ID SECURITYVULNS:DOC:27075 Type securityvulns Reporter Securityvulns Modified 2011-10-01T00:00:00
Description
Mozilla Foundation Security Advisory 2011-39
Title: Defense against multiple Location headers due to CRLF Injection
Impact: Moderate
Announced: September 27, 2011
Reporter: Ian Graham
Products: Firefox, Thunderbird, SeaMonkey
Ian Graham of Citrix Online reported that when multiple Location headers were present in a redirect response Mozilla behavior differed from other browsers: Mozilla would use the second Location header while Chrome and Internet Explorer would use the first. Two copies of this header with different values could be a symptom of a CRLF injection attack against a vulnerable server. Most commonly it is the Location header itself that is vulnerable to the response splitting and therefore the copy preferred by Mozilla is more likely to be the malicious one. It is possible, however, that the first copy was the injected one depending on the nature of the server vulnerability.
The Mozilla browser engine has been changed to treat two copies of this header with different values as an error condition. The same has been done with the headers Content-Length and Content-Disposition
{"id": "SECURITYVULNS:DOC:27075", "bulletinFamily": "software", "title": "Mozilla Foundation Security Advisory 2011-39", "description": "Mozilla Foundation Security Advisory 2011-39\r\n\r\nTitle: Defense against multiple Location headers due to CRLF Injection\r\nImpact: Moderate\r\nAnnounced: September 27, 2011\r\nReporter: Ian Graham\r\nProducts: Firefox, Thunderbird, SeaMonkey\r\n\r\nFixed in: Firefox 7.0\r\n Firefox 3.6.23\r\n Thunderbird 7.0\r\n SeaMonkey 2.4\r\nDescription\r\n\r\nIan Graham of Citrix Online reported that when multiple Location headers were present in a redirect response Mozilla behavior differed from other browsers: Mozilla would use the second Location header while Chrome and Internet Explorer would use the first. Two copies of this header with different values could be a symptom of a CRLF injection attack against a vulnerable server. Most commonly it is the Location header itself that is vulnerable to the response splitting and therefore the copy preferred by Mozilla is more likely to be the malicious one. It is possible, however, that the first copy was the injected one depending on the nature of the server vulnerability.\r\n\r\nThe Mozilla browser engine has been changed to treat two copies of this header with different values as an error condition. The same has been done with the headers Content-Length and Content-Disposition\r\n\r\nReferences\r\n\r\nhttps://bugzilla.mozilla.org/show_bug.cgi?id=655389\r\nCVE-2011-3000", "published": "2011-10-01T00:00:00", "modified": "2011-10-01T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:27075", "reporter": "Securityvulns", "references": [], "cvelist": ["CVE-2011-3000"], "type": "securityvulns", "lastseen": "2018-08-31T11:10:42", "edition": 1, "viewCount": 3, "enchantments": {"score": {"value": 7.3, "vector": "NONE", "modified": "2018-08-31T11:10:42", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2011-3000"]}, {"type": "openvas", "idList": ["OPENVAS:881410", "OPENVAS:1361412562310870657", "OPENVAS:1361412562310840754", "OPENVAS:802169", "OPENVAS:1361412562310802180", "OPENVAS:1361412562310122081", "OPENVAS:881014", "OPENVAS:70401", "OPENVAS:802180", "OPENVAS:1361412562310802169"]}, {"type": "nessus", "idList": ["REDHAT-RHSA-2011-1342.NASL", "SUSE_11_3_MOZILLAFIREFOX-110928.NASL", "SL_20110928_FIREFOX_ON_SL4_X.NASL", "CENTOS_RHSA-2011-1341.NASL", "DEBIAN_DSA-2312.NASL", "SUSE_11_MOZILLAFIREFOX-111004.NASL", "SUSE_MOZILLAFIREFOX-7784.NASL", "REDHAT-RHSA-2011-1341.NASL", "SL_20110928_THUNDERBIRD_ON_SL6_X.NASL", "SUSE_11_4_MOZILLA-JS192-110928.NASL"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2011:1079-1", "OPENSUSE-SU-2011:1076-1", "SUSE-SU-2011:1256-1", "OPENSUSE-SU-2011:1077-1", "SUSE-SU-2011:1096-1", "OPENSUSE-SU-2011:1076-2"]}, {"type": "redhat", "idList": ["RHSA-2011:1341", "RHSA-2011:1342"]}, {"type": "oraclelinux", "idList": ["ELSA-2011-1341", "ELSA-2011-1342"]}, {"type": "centos", "idList": ["CESA-2011:1341"]}, {"type": "debian", "idList": ["DEBIAN:BSA-048:B326D", "DEBIAN:DSA-2317-1:67E15", "DEBIAN:DSA-2313-1:C48B7", "DEBIAN:DSA-2312-1:AAD88"]}, {"type": "ubuntu", "idList": ["USN-1213-1", "USN-1210-1", "USN-1222-2", "USN-1222-1"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:11929"]}, {"type": "freebsd", "idList": ["1FADE8A3-E9E8-11E0-9580-4061862B8C22"]}], "modified": "2018-08-31T11:10:42", "rev": 2}, "vulnersScore": 7.3}, "affectedSoftware": []}
{"cve": [{"lastseen": "2020-12-09T19:39:09", "description": "Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not properly handle HTTP responses that contain multiple Location, Content-Length, or Content-Disposition headers, which makes it easier for remote attackers to conduct HTTP response splitting attacks via crafted header values.", "edition": 5, "cvss3": {}, "published": "2011-09-29T00:55:00", "title": "CVE-2011-3000", "type": "cve", "cwe": ["CWE-94"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-3000"], "modified": "2017-09-19T01:33:00", "cpe": ["cpe:/a:mozilla:thunderbird:2.0.0.11", "cpe:/a:mozilla:seamonkey:1.0.8", "cpe:/a:mozilla:thunderbird:1.5.0.10", "cpe:/a:mozilla:thunderbird:2.0_.13", "cpe:/a:mozilla:thunderbird:3.0.6", "cpe:/a:mozilla:thunderbird:2.0_.14", "cpe:/a:mozilla:thunderbird:3.0.2", "cpe:/a:mozilla:seamonkey:2.0.6", "cpe:/a:mozilla:thunderbird:1.5.0.3", "cpe:/a:mozilla:seamonkey:1.0.99", "cpe:/a:mozilla:seamonkey:2.0", "cpe:/a:mozilla:thunderbird:2.0.0.9", "cpe:/a:mozilla:seamonkey:2.0.7", "cpe:/a:mozilla:firefox:3.6.20", "cpe:/a:mozilla:thunderbird:0.7", "cpe:/a:mozilla:thunderbird:3.1.11", "cpe:/a:mozilla:thunderbird:3.0", "cpe:/a:mozilla:seamonkey:1.1.17", "cpe:/a:mozilla:seamonkey:1.0.2", "cpe:/a:mozilla:seamonkey:1.1.2", "cpe:/a:mozilla:seamonkey:1.5.0.10", "cpe:/a:mozilla:seamonkey:1.1.18", "cpe:/a:mozilla:thunderbird:2.0.0.21", "cpe:/a:mozilla:seamonkey:2.0.3", "cpe:/a:mozilla:seamonkey:1.0", "cpe:/a:mozilla:firefox:4.0.1", "cpe:/a:mozilla:seamonkey:1.5.0.9", "cpe:/a:mozilla:thunderbird:1.0.8", "cpe:/a:mozilla:seamonkey:2.0.11", "cpe:/a:mozilla:thunderbird:3.1.6", "cpe:/a:mozilla:firefox:3.6.12", "cpe:/a:mozilla:firefox:3.6.7", "cpe:/a:mozilla:firefox:3.6.2", "cpe:/a:mozilla:thunderbird:3.0.7", "cpe:/a:mozilla:firefox:3.6.17", "cpe:/a:mozilla:seamonkey:1.0.9", "cpe:/a:mozilla:firefox:3.6.4", "cpe:/a:mozilla:thunderbird:1.0.4", "cpe:/a:mozilla:firefox:3.6.19", "cpe:/a:mozilla:thunderbird:2.0.0.22", "cpe:/a:mozilla:thunderbird:2.0.0.12", "cpe:/a:mozilla:thunderbird:1.5.0.2", "cpe:/a:mozilla:thunderbird:1.7.1", "cpe:/a:mozilla:thunderbird:1.5.0.9", "cpe:/a:mozilla:seamonkey:1.1.15", "cpe:/a:mozilla:thunderbird:1.5.0.4", "cpe:/a:mozilla:thunderbird:3.0.10", "cpe:/a:mozilla:thunderbird:3.1", "cpe:/a:mozilla:seamonkey:1.1.9", "cpe:/a:mozilla:thunderbird:1.5.0.6", "cpe:/a:mozilla:thunderbird:1.0", "cpe:/a:mozilla:thunderbird:1.0.1", "cpe:/a:mozilla:seamonkey:1.1.10", "cpe:/a:mozilla:seamonkey:1.1.12", "cpe:/a:mozilla:thunderbird:1.5.2", "cpe:/a:mozilla:firefox:3.6", "cpe:/a:mozilla:thunderbird:3.1.3", "cpe:/a:mozilla:firefox:4.0", "cpe:/a:mozilla:thunderbird:1.5.0.1", "cpe:/a:mozilla:thunderbird:6.0.2", "cpe:/a:mozilla:seamonkey:2.0.8", "cpe:/a:mozilla:seamonkey:1.1.6", "cpe:/a:mozilla:thunderbird:3.0.3", "cpe:/a:mozilla:thunderbird:0.4", "cpe:/a:mozilla:thunderbird:2.0.0.23", "cpe:/a:mozilla:thunderbird:2.0_.12", "cpe:/a:mozilla:seamonkey:1.1.5", "cpe:/a:mozilla:thunderbird:0.7.2", "cpe:/a:mozilla:firefox:3.6.8", "cpe:/a:mozilla:seamonkey:1.1.4", "cpe:/a:mozilla:thunderbird:2.0.0.19", "cpe:/a:mozilla:thunderbird:3.0.8", "cpe:/a:mozilla:thunderbird:0.6", "cpe:/a:mozilla:seamonkey:2.0.4", "cpe:/a:mozilla:firefox:3.6.3", "cpe:/a:mozilla:thunderbird:2.0.0.7", "cpe:/a:mozilla:thunderbird:3.1.1", "cpe:/a:mozilla:firefox:3.6.9", "cpe:/a:mozilla:thunderbird:3.1.2", "cpe:/a:mozilla:thunderbird:2.0.0.2", "cpe:/a:mozilla:seamonkey:2.0.14", "cpe:/a:mozilla:thunderbird:1.5.0.13", "cpe:/a:mozilla:thunderbird:0.8", "cpe:/a:mozilla:thunderbird:2.0.0.5", "cpe:/a:mozilla:seamonkey:1.0.6", "cpe:/a:mozilla:seamonkey:2.3.3", "cpe:/a:mozilla:thunderbird:2.0.0.13", "cpe:/a:mozilla:seamonkey:2.0.2", "cpe:/a:mozilla:thunderbird:2.0.0.20", "cpe:/a:mozilla:seamonkey:1.0.4", "cpe:/a:mozilla:seamonkey:2.0.13", "cpe:/a:mozilla:seamonkey:1.0.5", "cpe:/a:mozilla:thunderbird:0.7.1", "cpe:/a:mozilla:firefox:3.6.22", "cpe:/a:mozilla:thunderbird:1.5.0.12", "cpe:/a:mozilla:seamonkey:1.0.7", "cpe:/a:mozilla:thunderbird:2.0.0.3", "cpe:/a:mozilla:seamonkey:1.1.11", "cpe:/a:mozilla:firefox:3.6.16", "cpe:/a:mozilla:seamonkey:1.1.3", "cpe:/a:mozilla:thunderbird:3.0.4", "cpe:/a:mozilla:thunderbird:0.7.3", "cpe:/a:mozilla:thunderbird:2.0_.4", "cpe:/a:mozilla:thunderbird:1.0.5", "cpe:/a:mozilla:thunderbird:1.0.6", "cpe:/a:mozilla:thunderbird:1.5.0.8", "cpe:/a:mozilla:thunderbird:2.0", "cpe:/a:mozilla:thunderbird:2.0.0.1", "cpe:/a:mozilla:seamonkey:1.1.1", "cpe:/a:mozilla:seamonkey:1.1.7", "cpe:/a:mozilla:thunderbird:1.5.0.14", "cpe:/a:mozilla:thunderbird:2.0.0.4", "cpe:/a:mozilla:thunderbird:1.5", "cpe:/a:mozilla:firefox:6.0", "cpe:/a:mozilla:seamonkey:2.0.9", "cpe:/a:mozilla:firefox:3.6.21", "cpe:/a:mozilla:thunderbird:3.1.5", "cpe:/a:mozilla:seamonkey:2.0.5", "cpe:/a:mozilla:seamonkey:2.0.12", "cpe:/a:mozilla:seamonkey:1.5.0.8", "cpe:/a:mozilla:firefox:5.0", "cpe:/a:mozilla:thunderbird:2.0.0.0", "cpe:/a:mozilla:thunderbird:3.0.5", "cpe:/a:mozilla:seamonkey:2.0a1pre", "cpe:/a:mozilla:seamonkey:1.1.14", "cpe:/a:mozilla:thunderbird:3.1.8", "cpe:/a:mozilla:seamonkey:1.1.16", "cpe:/a:mozilla:firefox:3.6.15", "cpe:/a:mozilla:thunderbird:3.1.4", "cpe:/a:mozilla:thunderbird:2.0.0.17", "cpe:/a:mozilla:seamonkey:2.0a1", "cpe:/a:mozilla:thunderbird:1.0.2", "cpe:/a:mozilla:thunderbird:2.0_8", "cpe:/a:mozilla:thunderbird:2.0_.6", "cpe:/a:mozilla:thunderbird:5.0", "cpe:/a:mozilla:thunderbird:3.1.10", "cpe:/a:mozilla:thunderbird:0.5", "cpe:/a:mozilla:firefox:3.6.11", "cpe:/a:mozilla:thunderbird:3.0.9", "cpe:/a:mozilla:seamonkey:1.0.1", "cpe:/a:mozilla:firefox:3.6.13", "cpe:/a:mozilla:thunderbird:3.0.1", "cpe:/a:mozilla:seamonkey:1.0.3", "cpe:/a:mozilla:thunderbird:1.5.1", "cpe:/a:mozilla:seamonkey:2.0.10", "cpe:/a:mozilla:firefox:3.6.10", "cpe:/a:mozilla:seamonkey:1.1", "cpe:/a:mozilla:thunderbird:1.0.7", "cpe:/a:mozilla:thunderbird:3.0.11", "cpe:/a:mozilla:thunderbird:3.1.9", "cpe:/a:mozilla:thunderbird:0.2", "cpe:/a:mozilla:thunderbird:1.5.0.5", "cpe:/a:mozilla:firefox:3.6.6", "cpe:/a:mozilla:seamonkey:1.1.19", "cpe:/a:mozilla:thunderbird:2.0.0.16", "cpe:/a:mozilla:thunderbird:3.1.7", "cpe:/a:mozilla:thunderbird:1.5.0.11", "cpe:/a:mozilla:thunderbird:0.1", "cpe:/a:mozilla:thunderbird:2.0.0.14", "cpe:/a:mozilla:thunderbird:1.5.0.7", "cpe:/a:mozilla:seamonkey:2.0.1", "cpe:/a:mozilla:thunderbird:2.0_.5", "cpe:/a:mozilla:thunderbird:0.9", "cpe:/a:mozilla:thunderbird:2.0.0.15", "cpe:/a:mozilla:thunderbird:2.0.0.8", "cpe:/a:mozilla:thunderbird:1.7.3", "cpe:/a:mozilla:thunderbird:2.0_.9", "cpe:/a:mozilla:firefox:3.6.14", "cpe:/a:mozilla:thunderbird:1.0.3", "cpe:/a:mozilla:thunderbird:2.0.0.18", "cpe:/a:mozilla:seamonkey:1.1.8", "cpe:/a:mozilla:thunderbird:0.3", "cpe:/a:mozilla:thunderbird:2.0.0.6", "cpe:/a:mozilla:firefox:3.6.18", "cpe:/a:mozilla:seamonkey:2.1", "cpe:/a:mozilla:seamonkey:1.1.13"], "id": "CVE-2011-3000", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3000", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:mozilla:seamonkey:1.1.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:1.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:2.0_.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:beta_2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.15:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:1.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:2.0.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:beta_1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:1.5:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:2.0_.14:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:1.5.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0:*:beta:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.99:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:2.0.0.23:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:2.0.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta7:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:2.0.0.19:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.1.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:2.0_.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.17:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.1.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:1.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:1.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.20:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.1:alpha1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.17:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:2.0.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:1.5.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.14:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.1.