", "CVE-2011-2375", "CVE-2010-1198", "CVE-2008-4065", "CVE-2009-1840", "CVE-2011-3665", "CVE-2009-3381", "CVE-2011-0067", "CVE-2010-2760", "CVE-2012-1937", "CVE-2012-4215", "CVE-2009-2043", "CVE-2009-1307", "CVE-2009-2664", "CVE-2012-0463", "CVE-2010-4508", "CVE-2009-1310", "CVE-2009-3077", "CVE-2011-3003", "CVE-2011-2991", "CVE-2008-5015", "CVE-2011-0082", "CVE-2011-2983", "CVE-2012-4179", "CVE-2008-4582", "CVE-2011-3001", "CVE-2012-1964", "CVE-2009-2462", "CVE-2009-3378", "CVE-2011-3062", "CVE-2009-1303", "CVE-2012-0477", "CVE-2012-0473", "CVE-2012-4194", "CVE-2011-2365", "CVE-2012-4209", "CVE-2012-1963", "CVE-2012-4196", "CVE-2008-5506", "CVE-2009-2404", "CVE-2009-2465", "CVE-2012-0467", "CVE-2011-2981", "CVE-2012-0458", "CVE-2010-0169", "CVE-2010-2752", "CVE-2009-3078", "CVE-2012-0471", "CVE-2012-3961", "CVE-2010-3766", "CVE-2012-3971", "CVE-2008-5052", "CVE-2011-0055", "CVE-2009-1828", "CVE-2011-0072"], "description": "### Background\n\nMozilla Firefox is an open-source web browser and Mozilla Thunderbird an open-source email client, both from the Mozilla Project. The SeaMonkey project is a community effort to deliver production-quality releases of code derived from the application formerly known as the \u2018Mozilla Application Suite\u2019. XULRunner is a Mozilla runtime package that can be used to bootstrap XUL+XPCOM applications such as Firefox and Thunderbird. NSS is Mozilla\u2019s Network Security Services library that implements PKI support. IceCat is the GNU version of Firefox. \n\n### Description\n\nMultiple vulnerabilities have been discovered in Mozilla Firefox, Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could entice a user to view a specially crafted web page or email, possibly resulting in execution of arbitrary code or a Denial of Service condition. Furthermore, a remote attacker may be able to perform Man-in-the-Middle attacks, obtain sensitive information, bypass restrictions and protection mechanisms, force file downloads, conduct XML injection attacks, conduct XSS attacks, bypass the Same Origin Policy, spoof URL\u2019s for phishing attacks, trigger a vertical scroll, spoof the location bar, spoof an SSL indicator, modify the browser\u2019s font, conduct clickjacking attacks, or have other unspecified impact. \n\nA local attacker could gain escalated privileges, obtain sensitive information, or replace an arbitrary downloaded file. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Mozilla Firefox users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/firefox-10.0.11\"\n \n\nAll users of the Mozilla Firefox binary package should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/firefox-bin-10.0.11\"\n \n\nAll Mozilla Thunderbird users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=mail-client/thunderbird-10.0.11\"\n \n\nAll users of the Mozilla Thunderbird binary package should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=mail-client/thunderbird-bin-10.0.11\"\n \n\nAll Mozilla SeaMonkey users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/seamonkey-2.14-r1\"\n \n\nAll users of the Mozilla SeaMonkey binary package should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/seamonkey-bin-2.14\"\n \n\nAll NSS users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-libs/nss-3.14\"\n \n\nThe \u201cwww-client/mozilla-firefox\u201d package has been merged into the \u201cwww-client/firefox\u201d package. To upgrade, please unmerge \u201cwww-client/mozilla-firefox\u201d and then emerge the latest \u201cwww-client/firefox\u201d package: \n \n \n # emerge --sync\n # emerge --unmerge \"www-client/mozilla-firefox\"\n # emerge --ask --oneshot --verbose \">=www-client/firefox-10.0.11\"\n \n\nThe \u201cwww-client/mozilla-firefox-bin\u201d package has been merged into the \u201cwww-client/firefox-bin\u201d package. To upgrade, please unmerge \u201cwww-client/mozilla-firefox-bin\u201d and then emerge the latest \u201cwww-client/firefox-bin\u201d package: \n \n \n # emerge --sync\n # emerge --unmerge \"www-client/mozilla-firefox-bin\"\n # emerge --ask --oneshot --verbose \">=www-client/firefox-bin-10.0.11\"\n \n\nThe \u201cmail-client/mozilla-thunderbird\u201d package has been merged into the \u201cmail-client/thunderbird\u201d package. To upgrade, please unmerge \u201cmail-client/mozilla-thunderbird\u201d and then emerge the latest \u201cmail-client/thunderbird\u201d package: \n \n \n # emerge --sync\n # emerge --unmerge \"mail-client/mozilla-thunderbird\"\n # emerge --ask --oneshot --verbose \">=mail-client/thunderbird-10.0.11\"\n \n\nThe \u201cmail-client/mozilla-thunderbird-bin\u201d package has been merged into the \u201cmail-client/thunderbird-bin\u201d package. To upgrade, please unmerge \u201cmail-client/mozilla-thunderbird-bin\u201d and then emerge the latest \u201cmail-client/thunderbird-bin\u201d package: \n \n \n # emerge --sync\n # emerge --unmerge \"mail-client/mozilla-thunderbird-bin\"\n # emerge --ask --oneshot --verbose\n \">=mail-client/thunderbird-bin-10.0.11\"\n \n\nGentoo discontinued support for GNU IceCat. We recommend that users unmerge GNU IceCat: \n \n \n # emerge --unmerge \"www-client/icecat\"\n \n\nGentoo discontinued support for XULRunner. We recommend that users unmerge XULRunner: \n \n \n # emerge --unmerge \"net-libs/xulrunner\"\n \n\nGentoo discontinued support for the XULRunner binary package. We recommend that users unmerge XULRunner: \n \n \n # emerge --unmerge \"net-libs/xulrunner-bin\"", "edition": 1, "modified": "2013-01-08T00:00:00", "published": "2013-01-08T00:00:00", "id": "GLSA-201301-01", "href": "https://security.gentoo.org/glsa/201301-01", "type": "gentoo", "title": "Mozilla Products: Multiple vulnerabilities", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