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:alpha_3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:0.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:2.0.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:2.0.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1:beta:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.1:alpha3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.5.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:2.0.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.5:1.1.10:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:1.0.5:beta:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:6.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:2.0.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:2.0_.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:1.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:1.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.18:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.15:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.16:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1:alpha:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:1.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.12:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.19:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:2.0.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.18:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0:*:alpha:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:1.5.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:2.0.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0:*:dev:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta6:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.14:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0:beta:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.19:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:0.7.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.16:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:2.0.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:1.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:5.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:2.0.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:0.7.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:2.0.0.17:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.5.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.11:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta10:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.11:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.21:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.1.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta5:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:2.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.22:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:1.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.1.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.1.11:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0a1:*:pre:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:2.0.0.21:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta12:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:2.0.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta8:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:1.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:2.0.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:1.7.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.1:alpha2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0:alpha:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:2.0.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:1.5.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:2.0.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:1.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta4:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:2.0_.13:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta9:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:1.5.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:alpha_1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:1.5.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:alpha_2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:2.0.0.20:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:2.0.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:1.5.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta11:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.5.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:2.0.0.18:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:1.5.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:2.0.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.13:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:2.0_.12:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:1.5.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:1.5.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:1.5.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:1.5.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.12:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:5.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:1.5.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:2.0_8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:1.5.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.13:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:1.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0a1pre:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:2.0_.6:*:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2019-07-19T22:17:15", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2995", "CVE-2011-2372", "CVE-2011-3000"], "description": "The host is installed with Mozilla firefox/thunderbird/seamonkey\n and is prone to multiple vulnerabilities.", "modified": "2019-07-17T00:00:00", "published": "2011-10-04T00:00:00", "id": "OPENVAS:1361412562310802169", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310802169", "type": "openvas", "title": "Mozilla Products Multiple Vulnerabilities - Oct 2011 (Windows)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mozilla Products Multiple Vulnerabilities - Oct 2011 (Windows)\n#\n# Authors:\n# Madhuri D <dmadhuri@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.802169\");\n script_version(\"2019-07-17T11:14:11+0000\");\n script_tag(name:\"last_modification\", value:\"2019-07-17 11:14:11 +0000 (Wed, 17 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2011-10-04 16:55:13 +0200 (Tue, 04 Oct 2011)\");\n script_cve_id(\"CVE-2011-2372\", \"CVE-2011-2995\", \"CVE-2011-3000\");\n script_bugtraq_id(49811, 49810, 49849);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Mozilla Products Multiple Vulnerabilities - Oct 2011 (Windows)\");\n\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/46171/\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2011/mfsa2011-40.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2011/mfsa2011-36.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2011/mfsa2011-39.html\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_firefox_detect_portable_win.nasl\",\n \"gb_seamonkey_detect_win.nasl\",\n \"gb_thunderbird_detect_portable_win.nasl\");\n script_mandatory_keys(\"Mozilla/Firefox_or_Seamonkey_or_Thunderbird/Installed\");\n script_tag(name:\"impact\", value:\"Successful exploitation will let attackers to bypass intended access\n restrictions via a crafted web site and cause a denial of service\n (memory corruption and application crash) or possibly execute arbitrary\n code via unknown vectors.\");\n script_tag(name:\"affected\", value:\"SeaMonkey version prior to 2.4\n Thunderbird version prior to 7.0\n Mozilla Firefox version prior to 3.6.23 and 4.x through 6\");\n script_tag(name:\"insight\", value:\"The flaws are due to\n\n - A malicious application or extension could be downloaded and executed if a\n user is convinced into holding down the 'Enter' key via e.g. a malicious\n game.\n\n - Some unspecified errors can be exploited to corrupt memory.\n\n - Error while handling HTTP responses that contain multiple Location,\n Content-Length, or Content-Disposition headers, which allows remote\n attackers to conduct HTTP response splitting attacks via crafted header\n values.\");\n script_tag(name:\"summary\", value:\"The host is installed with Mozilla firefox/thunderbird/seamonkey\n and is prone to multiple vulnerabilities.\");\n script_tag(name:\"solution\", value:\"Upgrade to Mozilla Firefox version 3.6.23 or 7 later, Upgrade to SeaMonkey version to 2.4 or later,\n Upgrade to Thunderbird version to 7.0 or later.\");\n\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/en-US/thunderbird/\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/projects/seamonkey/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\n\nffVer = get_kb_item(\"Firefox/Win/Ver\");\nif(ffVer)\n{\n if(version_is_less(version:ffVer, test_version:\"3.6.23\") ||\n version_in_range(version:ffVer, test_version:\"4.0\", test_version2:\"6.0\")){\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n }\n}\n\nseaVer = get_kb_item(\"Seamonkey/Win/Ver\");\nif(seaVer)\n{\n if(version_is_less(version:seaVer, test_version:\"2.4\"))\n {\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n }\n}\n\ntbVer = get_kb_item(\"Thunderbird/Win/Ver\");\nif(tbVer != NULL)\n{\n if(version_is_less(version:tbVer, test_version:\"7.0\")){\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-09-04T14:19:36", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2995", "CVE-2011-2372", "CVE-2011-3000"], "description": "The host is installed with Mozilla firefox/thunderbird/seamonkey\n and is prone to multiple vulnerabilities.", "modified": "2017-08-31T00:00:00", "published": "2011-10-14T00:00:00", "id": "OPENVAS:802180", "href": "http://plugins.openvas.org/nasl.php?oid=802180", "type": "openvas", "title": "Mozilla Products Multiple Vulnerabilities - Oct 2011 (MAC OS X)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_mozilla_prdts_mult_vuln_macosx_oct11.nasl 7029 2017-08-31 11:51:40Z teissa $\n#\n# Mozilla Products Multiple Vulnerabilities - Oct 2011 (MAC OS X)\n#\n# Authors:\n# Madhuri D <dmadhuri@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_solution = \"Upgrade to Mozilla Firefox version 3.6.23 or 7 later,\n For updates refer to http://www.mozilla.com/en-US/firefox/all.html\n\n Upgrade to SeaMonkey version to 2.4 or later\n http://www.mozilla.org/projects/seamonkey/\n\n Upgrade to Thunderbird version to 7.0 or later\n http://www.mozilla.org/en-US/thunderbird/\";\n\ntag_impact = \"Successful exploitation will let attackers to bypass intended access\n restrictions via a crafted web site and cause a denial of service\n (memory corruption and application crash) or possibly execute arbitrary\n code via unknown vectors.\n Impact Level: System/Application\";\ntag_affected = \"SeaMonkey version prior to 2.4\n Thunderbird version prior to 7.0\n Mozilla Firefox version prior to 3.6.23 and 4.x through 6\";\ntag_insight = \"The flaws are due to\n - A malicious application or extension could be downloaded and executed if a\n user is convinced into holding down the 'Enter' key via e.g. a malicious\n game.\n - Some unspecified errors can be exploited to corrupt memory.\n - Error while handling HTTP responses that contain multiple Location,\n Content-Length, or Content-Disposition headers, which allows remote\n attackers to conduct HTTP response splitting attacks via crafted header\n values.\";\ntag_summary = \"The host is installed with Mozilla firefox/thunderbird/seamonkey\n and is prone to multiple vulnerabilities.\";\n\nif(description)\n{\n script_id(802180);\n script_version(\"$Revision: 7029 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-08-31 13:51:40 +0200 (Thu, 31 Aug 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-10-14 14:22:41 +0200 (Fri, 14 Oct 2011)\");\n script_cve_id(\"CVE-2011-2372\", \"CVE-2011-2995\", \"CVE-2011-3000\");\n script_bugtraq_id(49811, 49810, 49849);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Mozilla Products Multiple Vulnerabilities - Oct 2011 (MAC OS X)\");\n\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/46171/\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2011/mfsa2011-40.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2011/mfsa2011-36.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2011/mfsa2011-39.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_mozilla_prdts_detect_macosx.nasl\");\n script_mandatory_keys(\"Mozilla/Firefox_or_Seamonkey_or_Thunderbird/Mac/Installed\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\n# Firefox Check\nffVer = get_kb_item(\"Mozilla/Firefox/MacOSX/Version\");\nif(ffVer)\n{\n # Grep for Firefox version\n if(version_is_less(version:ffVer, test_version:\"3.6.23\")||\n version_in_range(version:ffVer, test_version:\"4.0\", test_version2:\"6.0\"))\n {\n security_message(0);\n exit(0);\n }\n}\n\n# SeaMonkey Check\nseaVer = get_kb_item(\"SeaMonkey/MacOSX/Version\");\nif(seaVer)\n{\n # Grep for SeaMonkey version\n if(version_is_less(version:seaVer, test_version:\"2.4\"))\n {\n security_message(0);\n exit(0);\n }\n}\n\n# Thunderbird Check\ntbVer = get_kb_item(\"ThunderBird/MacOSX/Version\");\nif(tbVer != NULL)\n{\n # Grep for Thunderbird version\n if(version_is_less(version:tbVer, test_version:\"7.0\")){\n security_message(0);\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-09-04T14:19:34", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2995", "CVE-2011-2372", "CVE-2011-3000"], "description": "The host is installed with Mozilla firefox/thunderbird/seamonkey\n and is prone to multiple vulnerabilities.", "modified": "2017-08-29T00:00:00", "published": "2011-10-04T00:00:00", "id": "OPENVAS:802169", "href": "http://plugins.openvas.org/nasl.php?oid=802169", "type": "openvas", "title": "Mozilla Products Multiple Vulnerabilities - Oct 2011 (Windows)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_mozilla_prdts_mult_vuln_win_oct11.nasl 7019 2017-08-29 11:51:27Z teissa $\n#\n# Mozilla Products Multiple Vulnerabilities - Oct 2011 (Windows)\n#\n# Authors:\n# Madhuri D <dmadhuri@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_solution = \"Upgrade to Mozilla Firefox version 3.6.23 or 7 later,\n For updates refer to http://www.mozilla.com/en-US/firefox/all.html\n\n Upgrade to SeaMonkey version to 2.4 or later\n http://www.mozilla.org/projects/seamonkey/\n\n Upgrade to Thunderbird version to 7.0 or later\n http://www.mozilla.org/en-US/thunderbird/\";\n\ntag_impact = \"Successful exploitation will let attackers to bypass intended access\n restrictions via a crafted web site and cause a denial of service\n (memory corruption and application crash) or possibly execute arbitrary\n code via unknown vectors.\n Impact Level: System/Application\";\ntag_affected = \"SeaMonkey version prior to 2.4\n Thunderbird version prior to 7.0\n Mozilla Firefox version prior to 3.6.23 and 4.x through 6\";\ntag_insight = \"The flaws are due to\n - A malicious application or extension could be downloaded and executed if a\n user is convinced into holding down the 'Enter' key via e.g. a malicious\n game.\n - Some unspecified errors can be exploited to corrupt memory.\n - Error while handling HTTP responses that contain multiple Location,\n Content-Length, or Content-Disposition headers, which allows remote\n attackers to conduct HTTP response splitting attacks via crafted header\n values.\";\ntag_summary = \"The host is installed with Mozilla firefox/thunderbird/seamonkey\n and is prone to multiple vulnerabilities.\";\n\nif(description)\n{\n script_id(802169);\n script_version(\"$Revision: 7019 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-08-29 13:51:27 +0200 (Tue, 29 Aug 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-10-04 16:55:13 +0200 (Tue, 04 Oct 2011)\");\n script_cve_id(\"CVE-2011-2372\", \"CVE-2011-2995\", \"CVE-2011-3000\");\n script_bugtraq_id(49811, 49810, 49849);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Mozilla Products Multiple Vulnerabilities - Oct 2011 (Windows)\");\n\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/46171/\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2011/mfsa2011-40.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2011/mfsa2011-36.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2011/mfsa2011-39.html\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_firefox_detect_win.nasl\",\n \"gb_seamonkey_detect_win.nasl\",\n \"gb_thunderbird_detect_win.nasl\");\n script_mandatory_keys(\"Mozilla/Firefox_or_Seamonkey_or_Thunderbird/Installed\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"solution\" , value : tag_solution);\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\n# Firefox Check\nffVer = get_kb_item(\"Firefox/Win/Ver\");\nif(ffVer)\n{\n # Grep for Firefox version\n if(version_is_less(version:ffVer, test_version:\"3.6.23\") ||\n version_in_range(version:ffVer, test_version:\"4.0\", test_version2:\"6.0\")){\n security_message(0);\n exit(0);\n }\n}\n\n# SeaMonkey Check\nseaVer = get_kb_item(\"Seamonkey/Win/Ver\");\nif(seaVer)\n{\n # Grep for SeaMonkey version\n if(version_is_less(version:seaVer, test_version:\"2.4\"))\n {\n security_message(0);\n exit(0);\n }\n}\n\n# Thunderbird Check\ntbVer = get_kb_item(\"Thunderbird/Win/Ver\");\nif(tbVer != NULL)\n{\n # Grep for Thunderbird version\n if(version_is_less(version:tbVer, test_version:\"7.0\")){\n security_message(0);\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-07-19T22:16:55", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2995", "CVE-2011-2372", "CVE-2011-3000"], "description": "The host is installed with Mozilla firefox/thunderbird/seamonkey\n and is prone to multiple vulnerabilities.", "modified": "2019-07-17T00:00:00", "published": "2011-10-14T00:00:00", "id": "OPENVAS:1361412562310802180", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310802180", "type": "openvas", "title": "Mozilla Products Multiple Vulnerabilities - Oct 2011 (MAC OS X)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mozilla Products Multiple Vulnerabilities - Oct 2011 (MAC OS X)\n#\n# Authors:\n# Madhuri D <dmadhuri@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.802180\");\n script_version(\"2019-07-17T11:14:11+0000\");\n script_tag(name:\"last_modification\", value:\"2019-07-17 11:14:11 +0000 (Wed, 17 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2011-10-14 14:22:41 +0200 (Fri, 14 Oct 2011)\");\n script_cve_id(\"CVE-2011-2372\", \"CVE-2011-2995\", \"CVE-2011-3000\");\n script_bugtraq_id(49811, 49810, 49849);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Mozilla Products Multiple Vulnerabilities - Oct 2011 (MAC OS X)\");\n\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/46171/\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2011/mfsa2011-40.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2011/mfsa2011-36.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2011/mfsa2011-39.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_mozilla_prdts_detect_macosx.nasl\");\n script_mandatory_keys(\"Mozilla/Firefox_or_Seamonkey_or_Thunderbird/Mac/Installed\");\n script_tag(name:\"impact\", value:\"Successful exploitation will let attackers to bypass intended access\n restrictions via a crafted web site and cause a denial of service\n (memory corruption and application crash) or possibly execute arbitrary\n code via unknown vectors.\");\n script_tag(name:\"affected\", value:\"SeaMonkey version prior to 2.4\n Thunderbird version prior to 7.0\n Mozilla Firefox version prior to 3.6.23 and 4.x through 6\");\n script_tag(name:\"insight\", value:\"The flaws are due to\n\n - A malicious application or extension could be downloaded and executed if a\n user is convinced into holding down the 'Enter' key via e.g. a malicious\n game.\n\n - Some unspecified errors can be exploited to corrupt memory.\n\n - Error while handling HTTP responses that contain multiple Location,\n Content-Length, or Content-Disposition headers, which allows remote\n attackers to conduct HTTP response splitting attacks via crafted header\n values.\");\n script_tag(name:\"summary\", value:\"The host is installed with Mozilla firefox/thunderbird/seamonkey\n and is prone to multiple vulnerabilities.\");\n script_tag(name:\"solution\", value:\"Upgrade to Mozilla Firefox version 3.6.23 or 7 later, Upgrade to SeaMonkey version to 2.4 or later,\n Upgrade to Thunderbird version to 7.0 or later.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/en-US/thunderbird/\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/projects/seamonkey/\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\nffVer = get_kb_item(\"Mozilla/Firefox/MacOSX/Version\");\nif(ffVer)\n{\n if(version_is_less(version:ffVer, test_version:\"3.6.23\")||\n version_in_range(version:ffVer, test_version:\"4.0\", test_version2:\"6.0\"))\n {\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n }\n}\n\nseaVer = get_kb_item(\"SeaMonkey/MacOSX/Version\");\nif(seaVer)\n{\n if(version_is_less(version:seaVer, test_version:\"2.4\"))\n {\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n }\n}\n\ntbVer = get_kb_item(\"Thunderbird/MacOSX/Version\");\nif(tbVer != NULL)\n{\n if(version_is_less(version:tbVer, test_version:\"7.0\")){\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-12-04T11:27:11", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2995", "CVE-2011-2372", "CVE-2011-2996", "CVE-2011-3000", "CVE-2011-2999"], "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1213-1", "modified": "2017-12-01T00:00:00", "published": "2011-09-30T00:00:00", "id": "OPENVAS:840754", "href": "http://plugins.openvas.org/nasl.php?oid=840754", "type": "openvas", "title": "Ubuntu Update for thunderbird USN-1213-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1213_1.nasl 7964 2017-12-01 07:32:11Z santu $\n#\n# Ubuntu Update for thunderbird USN-1213-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Benjamin Smedberg, Bob Clary, Jesse Ruderman, and Josh Aas discovered\n multiple memory vulnerabilities in the Gecko rendering engine. An\n attacker could use these to possibly execute arbitrary code with the\n privileges of the user invoking Thunderbird. (CVE-2011-2995, CVE-2011-2996)\n\n Boris Zbarsky discovered that a frame named "location" could shadow the\n window.location object unless a script in a page grabbed a reference to the\n true object before the frame was created. This is in violation of the Same\n Origin Policy. A malicious E-Mail could possibly use this to access the\n local file system. (CVE-2011-2999)\n \n Mark Kaplan discovered an integer underflow in the SpiderMonkey JavaScript\n engine. An attacker could potentially use this to crash Thunderbird.\n \n Ian Graham discovered that when multiple Location headers were present,\n Thunderbird would use the second one resulting in a possible CRLF injection\n attack. CRLF injection issues can result in a wide variety of attacks, such\n as XSS (Cross-Site Scripting) vulnerabilities, browser cache poisoning, and\n cookie theft. (CVE-2011-3000)\n \n Mariusz Mlynski discovered that if the user could be convinced to hold down\n the enter key, a malicious website or E-Mail could potential pop up a\n download dialog and the default open action would be selected. This would\n result in potentially malicious content being run with privileges of the\n user invoking Thunderbird. (CVE-2011-2372)\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1213-1\";\ntag_affected = \"thunderbird on Ubuntu 11.04 ,\n Ubuntu 10.10 ,\n Ubuntu 10.04 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1213-1/\");\n script_id(840754);\n script_version(\"$Revision: 7964 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 08:32:11 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-09-30 16:02:57 +0200 (Fri, 30 Sep 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"USN\", value: \"1213-1\");\n script_cve_id(\"CVE-2011-2995\", \"CVE-2011-2996\", \"CVE-2011-2999\", \"CVE-2011-3000\", \"CVE-2011-2372\");\n script_name(\"Ubuntu Update for thunderbird USN-1213-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU10.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"thunderbird\", ver:\"3.1.15+build1+nobinonly-0ubuntu0.10.10.1\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"thunderbird\", ver:\"3.1.15+build1+nobinonly-0ubuntu0.10.04.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"thunderbird\", ver:\"3.1.15+build1+nobinonly-0ubuntu0.11.04.1\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:39:53", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2995", "CVE-2011-2372", "CVE-2011-2996", "CVE-2011-3000", "CVE-2011-2999"], "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1213-1", "modified": "2019-03-13T00:00:00", "published": "2011-09-30T00:00:00", "id": "OPENVAS:1361412562310840754", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840754", "type": "openvas", "title": "Ubuntu Update for thunderbird USN-1213-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1213_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for thunderbird USN-1213-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1213-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.840754\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-09-30 16:02:57 +0200 (Fri, 30 Sep 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"USN\", value:\"1213-1\");\n script_cve_id(\"CVE-2011-2995\", \"CVE-2011-2996\", \"CVE-2011-2999\", \"CVE-2011-3000\", \"CVE-2011-2372\");\n script_name(\"Ubuntu Update for thunderbird USN-1213-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(10\\.10|10\\.04 LTS|11\\.04)\");\n script_tag(name:\"summary\", value:\"Ubuntu Update for Linux kernel vulnerabilities USN-1213-1\");\n script_tag(name:\"affected\", value:\"thunderbird on Ubuntu 11.04,\n Ubuntu 10.10,\n Ubuntu 10.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"Benjamin Smedberg, Bob Clary, Jesse Ruderman, and Josh Aas discovered\n multiple memory vulnerabilities in the Gecko rendering engine. An\n attacker could use these to possibly execute arbitrary code with the\n privileges of the user invoking Thunderbird. (CVE-2011-2995, CVE-2011-2996)\n\n Boris Zbarsky discovered that a frame named 'location' could shadow the\n window.location object unless a script in a page grabbed a reference to the\n true object before the frame was created. This is in violation of the Same\n Origin Policy. A malicious E-Mail could possibly use this to access the\n local file system. (CVE-2011-2999)\n\n Mark Kaplan discovered an integer underflow in the SpiderMonkey JavaScript\n engine. An attacker could potentially use this to crash Thunderbird.\n\n Ian Graham discovered that when multiple Location headers were present,\n Thunderbird would use the second one resulting in a possible CRLF injection\n attack. CRLF injection issues can result in a wide variety of attacks, such\n as XSS (Cross-Site Scripting) vulnerabilities, browser cache poisoning, and\n cookie theft. (CVE-2011-3000)\n\n Mariusz Mlynski discovered that if the user could be convinced to hold down\n the enter key, a malicious website or E-Mail could potential pop up a\n download dialog and the default open action would be selected. This would\n result in potentially malicious content being run with privileges of the\n user invoking Thunderbird. (CVE-2011-2372)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU10.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"thunderbird\", ver:\"3.1.15+build1+nobinonly-0ubuntu0.10.10.1\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"thunderbird\", ver:\"3.1.15+build1+nobinonly-0ubuntu0.10.04.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"thunderbird\", ver:\"3.1.15+build1+nobinonly-0ubuntu0.11.04.1\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:38:50", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2998", "CVE-2011-2995", "CVE-2011-2372", "CVE-2011-3000", "CVE-2011-2999"], "description": "The remote host is missing an update for the ", "modified": "2019-03-12T00:00:00", "published": "2012-07-09T00:00:00", "id": "OPENVAS:1361412562310870657", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870657", "type": "openvas", "title": "RedHat Update for thunderbird RHSA-2011:1342-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for thunderbird RHSA-2011:1342-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2011-September/msg00046.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870657\");\n script_version(\"$Revision: 14114 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-12 12:48:52 +0100 (Tue, 12 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-09 10:44:09 +0530 (Mon, 09 Jul 2012)\");\n script_cve_id(\"CVE-2011-2372\", \"CVE-2011-2995\", \"CVE-2011-2998\",\n \"CVE-2011-2999\", \"CVE-2011-3000\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"RHSA\", value:\"2011:1342-01\");\n script_name(\"RedHat Update for thunderbird RHSA-2011:1342-01\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'thunderbird'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_6\");\n script_tag(name:\"affected\", value:\"thunderbird on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"Mozilla Thunderbird is a standalone mail and newsgroup client.\n\n Several flaws were found in the processing of malformed HTML content. An\n HTML mail message containing malicious content could cause Thunderbird to\n crash or, potentially, execute arbitrary code with the privileges of the\n user running Thunderbird. (CVE-2011-2995)\n\n A flaw was found in the way Thunderbird processed the 'Enter' keypress\n event. A malicious HTML mail message could present a download dialog while\n the key is pressed, activating the default 'Open' action. A remote attacker\n could exploit this vulnerability by causing the mail client to open\n malicious web content. (CVE-2011-2372)\n\n A flaw was found in the way Thunderbird handled Location headers in\n redirect responses. Two copies of this header with different values could\n be a symptom of a CRLF injection attack against a vulnerable server.\n Thunderbird now treats two copies of the Location, Content-Length, or\n Content-Disposition header as an error condition. (CVE-2011-3000)\n\n A flaw was found in the way Thunderbird handled frame objects with certain\n names. An attacker could use this flaw to cause a plug-in to grant its\n content access to another site or the local file system, violating the\n same-origin policy. (CVE-2011-2999)\n\n An integer underflow flaw was found in the way Thunderbird handled large\n JavaScript regular expressions. An HTML mail message containing malicious\n JavaScript could cause Thunderbird to access already freed memory, causing\n Thunderbird to crash or, potentially, execute arbitrary code with the\n privileges of the user running Thunderbird. (CVE-2011-2998)\n\n All Thunderbird users should upgrade to this updated package, which\n resolves these issues. All running instances of Thunderbird must be\n restarted for the update to take effect.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"thunderbird\", rpm:\"thunderbird~3.1.15~1.el6_1\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"thunderbird-debuginfo\", rpm:\"thunderbird-debuginfo~3.1.15~1.el6_1\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:36:14", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2998", "CVE-2011-2995", "CVE-2011-2372", "CVE-2011-3000", "CVE-2011-2999"], "description": "Oracle Linux Local Security Checks ELSA-2011-1342", "modified": "2018-09-28T00:00:00", "published": "2015-10-06T00:00:00", "id": "OPENVAS:1361412562310122080", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122080", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2011-1342", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2011-1342.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122080\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:12:44 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2011-1342\");\n script_tag(name:\"insight\", value:\"ELSA-2011-1342 - thunderbird security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2011-1342\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2011-1342.html\");\n script_cve_id(\"CVE-2011-2372\", \"CVE-2011-2995\", \"CVE-2011-2998\", \"CVE-2011-2999\", \"CVE-2011-3000\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux6\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"thunderbird\", rpm:\"thunderbird~3.1.15~1.0.1.el6_1\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:39:59", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2998", "CVE-2011-2995", "CVE-2011-2372", "CVE-2011-3000", "CVE-2011-2999"], "description": "The remote host is missing an update for the ", "modified": "2019-03-12T00:00:00", "published": "2011-09-30T00:00:00", "id": "OPENVAS:1361412562310870494", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870494", "type": "openvas", "title": "RedHat Update for firefox RHSA-2011:1341-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for firefox RHSA-2011:1341-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2011-September/msg00045.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870494\");\n script_version(\"$Revision: 14114 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-12 12:48:52 +0100 (Tue, 12 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-09-30 16:02:57 +0200 (Fri, 30 Sep 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"RHSA\", value:\"2011:1341-01\");\n script_cve_id(\"CVE-2011-2372\", \"CVE-2011-2995\", \"CVE-2011-2998\", \"CVE-2011-2999\", \"CVE-2011-3000\");\n script_name(\"RedHat Update for firefox RHSA-2011:1341-01\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'firefox'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_(5|4)\");\n script_tag(name:\"affected\", value:\"firefox on Red Hat Enterprise Linux (v. 5 server),\n Red Hat Enterprise Linux AS version 4,\n Red Hat Enterprise Linux ES version 4,\n Red Hat Enterprise Linux WS version 4\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"Mozilla Firefox is an open source web browser. XULRunner provides the XUL\n Runtime environment for Mozilla Firefox.\n\n Several flaws were found in the processing of malformed web content. A web\n page containing malicious content could cause Firefox to crash or,\n potentially, execute arbitrary code with the privileges of the user running\n Firefox. (CVE-2011-2995)\n\n A flaw was found in the way Firefox processed the 'Enter' keypress event. A\n malicious web page could present a download dialog while the key is\n pressed, activating the default 'Open' action. A remote attacker could\n exploit this vulnerability by causing the browser to open malicious web\n content. (CVE-2011-2372)\n\n A flaw was found in the way Firefox handled Location headers in redirect\n responses. Two copies of this header with different values could be a\n symptom of a CRLF injection attack against a vulnerable server. Firefox now\n treats two copies of the Location, Content-Length, or Content-Disposition\n header as an error condition. (CVE-2011-3000)\n\n A flaw was found in the way Firefox handled frame objects with certain\n names. An attacker could use this flaw to cause a plug-in to grant its\n content access to another site or the local file system, violating the\n same-origin policy. (CVE-2011-2999)\n\n An integer underflow flaw was found in the way Firefox handled large\n JavaScript regular expressions. A web page containing malicious JavaScript\n could cause Firefox to access already freed memory, causing Firefox to\n crash or, potentially, execute arbitrary code with the privileges of the\n user running Firefox. (CVE-2011-2998)\n\n For technical details regarding these flaws, refer to the Mozilla security\n advisories for Firefox 3.6.23. You can find a link to the Mozilla\n advisories in the References section of this erratum.\n\n All Firefox users should upgrade to these updated packages, which contain\n Firefox version 3.6.23, which corrects these issues. After installing the\n update, Firefox must be restarted for the changes to take effect.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~3.6.23~2.el5_7\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-debuginfo\", rpm:\"firefox-debuginfo~3.6.23~2.el5_7\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xulrunner\", rpm:\"xulrunner~1.9.2.23~1.el5_7\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xulrunner-debuginfo\", rpm:\"xulrunner-debuginfo~1.9.2.23~1.el5_7\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xulrunner-devel\", rpm:\"xulrunner-devel~1.9.2.23~1.el5_7\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"RHENT_4\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~3.6.23~1.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-debuginfo\", rpm:\"firefox-debuginfo~3.6.23~1.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-25T10:55:39", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2998", "CVE-2011-2995", "CVE-2011-2372", "CVE-2011-3000", "CVE-2011-2999"], "description": "Check for the Version of firefox", "modified": "2017-07-10T00:00:00", "published": "2011-09-30T00:00:00", "id": "OPENVAS:881014", "href": "http://plugins.openvas.org/nasl.php?oid=881014", "type": "openvas", "title": "CentOS Update for firefox CESA-2011:1341 centos4 i386", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for firefox CESA-2011:1341 centos4 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Mozilla Firefox is an open source web browser. XULRunner provides the XUL\n Runtime environment for Mozilla Firefox.\n\n Several flaws were found in the processing of malformed web content. A web\n page containing malicious content could cause Firefox to crash or,\n potentially, execute arbitrary code with the privileges of the user running\n Firefox. (CVE-2011-2995)\n \n A flaw was found in the way Firefox processed the "Enter" keypress event. A\n malicious web page could present a download dialog while the key is\n pressed, activating the default "Open" action. A remote attacker could\n exploit this vulnerability by causing the browser to open malicious web\n content. (CVE-2011-2372)\n \n A flaw was found in the way Firefox handled Location headers in redirect\n responses. Two copies of this header with different values could be a\n symptom of a CRLF injection attack against a vulnerable server. Firefox now\n treats two copies of the Location, Content-Length, or Content-Disposition\n header as an error condition. (CVE-2011-3000)\n \n A flaw was found in the way Firefox handled frame objects with certain\n names. An attacker could use this flaw to cause a plug-in to grant its\n content access to another site or the local file system, violating the\n same-origin policy. (CVE-2011-2999)\n \n An integer underflow flaw was found in the way Firefox handled large\n JavaScript regular expressions. A web page containing malicious JavaScript\n could cause Firefox to access already freed memory, causing Firefox to\n crash or, potentially, execute arbitrary code with the privileges of the\n user running Firefox. (CVE-2011-2998)\n \n For technical details regarding these flaws, refer to the Mozilla security\n advisories for Firefox 3.6.23. You can find a link to the Mozilla\n advisories in the References section of this erratum.\n \n All Firefox users should upgrade to these updated packages, which contain\n Firefox version 3.6.23, which corrects these issues. After installing the\n update, Firefox must be restarted for the changes to take effect.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"firefox on CentOS 4\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2011-September/018085.html\");\n script_id(881014);\n script_version(\"$Revision: 6653 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:46:53 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-09-30 16:02:57 +0200 (Fri, 30 Sep 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2011:1341\");\n script_cve_id(\"CVE-2011-2372\", \"CVE-2011-2995\", \"CVE-2011-2998\", \"CVE-2011-2999\", \"CVE-2011-3000\");\n script_name(\"CentOS Update for firefox CESA-2011:1341 centos4 i386\");\n\n script_summary(\"Check for the Version of firefox\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~3.6.23~1.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:38:39", "bulletinFamily": "unix", "cvelist": ["CVE-2011-2998", "CVE-2011-2995", "CVE-2011-2372", "CVE-2011-3000", "CVE-2011-2999"], "description": "[3.1.15-1.0.1.el6_1]\n- Replaced thunderbird-redhat-default-prefs.js with\n thunderbird-oracle-default-prefs.js\n- Replace clean.gif in tarball\n[3.1.15-1]\n- Update to 3.1.15", "edition": 4, "modified": "2011-09-28T00:00:00", "published": "2011-09-28T00:00:00", "id": "ELSA-2011-1342", "href": "http://linux.oracle.com/errata/ELSA-2011-1342.html", "title": "thunderbird security update", "type": "oraclelinux", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:39:37", "bulletinFamily": "unix", "cvelist": ["CVE-2011-2998", "CVE-2011-2995", "CVE-2011-2372", "CVE-2011-3000", "CVE-2011-2999"], "description": "firefox:\n[3.6.23-2.0.1.el6_1]\n- Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat ones\n[3.6.23-2]\n- Update to 3.6.23\nxulrunner:\n[1.9.2.23-1.0.1.el6_1.1]\n- Replace xulrunner-redhat-default-prefs.js with\n xulrunner-oracle-default-prefs.js\n[1.9.2.23-1.1]\n- Rebuild.\n[1.9.2.23-1]\n- Update to 1.9.2.23", "edition": 4, "modified": "2011-09-28T00:00:00", "published": "2011-09-28T00:00:00", "id": "ELSA-2011-1341", "href": "http://linux.oracle.com/errata/ELSA-2011-1341.html", "title": "firefox security update", "type": "oraclelinux", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "debian": [{"lastseen": "2020-11-11T13:28:24", "bulletinFamily": "unix", "cvelist": ["CVE-2011-2998", "CVE-2011-2995", "CVE-2011-2372", "CVE-2011-3000", "CVE-2011-2999"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2317-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nOctober 05, 2011 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : icedove\nVulnerability : several\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2011-2372 CVE-2011-2995 CVE-2011-2998 CVE-2011-2999 \n CVE-2011-3000 \n\nCVE-2011-2372\n\n Mariusz Mlynski discovered that websites could open a download\n dialog - which has "open" as the default action -, while a user\n presses the ENTER key.\n\nCVE-2011-2995\n\n Benjamin Smedberg, Bob Clary and Jesse Ruderman discovered crashes\n in the rendering engine, which could lead to the execution of\n arbitrary code.\n\nCVE-2011-2998\n\n Mark Kaplan discovered an integer underflow in the javascript\n engine, which could lead to the execution of arbitrary code.\n\nCVE-2011-2999\n\n Boris Zbarsky discovered that incorrect handling of the\n window.location object could lead to bypasses of the same-origin\n policy.\n\nCVE-2011-3000\n\n Ian Graham discovered that multiple Location headers might lead to\n CRLF injection.\n\nAs indicated in the Lenny (oldstable) release notes, security support for\nthe Icedove packages in the oldstable needed to be stopped before the end\nof the regular Lenny security maintenance life cycle.\nYou are strongly encouraged to upgrade to stable or switch to a different\nmail client.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 3.0.11-1+squeeze5.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 3.1.15-1.\n\nWe recommend that you upgrade your icedove packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 3, "modified": "2011-10-05T20:36:17", "published": "2011-10-05T20:36:17", "id": "DEBIAN:DSA-2317-1:67E15", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2011/msg00194.html", "title": "[SECURITY] [DSA 2317-1] icedove security update", "type": "debian", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-11-11T13:17:07", "bulletinFamily": "unix", "cvelist": ["CVE-2011-2998", "CVE-2011-2995", "CVE-2011-2372", "CVE-2011-3000", "CVE-2011-2999"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2313-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nSeptember 29, 2011 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : iceweasel\nVulnerability : several\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2011-2372 CVE-2011-2995 CVE-2011-2998 CVE-2011-2999 \n CVE-2011-3000 \n\nSeveral vulnerabilities have been found in Iceweasel, a web browser\nbased on Firefox:\n\nCVE-2011-2372\n\n Mariusz Mlynski discovered that websites could open a download\n dialog - which has "open" as the default action -, while a user\n presses the ENTER key.\n\nCVE-2011-2995\n\n Benjamin Smedberg, Bob Clary and Jesse Ruderman discovered crashes\n in the rendering engine, which could lead to the execution of\n arbitrary code.\n\nCVE-2011-2998\n\n Mark Kaplan discovered an integer underflow in the javascript\n engine, which could lead to the execution of arbitrary code.\n\nCVE-2011-2999\n\n Boris Zbarsky discovered that incorrect handling of the\n window.location object could lead to bypasses of the same-origin\n policy.\n\nCVE-2011-3000\n\n Ian Graham discovered that multiple Location headers might lead to\n CRLF injection.\n\nFor the oldstable distribution (lenny), this problem has been fixed in\nversion 1.9.0.19-14 of the xulrunner source package. This update also\nmarks the compromised DigiNotar root certs as revoked rather then\nuntrusted.\n\nFor the stable distribution (squeeze), this problem has been fixed\ninversion 3.5.16-10. This update also marks the compromised DigiNotar\nroot certs as revoked rather then untrusted.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 7.0-1.\n\nWe recommend that you upgrade your iceweasel packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 7, "modified": "2011-09-29T20:48:08", "published": "2011-09-29T20:48:08", "id": "DEBIAN:DSA-2313-1:C48B7", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2011/msg00190.html", "title": "[SECURITY] [DSA 2313-1] iceweasel security update", "type": "debian", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-30T02:21:54", "bulletinFamily": "unix", "cvelist": ["CVE-2011-2998", "CVE-2011-2995", "CVE-2011-2372", "CVE-2011-3000", "CVE-2011-2999"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2312-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nSeptember 29, 2011 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : iceape\nVulnerability : several\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2011-2372 CVE-2011-2995 CVE-2011-2998 CVE-2011-2999 \n CVE-2011-3000 \n\nSeveral vulnerabilities have been found in the Iceape internet suite,\nan unbranded version of Seamonkey:\n\nCVE-2011-2372\n\n Mariusz Mlynski discovered that websites could open a download\n dialog - which has "open" as the default action -, while a user\n presses the ENTER key.\n\nCVE-2011-2995\n\n Benjamin Smedberg, Bob Clary and Jesse Ruderman discovered crashes\n in the rendering engine, which could lead to the execution of\n arbitrary code.\n\nCVE-2011-2998\n\n Mark Kaplan discovered an integer underflow in the javascript\n engine, which could lead to the execution of arbitrary code.\n\nCVE-2011-2999\n\n Boris Zbarsky discovered that incorrect handling of the\n window.location object could lead to bypasses of the same-origin\n policy.\n\nCVE-2011-3000\n\n Ian Graham discovered that multiple Location headers might lead to\n CRLF injection.\n\nThe oldstable distribution (lenny) is not affected. The iceape package\nonly provides the XPCOM code.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 2.0.11-8. This update also marks the compromised DigiNotar\nroot certs as revoked rather then untrusted.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2.0.14-8.\n\nWe recommend that you upgrade your iceape packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 2, "modified": "2011-09-29T16:30:08", "published": "2011-09-29T16:30:08", "id": "DEBIAN:DSA-2312-1:AAD88", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2011/msg00189.html", "title": "[SECURITY] [DSA 2312-1] iceape security update", "type": "debian", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-11-11T13:11:55", "bulletinFamily": "unix", "cvelist": ["CVE-2011-2998", "CVE-2011-2995", "CVE-2011-2372", "CVE-2011-3000", "CVE-2011-2999"], "description": "I uploaded new packages for iceweasel which fixed the following\nsecurity problems:\n\nCVE-2011-2372\n\n Mariusz Mlynski discovered that websites could open a download\n dialog - which has "open" as the default action -, while a user\n presses the ENTER key.\n\nCVE-2011-2995\n\n Benjamin Smedberg, Bob Clary and Jesse Ruderman discovered crashes\n in the rendering engine, which could lead to the execution of\n arbitrary code.\n\nCVE-2011-2998\n\n Mark Kaplan discovered an integer underflow in the javascript\n engine, which could lead to the execution of arbitrary code.\n\nCVE-2011-2999\n\n Boris Zbarsky discovered that incorrect handling of the\n window.location object could lead to bypasses of the same-origin\n policy.\n\nCVE-2011-3000\n\n Ian Graham discovered that multiple Location headers might lead to\n CRLF injection.\n\nFor the oldstable distribution (lenny), this problem has been fixed in\nversion 1.9.0.19-14 of the xulrunner source package. This update also\nmarks the compromised DigiNotar root certs as revoked rather then\nuntrusted.\n\nFor the lenny-backports distribution the problems have been fixed in\nversion 3.5.16-10~bpo50+1.\n\nFor the stable distribution (squeeze), this problem has been fixed\ninversion 3.5.16-10. This update also marks the compromised DigiNotar\nroot certs as revoked rather then untrusted.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 7.0-1.\n\nUpgrade instructions\n--------------------\n\nIf you don't use pinning (see [1]) you have to update the package\nmanually via "apt-get -t lenny-backports install <packagelist>" with\nthe packagelist of your installed packages affected by this update.\n[1] <http://backports.debian.org/Instructions>\n\nWe recommend to pin (in /etc/apt/preferences) the backports repository to\n200 so that new versions of installed backports will be installed\nautomatically.\n\n Package: *\n Pin: release a=lenny-backports\n Pin-Priority: 200\n", "edition": 3, "modified": "2011-10-03T09:41:06", "published": "2011-10-03T09:41:06", "id": "DEBIAN:BSA-048:B326D", "href": "https://lists.debian.org/debian-backports-announce/2011/debian-backports-announce-201110/msg00001.html", "title": "[BSA-048] Security Update for Iceweasel", "type": "debian", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2021-01-01T06:36:26", "description": "Benjamin Smedberg, Bob Clary, Jesse Ruderman, and Josh Aas discovered\nmultiple memory vulnerabilities in the Gecko rendering engine. An\nattacker could use these to possibly execute arbitrary code with the\nprivileges of the user invoking Thunderbird. (CVE-2011-2995,\nCVE-2011-2996)\n\nBoris Zbarsky discovered that a frame named 'location' could shadow\nthe window.location object unless a script in a page grabbed a\nreference to the true object before the frame was created. This is in\nviolation of the Same Origin Policy. A malicious E-Mail could possibly\nuse this to access the local file system. (CVE-2011-2999)\n\nMark Kaplan discovered an integer underflow in the SpiderMonkey\nJavaScript engine. An attacker could potentially use this to crash\nThunderbird.\n\nIan Graham discovered that when multiple Location headers were\npresent, Thunderbird would use the second one resulting in a possible\nCRLF injection attack. CRLF injection issues can result in a wide\nvariety of attacks, such as XSS (Cross-Site Scripting)\nvulnerabilities, browser cache poisoning, and cookie theft.\n(CVE-2011-3000)\n\nMariusz Mlynski discovered that if the user could be convinced to hold\ndown the enter key, a malicious website or E-Mail could potential pop\nup a download dialog and the default open action would be selected.\nThis would result in potentially malicious content being run with\nprivileges of the user invoking Thunderbird. (CVE-2011-2372).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 25, "published": "2011-09-29T00:00:00", "title": "Ubuntu 10.04 LTS / 10.10 / 11.04 : thunderbird vulnerabilities (USN-1213-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2995", "CVE-2011-2372", "CVE-2011-2996", "CVE-2011-3000", "CVE-2011-2999"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:11.04", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts", "cpe:/o:canonical:ubuntu_linux:10.10", "p-cpe:/a:canonical:ubuntu_linux:thunderbird"], "id": "UBUNTU_USN-1213-1.NASL", "href": "https://www.tenable.com/plugins/nessus/56331", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1213-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(56331);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2019/09/19 12:54:27\");\n\n script_cve_id(\"CVE-2011-2372\", \"CVE-2011-2995\", \"CVE-2011-2996\", \"CVE-2011-2999\", \"CVE-2011-3000\");\n script_xref(name:\"USN\", value:\"1213-1\");\n\n script_name(english:\"Ubuntu 10.04 LTS / 10.10 / 11.04 : thunderbird vulnerabilities (USN-1213-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Benjamin Smedberg, Bob Clary, Jesse Ruderman, and Josh Aas discovered\nmultiple memory vulnerabilities in the Gecko rendering engine. An\nattacker could use these to possibly execute arbitrary code with the\nprivileges of the user invoking Thunderbird. (CVE-2011-2995,\nCVE-2011-2996)\n\nBoris Zbarsky discovered that a frame named 'location' could shadow\nthe window.location object unless a script in a page grabbed a\nreference to the true object before the frame was created. This is in\nviolation of the Same Origin Policy. A malicious E-Mail could possibly\nuse this to access the local file system. (CVE-2011-2999)\n\nMark Kaplan discovered an integer underflow in the SpiderMonkey\nJavaScript engine. An attacker could potentially use this to crash\nThunderbird.\n\nIan Graham discovered that when multiple Location headers were\npresent, Thunderbird would use the second one resulting in a possible\nCRLF injection attack. CRLF injection issues can result in a wide\nvariety of attacks, such as XSS (Cross-Site Scripting)\nvulnerabilities, browser cache poisoning, and cookie theft.\n(CVE-2011-3000)\n\nMariusz Mlynski discovered that if the user could be convinced to hold\ndown the enter key, a malicious website or E-Mail could potential pop\nup a download dialog and the default open action would be selected.\nThis would result in potentially malicious content being run with\nprivileges of the user invoking Thunderbird. (CVE-2011-2372).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1213-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected thunderbird package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/09/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/09/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/09/29\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(10\\.04|10\\.10|11\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 10.04 / 10.10 / 11.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.04\", pkgname:\"thunderbird\", pkgver:\"3.1.15+build1+nobinonly-0ubuntu0.10.04.1\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"thunderbird\", pkgver:\"3.1.15+build1+nobinonly-0ubuntu0.10.10.1\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"thunderbird\", pkgver:\"3.1.15+build1+nobinonly-0ubuntu0.11.04.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"thunderbird\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T05:56:40", "description": "Mozilla XULRunner was updated to version 1.9.2.23, fixing various bugs\nand security issues.\n\nMFSA 2011-36: Mozilla developers identified and fixed several memory\nsafety bugs in the browser engine used in Firefox and other\nMozilla-based products. Some of these bugs showed evidence of memory\ncorruption under certain circumstances, and we presume that with\nenough effort at least some of these could be exploited to run\narbitrary code.\n\nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled,, but\nare potentially a risk in browser or browser-like contexts in those\nproducts.\n\nBenjamin Smedberg, Bob Clary, and Jesse Ruderman reported memory\nsafety problems that affected Firefox 3.6 and Firefox 6.\n(CVE-2011-2995)\n\nJosh Aas reported a potential crash in the plugin API that affected\nFirefox 3.6 only. (CVE-2011-2996)\n\nMFSA 2011-37: Mark Kaplan reported a potentially exploitable crash due\nto integer underflow when using a large JavaScript RegExp expression.\nWe would also like to thank Mark for contributing the fix for this\nproblem. (no CVE yet)\n\nMFSA 2011-38: Mozilla developer Boris Zbarsky reported that a frame\nnamed 'location' could shadow the window.location object unless a\nscript in a page grabbed a reference to the true object before the\nframe was created. Because some plugins use the value of\nwindow.location to determine the page origin this could fool the\nplugin into granting the plugin content access to another site or the\nlocal file system in violation of the Same Origin Policy. This flaw\nallows circumvention of the fix added for MFSA 2010-10.\n(CVE-2011-2999)\n\nMFSA 2011-39: Ian Graham of Citrix Online reported that when multiple\nLocation headers were present in a redirect response Mozilla behavior\ndiffered from other browsers: Mozilla would use the second Location\nheader while Chrome and Internet Explorer would use the first. Two\ncopies of this header with different values could be a symptom of a\nCRLF injection attack against a vulnerable server. Most commonly it is\nthe Location header itself that is vulnerable to the response\nsplitting and therefore the copy preferred by Mozilla is more likely\nto be the malicious one. It is possible, however, that the first copy\nwas the injected one depending on the nature of the server\nvulnerability.\n\nThe Mozilla browser engine has been changed to treat two copies of\nthis header with different values as an error condition. The same has\nbeen done with the headers Content-Length and Content-Disposition.\n(CVE-2011-3000) MFSA 2011-40: Mariusz Mlynski reported that if you\ncould convince a user to hold down the Enter key--as part of a game or\ntest, perhaps--a malicious page could pop up a download dialog where\nthe held key would then activate the default Open action. For some\nfile types this would be merely annoying (the equivalent of a pop-up)\nbut other file types have powerful scripting capabilities. And this\nwould provide an avenue for an attacker to exploit a vulnerability in\napplications not normally exposed to potentially hostile internet\ncontent.\n\nHolding enter allows arbitrary code execution due to Download Manager\n(CVE-2011-2372)", "edition": 24, "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : mozilla-js192 (openSUSE-SU-2011:1076-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2995", "CVE-2011-2372", "CVE-2011-2996", "CVE-2011-3000", "CVE-2011-2999"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:mozilla-xulrunner192-32bit", "p-cpe:/a:novell:opensuse:mozilla-xulrunner192-debugsource", "p-cpe:/a:novell:opensuse:mozilla-xulrunner192-translations-other", "p-cpe:/a:novell:opensuse:mozilla-xulrunner192-translations-other-32bit", "p-cpe:/a:novell:opensuse:mozilla-js192-debuginfo", "p-cpe:/a:novell:opensuse:mozilla-xulrunner192-gnome-debuginfo", "p-cpe:/a:novell:opensuse:mozilla-xulrunner192", "p-cpe:/a:novell:opensuse:mozilla-xulrunner192-devel", "cpe:/o:novell:opensuse:11.4", "p-cpe:/a:novell:opensuse:mozilla-xulrunner192-translations-common", "p-cpe:/a:novell:opensuse:mozilla-xulrunner192-gnome", "p-cpe:/a:novell:opensuse:mozilla-xulrunner192-debuginfo-32bit", "p-cpe:/a:novell:opensuse:mozilla-xulrunner192-buildsymbols", "p-cpe:/a:novell:opensuse:mozilla-js192", "p-cpe:/a:novell:opensuse:mozilla-xulrunner192-debuginfo", "p-cpe:/a:novell:opensuse:mozilla-xulrunner192-gnome-debuginfo-32bit", "p-cpe:/a:novell:opensuse:mozilla-xulrunner192-translations-common-32bit", "p-cpe:/a:novell:opensuse:mozilla-xulrunner192-gnome-32bit", "p-cpe:/a:novell:opensuse:mozilla-xulrunner192-devel-debuginfo", "p-cpe:/a:novell:opensuse:mozilla-js192-debuginfo-32bit", "p-cpe:/a:novell:opensuse:mozilla-js192-32bit"], "id": "SUSE_11_4_MOZILLA-JS192-110928.NASL", "href": "https://www.tenable.com/plugins/nessus/75960", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update mozilla-js192-5206.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(75960);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2019/10/25 13:36:42\");\n\n script_cve_id(\"CVE-2011-2372\", \"CVE-2011-2995\", \"CVE-2011-2996\", \"CVE-2011-2999\", \"CVE-2011-3000\");\n\n script_name(english:\"openSUSE Security Update : mozilla-js192 (openSUSE-SU-2011:1076-1)\");\n script_summary(english:\"Check for the mozilla-js192-5206 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Mozilla XULRunner was updated to version 1.9.2.23, fixing various bugs\nand security issues.\n\nMFSA 2011-36: Mozilla developers identified and fixed several memory\nsafety bugs in the browser engine used in Firefox and other\nMozilla-based products. Some of these bugs showed evidence of memory\ncorruption under certain circumstances, and we presume that with\nenough effort at least some of these could be exploited to run\narbitrary code.\n\nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled,, but\nare potentially a risk in browser or browser-like contexts in those\nproducts.\n\nBenjamin Smedberg, Bob Clary, and Jesse Ruderman reported memory\nsafety problems that affected Firefox 3.6 and Firefox 6.\n(CVE-2011-2995)\n\nJosh Aas reported a potential crash in the plugin API that affected\nFirefox 3.6 only. (CVE-2011-2996)\n\nMFSA 2011-37: Mark Kaplan reported a potentially exploitable crash due\nto integer underflow when using a large JavaScript RegExp expression.\nWe would also like to thank Mark for contributing the fix for this\nproblem. (no CVE yet)\n\nMFSA 2011-38: Mozilla developer Boris Zbarsky reported that a frame\nnamed 'location' could shadow the window.location object unless a\nscript in a page grabbed a reference to the true object before the\nframe was created. Because some plugins use the value of\nwindow.location to determine the page origin this could fool the\nplugin into granting the plugin content access to another site or the\nlocal file system in violation of the Same Origin Policy. This flaw\nallows circumvention of the fix added for MFSA 2010-10.\n(CVE-2011-2999)\n\nMFSA 2011-39: Ian Graham of Citrix Online reported that when multiple\nLocation headers were present in a redirect response Mozilla behavior\ndiffered from other browsers: Mozilla would use the second Location\nheader while Chrome and Internet Explorer would use the first. Two\ncopies of this header with different values could be a symptom of a\nCRLF injection attack against a vulnerable server. Most commonly it is\nthe Location header itself that is vulnerable to the response\nsplitting and therefore the copy preferred by Mozilla is more likely\nto be the malicious one. It is possible, however, that the first copy\nwas the injected one depending on the nature of the server\nvulnerability.\n\nThe Mozilla browser engine has been changed to treat two copies of\nthis header with different values as an error condition. The same has\nbeen done with the headers Content-Length and Content-Disposition.\n(CVE-2011-3000) MFSA 2011-40: Mariusz Mlynski reported that if you\ncould convince a user to hold down the Enter key--as part of a game or\ntest, perhaps--a malicious page could pop up a download dialog where\nthe held key would then activate the default Open action. For some\nfile types this would be merely annoying (the equivalent of a pop-up)\nbut other file types have powerful scripting capabilities. And this\nwould provide an avenue for an attacker to exploit a vulnerability in\napplications not normally exposed to potentially hostile internet\ncontent.\n\nHolding enter allows arbitrary code execution due to Download Manager\n(CVE-2011-2372)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=720264\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2011-09/msg00034.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mozilla-js192 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-js192\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-js192-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-js192-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-js192-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner192\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-buildsymbols\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-gnome-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-gnome-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-gnome-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-translations-common-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-translations-other-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/09/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.4)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.4\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.4\", reference:\"mozilla-js192-1.9.2.23-1.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"mozilla-js192-debuginfo-1.9.2.23-1.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"mozilla-xulrunner192-1.9.2.23-1.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"mozilla-xulrunner192-buildsymbols-1.9.2.23-1.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"mozilla-xulrunner192-debuginfo-1.9.2.23-1.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"mozilla-xulrunner192-debugsource-1.9.2.23-1.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"mozilla-xulrunner192-devel-1.9.2.23-1.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"mozilla-xulrunner192-devel-debuginfo-1.9.2.23-1.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"mozilla-xulrunner192-gnome-1.9.2.23-1.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"mozilla-xulrunner192-gnome-debuginfo-1.9.2.23-1.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"mozilla-xulrunner192-translations-common-1.9.2.23-1.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"mozilla-xulrunner192-translations-other-1.9.2.23-1.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"mozilla-js192-32bit-1.9.2.23-1.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"mozilla-js192-debuginfo-32bit-1.9.2.23-1.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"mozilla-xulrunner192-32bit-1.9.2.23-1.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"mozilla-xulrunner192-debuginfo-32bit-1.9.2.23-1.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"mozilla-xulrunner192-gnome-32bit-1.9.2.23-1.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"mozilla-xulrunner192-gnome-debuginfo-32bit-1.9.2.23-1.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"mozilla-xulrunner192-translations-common-32bit-1.9.2.23-1.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"mozilla-xulrunner192-translations-other-32bit-1.9.2.23-1.2.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mozilla-xulrunner192\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T05:54:37", "description": "Mozilla Firefox was updated to version 3.6.23, fixing various bugs and\nsecurity issues.\n\nMFSA 2011-36: Mozilla developers identified and fixed several memory\nsafety bugs in the browser engine used in Firefox and other\nMozilla-based products. Some of these bugs showed evidence of memory\ncorruption under certain circumstances, and we presume that with\nenough effort at least some of these could be exploited to run\narbitrary code.\n\nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled,, but\nare potentially a risk in browser or browser-like contexts in those\nproducts.\n\nBenjamin Smedberg, Bob Clary, and Jesse Ruderman reported memory\nsafety problems that affected Firefox 3.6 and Firefox 6.\n(CVE-2011-2995)\n\nJosh Aas reported a potential crash in the plugin API that affected\nFirefox 3.6 only. (CVE-2011-2996)\n\nMFSA 2011-37: Mark Kaplan reported a potentially exploitable crash due\nto integer underflow when using a large JavaScript RegExp expression.\nWe would also like to thank Mark for contributing the fix for this\nproblem. (no CVE yet)\n\nMFSA 2011-38: Mozilla developer Boris Zbarsky reported that a frame\nnamed 'location' could shadow the window.location object unless a\nscript in a page grabbed a reference to the true object before the\nframe was created. Because some plugins use the value of\nwindow.location to determine the page origin this could fool the\nplugin into granting the plugin content access to another site or the\nlocal file system in violation of the Same Origin Policy. This flaw\nallows circumvention of the fix added for MFSA 2010-10.\n(CVE-2011-2999)\n\nMFSA 2011-39: Ian Graham of Citrix Online reported that when multiple\nLocation headers were present in a redirect response Mozilla behavior\ndiffered from other browsers: Mozilla would use the second Location\nheader while Chrome and Internet Explorer would use the first. Two\ncopies of this header with different values could be a symptom of a\nCRLF injection attack against a vulnerable server. Most commonly it is\nthe Location header itself that is vulnerable to the response\nsplitting and therefore the copy preferred by Mozilla is more likely\nto be the malicious one. It is possible, however, that the first copy\nwas the injected one depending on the nature of the server\nvulnerability.\n\nThe Mozilla browser engine has been changed to treat two copies of\nthis header with different values as an error condition. The same has\nbeen done with the headers Content-Length and Content-Disposition.\n(CVE-2011-3000)\n\nMFSA 2011-40: Mariusz Mlynski reported that if you could convince a\nuser to hold down the Enter key--as part of a game or test, perhaps--a\nmalicious page could pop up a download dialog where the held key would\nthen activate the default Open action. For some file types this would\nbe merely annoying (the equivalent of a pop-up) but other file types\nhave powerful scripting capabilities. And this would provide an avenue\nfor an attacker to exploit a vulnerability in applications not\nnormally exposed to potentially hostile internet content.\n\nHolding enter allows arbitrary code execution due to Download Manager\n(CVE-2011-2372)", "edition": 24, "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : MozillaFirefox (openSUSE-SU-2011:1079-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2995", "CVE-2011-2372", "CVE-2011-2996", "CVE-2011-3000", "CVE-2011-2999"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:mozilla-xulrunner192-32bit", "p-cpe:/a:novell:opensuse:MozillaFirefox-translations-common", "p-cpe:/a:novell:opensuse:mozilla-xulrunner192-translations-other", "p-cpe:/a:novell:opensuse:mozilla-xulrunner192-translations-other-32bit", "p-cpe:/a:novell:opensuse:mozilla-xulrunner192", "p-cpe:/a:novell:opensuse:mozilla-xulrunner192-devel", "p-cpe:/a:novell:opensuse:mozilla-xulrunner192-translations-common", "p-cpe:/a:novell:opensuse:mozilla-xulrunner192-gnome", "p-cpe:/a:novell:opensuse:MozillaFirefox-branding-upstream", "p-cpe:/a:novell:opensuse:mozilla-xulrunner192-buildsymbols", "p-cpe:/a:novell:opensuse:mozilla-js192", "p-cpe:/a:novell:opensuse:mozilla-xulrunner192-translations-common-32bit", "p-cpe:/a:novell:opensuse:mozilla-xulrunner192-gnome-32bit", "cpe:/o:novell:opensuse:11.3", "p-cpe:/a:novell:opensuse:MozillaFirefox-translations-other", "p-cpe:/a:novell:opensuse:MozillaFirefox", "p-cpe:/a:novell:opensuse:mozilla-js192-32bit"], "id": "SUSE_11_3_MOZILLAFIREFOX-110928.NASL", "href": "https://www.tenable.com/plugins/nessus/75656", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update MozillaFirefox-5203.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(75656);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2019/10/25 13:36:41\");\n\n script_cve_id(\"CVE-2011-2372\", \"CVE-2011-2995\", \"CVE-2011-2996\", \"CVE-2011-2999\", \"CVE-2011-3000\");\n\n script_name(english:\"openSUSE Security Update : MozillaFirefox (openSUSE-SU-2011:1079-1)\");\n script_summary(english:\"Check for the MozillaFirefox-5203 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Mozilla Firefox was updated to version 3.6.23, fixing various bugs and\nsecurity issues.\n\nMFSA 2011-36: Mozilla developers identified and fixed several memory\nsafety bugs in the browser engine used in Firefox and other\nMozilla-based products. Some of these bugs showed evidence of memory\ncorruption under certain circumstances, and we presume that with\nenough effort at least some of these could be exploited to run\narbitrary code.\n\nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled,, but\nare potentially a risk in browser or browser-like contexts in those\nproducts.\n\nBenjamin Smedberg, Bob Clary, and Jesse Ruderman reported memory\nsafety problems that affected Firefox 3.6 and Firefox 6.\n(CVE-2011-2995)\n\nJosh Aas reported a potential crash in the plugin API that affected\nFirefox 3.6 only. (CVE-2011-2996)\n\nMFSA 2011-37: Mark Kaplan reported a potentially exploitable crash due\nto integer underflow when using a large JavaScript RegExp expression.\nWe would also like to thank Mark for contributing the fix for this\nproblem. (no CVE yet)\n\nMFSA 2011-38: Mozilla developer Boris Zbarsky reported that a frame\nnamed 'location' could shadow the window.location object unless a\nscript in a page grabbed a reference to the true object before the\nframe was created. Because some plugins use the value of\nwindow.location to determine the page origin this could fool the\nplugin into granting the plugin content access to another site or the\nlocal file system in violation of the Same Origin Policy. This flaw\nallows circumvention of the fix added for MFSA 2010-10.\n(CVE-2011-2999)\n\nMFSA 2011-39: Ian Graham of Citrix Online reported that when multiple\nLocation headers were present in a redirect response Mozilla behavior\ndiffered from other browsers: Mozilla would use the second Location\nheader while Chrome and Internet Explorer would use the first. Two\ncopies of this header with different values could be a symptom of a\nCRLF injection attack against a vulnerable server. Most commonly it is\nthe Location header itself that is vulnerable to the response\nsplitting and therefore the copy preferred by Mozilla is more likely\nto be the malicious one. It is possible, however, that the first copy\nwas the injected one depending on the nature of the server\nvulnerability.\n\nThe Mozilla browser engine has been changed to treat two copies of\nthis header with different values as an error condition. The same has\nbeen done with the headers Content-Length and Content-Disposition.\n(CVE-2011-3000)\n\nMFSA 2011-40: Mariusz Mlynski reported that if you could convince a\nuser to hold down the Enter key--as part of a game or test, perhaps--a\nmalicious page could pop up a download dialog where the held key would\nthen activate the default Open action. For some file types this would\nbe merely annoying (the equivalent of a pop-up) but other file types\nhave powerful scripting capabilities. And this would provide an avenue\nfor an attacker to exploit a vulnerability in applications not\nnormally exposed to potentially hostile internet content.\n\nHolding enter allows arbitrary code execution due to Download Manager\n(CVE-2011-2372)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=720264\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2011-09/msg00036.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected MozillaFirefox packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-branding-upstream\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-js192\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-js192-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner192\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-buildsymbols\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-gnome-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-translations-common-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-translations-other-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/09/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.3\", reference:\"MozillaFirefox-3.6.23-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"MozillaFirefox-branding-upstream-3.6.23-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"MozillaFirefox-translations-common-3.6.23-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"MozillaFirefox-translations-other-3.6.23-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"mozilla-js192-1.9.2.23-1.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"mozilla-xulrunner192-1.9.2.23-1.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"mozilla-xulrunner192-buildsymbols-1.9.2.23-1.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"mozilla-xulrunner192-devel-1.9.2.23-1.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"mozilla-xulrunner192-gnome-1.9.2.23-1.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"mozilla-xulrunner192-translations-common-1.9.2.23-1.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"mozilla-xulrunner192-translations-other-1.9.2.23-1.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", cpu:\"x86_64\", reference:\"mozilla-js192-32bit-1.9.2.23-1.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", cpu:\"x86_64\", reference:\"mozilla-xulrunner192-32bit-1.9.2.23-1.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", cpu:\"x86_64\", reference:\"mozilla-xulrunner192-gnome-32bit-1.9.2.23-1.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", cpu:\"x86_64\", reference:\"mozilla-xulrunner192-translations-common-32bit-1.9.2.23-1.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", cpu:\"x86_64\", reference:\"mozilla-xulrunner192-translations-other-32bit-1.9.2.23-1.2.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MozillaFirefox\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T06:01:56", "description": "Mozilla Firefox was updated to version 3.6.23, fixing various bugs and\nsecurity issues.\n\n - Mozilla developers identified and fixed several memory\n safety bugs in the browser engine used in Firefox and\n other Mozilla-based products. Some of these bugs showed\n evidence of memory corruption under certain\n circumstances, and we presume that with enough effort at\n least some of these could be exploited to run arbitrary\n code. (MFSA 2011-36)\n\n In general these flaws cannot be exploited through email\n in the Thunderbird and SeaMonkey products because\n scripting is disabled,, but are potentially a risk in\n browser or browser-like contexts in those products.\n\n - Benjamin Smedberg, Bob Clary, and Jesse Ruderman\n reported memory safety problems that affected Firefox\n 3.6 and Firefox 6. (CVE-2011-2995)\n\n - Josh Aas reported a potential crash in the plugin API\n that affected Firefox 3.6 only. (CVE-2011-2996)\n\n - Mark Kaplan reported a potentially exploitable crash due\n to integer underflow when using a large JavaScript\n RegExp expression. We would also like to thank Mark for\n contributing the fix for this problem. (no CVE yet).\n (MFSA 2011-37)\n\n - Mozilla developer Boris Zbarsky reported that a frame\n named 'location' could shadow the window.location object\n unless a script in a page grabbed a reference to the\n true object before the frame was created. Because some\n plugins use the value of window.location to determine\n the page origin this could fool the plugin into granting\n the plugin content access to another site or the local\n file system in violation of the Same Origin Policy. This\n flaw allows circumvention of the fix added for MFSA\n 2010-10. (CVE-2011-2999). (MFSA 2011-38)\n\n - Ian Graham of Citrix Online reported that when multiple\n Location headers were present in a redirect response\n Mozilla behavior differed from other browsers: Mozilla\n would use the second Location header while Chrome and\n Internet Explorer would use the first. Two copies of\n this header with different values could be a symptom of\n a CRLF injection attack against a vulnerable server.\n Most commonly it is the Location header itself that is\n vulnerable to the response splitting and therefore the\n copy preferred by Mozilla is more likely to be the\n malicious one. It is possible, however, that the first\n copy was the injected one depending on the nature of the\n server vulnerability. (MFSA 2011-39)\n\n The Mozilla browser engine has been changed to treat two\n copies of this header with different values as an error\n condition. The same has been done with the headers\n Content-Length and Content-Disposition. (CVE-2011-3000)\n\n - Mariusz Mlynski reported that if you could convince a\n user to hold down the Enter key--as part of a game or\n test, perhaps--a malicious page could pop up a download\n dialog where the held key would then activate the\n default Open action. For some file types this would be\n merely annoying (the equivalent of a pop-up) but other\n file types have powerful scripting capabilities. And\n this would provide an avenue for an attacker to exploit\n a vulnerability in applications not normally exposed to\n potentially hostile internet content. (MFSA 2011-40)\n\n Holding enter allows arbitrary code execution due to\n Download Manager. (CVE-2011-2372)", "edition": 23, "published": "2011-12-13T00:00:00", "title": "SuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 7784)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2995", "CVE-2011-2372", "CVE-2011-2996", "CVE-2011-3000", "CVE-2011-2999"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_MOZILLAFIREFOX-7784.NASL", "href": "https://www.tenable.com/plugins/nessus/57152", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(57152);\n script_version (\"1.8\");\n script_cvs_date(\"Date: 2019/10/25 13:36:43\");\n\n script_cve_id(\"CVE-2011-2372\", \"CVE-2011-2995\", \"CVE-2011-2996\", \"CVE-2011-2999\", \"CVE-2011-3000\");\n\n script_name(english:\"SuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 7784)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Mozilla Firefox was updated to version 3.6.23, fixing various bugs and\nsecurity issues.\n\n - Mozilla developers identified and fixed several memory\n safety bugs in the browser engine used in Firefox and\n other Mozilla-based products. Some of these bugs showed\n evidence of memory corruption under certain\n circumstances, and we presume that with enough effort at\n least some of these could be exploited to run arbitrary\n code. (MFSA 2011-36)\n\n In general these flaws cannot be exploited through email\n in the Thunderbird and SeaMonkey products because\n scripting is disabled,, but are potentially a risk in\n browser or browser-like contexts in those products.\n\n - Benjamin Smedberg, Bob Clary, and Jesse Ruderman\n reported memory safety problems that affected Firefox\n 3.6 and Firefox 6. (CVE-2011-2995)\n\n - Josh Aas reported a potential crash in the plugin API\n that affected Firefox 3.6 only. (CVE-2011-2996)\n\n - Mark Kaplan reported a potentially exploitable crash due\n to integer underflow when using a large JavaScript\n RegExp expression. We would also like to thank Mark for\n contributing the fix for this problem. (no CVE yet).\n (MFSA 2011-37)\n\n - Mozilla developer Boris Zbarsky reported that a frame\n named 'location' could shadow the window.location object\n unless a script in a page grabbed a reference to the\n true object before the frame was created. Because some\n plugins use the value of window.location to determine\n the page origin this could fool the plugin into granting\n the plugin content access to another site or the local\n file system in violation of the Same Origin Policy. This\n flaw allows circumvention of the fix added for MFSA\n 2010-10. (CVE-2011-2999). (MFSA 2011-38)\n\n - Ian Graham of Citrix Online reported that when multiple\n Location headers were present in a redirect response\n Mozilla behavior differed from other browsers: Mozilla\n would use the second Location header while Chrome and\n Internet Explorer would use the first. Two copies of\n this header with different values could be a symptom of\n a CRLF injection attack against a vulnerable server.\n Most commonly it is the Location header itself that is\n vulnerable to the response splitting and therefore the\n copy preferred by Mozilla is more likely to be the\n malicious one. It is possible, however, that the first\n copy was the injected one depending on the nature of the\n server vulnerability. (MFSA 2011-39)\n\n The Mozilla browser engine has been changed to treat two\n copies of this header with different values as an error\n condition. The same has been done with the headers\n Content-Length and Content-Disposition. (CVE-2011-3000)\n\n - Mariusz Mlynski reported that if you could convince a\n user to hold down the Enter key--as part of a game or\n test, perhaps--a malicious page could pop up a download\n dialog where the held key would then activate the\n default Open action. For some file types this would be\n merely annoying (the equivalent of a pop-up) but other\n file types have powerful scripting capabilities. And\n this would provide an avenue for an attacker to exploit\n a vulnerability in applications not normally exposed to\n potentially hostile internet content. (MFSA 2011-40)\n\n Holding enter allows arbitrary code execution due to\n Download Manager. (CVE-2011-2372)\"\n );\n # http://www.mozilla.org/security/announce/2010/mfsa2010-10.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2010-10/\"\n );\n # http://www.mozilla.org/security/announce/2011/mfsa2011-36.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2011-36/\"\n );\n # http://www.mozilla.org/security/announce/2011/mfsa2011-37.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2011-37/\"\n );\n # http://www.mozilla.org/security/announce/2011/mfsa2011-38.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2011-38/\"\n );\n # http://www.mozilla.org/security/announce/2011/mfsa2011-39.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2011-39/\"\n );\n # http://www.mozilla.org/security/announce/2011/mfsa2011-40.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2011-40/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2372.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2995.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2996.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2999.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-3000.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 7784.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/09/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/12/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"MozillaFirefox-3.6.23-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"MozillaFirefox-translations-3.6.23-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"mozilla-xulrunner192-1.9.2.23-1.6.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"mozilla-xulrunner192-gnome-1.9.2.23-1.6.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"mozilla-xulrunner192-translations-1.9.2.23-1.6.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, cpu:\"x86_64\", reference:\"mozilla-xulrunner192-32bit-1.9.2.23-1.6.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, cpu:\"x86_64\", reference:\"mozilla-xulrunner192-gnome-32bit-1.9.2.23-1.6.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, cpu:\"x86_64\", reference:\"mozilla-xulrunner192-translations-32bit-1.9.2.23-1.6.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"MozillaFirefox-3.6.23-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"MozillaFirefox-translations-3.6.23-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"mozilla-xulrunner192-1.9.2.23-1.6.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"mozilla-xulrunner192-gnome-1.9.2.23-1.6.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"mozilla-xulrunner192-translations-1.9.2.23-1.6.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"x86_64\", reference:\"mozilla-xulrunner192-32bit-1.9.2.23-1.6.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"x86_64\", reference:\"mozilla-xulrunner192-gnome-32bit-1.9.2.23-1.6.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"x86_64\", reference:\"mozilla-xulrunner192-translations-32bit-1.9.2.23-1.6.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T06:01:56", "description": "Mozilla Firefox was updated to version 3.6.23, fixing various bugs and\nsecurity issues.\n\n - Mozilla developers identified and fixed several memory\n safety bugs in the browser engine used in Firefox and\n other Mozilla-based products. Some of these bugs showed\n evidence of memory corruption under certain\n circumstances, and we presume that with enough effort at\n least some of these could be exploited to run arbitrary\n code. (MFSA 2011-36)\n\n In general these flaws cannot be exploited through email\n in the Thunderbird and SeaMonkey products because\n scripting is disabled,, but are potentially a risk in\n browser or browser-like contexts in those products.\n\n - Benjamin Smedberg, Bob Clary, and Jesse Ruderman\n reported memory safety problems that affected Firefox\n 3.6 and Firefox 6. (CVE-2011-2995)\n\n - Josh Aas reported a potential crash in the plugin API\n that affected Firefox 3.6 only. (CVE-2011-2996)\n\n - Mark Kaplan reported a potentially exploitable crash due\n to integer underflow when using a large JavaScript\n RegExp expression. We would also like to thank Mark for\n contributing the fix for this problem. (no CVE yet).\n (MFSA 2011-37)\n\n - Mozilla developer Boris Zbarsky reported that a frame\n named 'location' could shadow the window.location object\n unless a script in a page grabbed a reference to the\n true object before the frame was created. Because some\n plugins use the value of window.location to determine\n the page origin this could fool the plugin into granting\n the plugin content access to another site or the local\n file system in violation of the Same Origin Policy. This\n flaw allows circumvention of the fix added for MFSA\n 2010-10. (CVE-2011-2999). (MFSA 2011-38)\n\n - Ian Graham of Citrix Online reported that when multiple\n Location headers were present in a redirect response\n Mozilla behavior differed from other browsers: Mozilla\n would use the second Location header while Chrome and\n Internet Explorer would use the first. Two copies of\n this header with different values could be a symptom of\n a CRLF injection attack against a vulnerable server.\n Most commonly it is the Location header itself that is\n vulnerable to the response splitting and therefore the\n copy preferred by Mozilla is more likely to be the\n malicious one. It is possible, however, that the first\n copy was the injected one depending on the nature of the\n server vulnerability. (MFSA 2011-39)\n\n The Mozilla browser engine has been changed to treat two\n copies of this header with different values as an error\n condition. The same has been done with the headers\n Content-Length and Content-Disposition. (CVE-2011-3000)\n\n - Mariusz Mlynski reported that if you could convince a\n user to hold down the Enter key--as part of a game or\n test, perhaps--a malicious page could pop up a download\n dialog where the held key would then activate the\n default Open action. For some file types this would be\n merely annoying (the equivalent of a pop-up) but other\n file types have powerful scripting capabilities. And\n this would provide an avenue for an attacker to exploit\n a vulnerability in applications not normally exposed to\n potentially hostile internet content. (MFSA 2011-40)\n\n Holding enter allows arbitrary code execution due to\n Download Manager. (CVE-2011-2372)", "edition": 23, "published": "2011-10-24T00:00:00", "title": "SuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 7783)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2995", "CVE-2011-2372", "CVE-2011-2996", "CVE-2011-3000", "CVE-2011-2999"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_MOZILLAFIREFOX-7783.NASL", "href": "https://www.tenable.com/plugins/nessus/56609", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(56609);\n script_version (\"1.11\");\n script_cvs_date(\"Date: 2019/10/25 13:36:43\");\n\n script_cve_id(\"CVE-2011-2372\", \"CVE-2011-2995\", \"CVE-2011-2996\", \"CVE-2011-2999\", \"CVE-2011-3000\");\n\n script_name(english:\"SuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 7783)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Mozilla Firefox was updated to version 3.6.23, fixing various bugs and\nsecurity issues.\n\n - Mozilla developers identified and fixed several memory\n safety bugs in the browser engine used in Firefox and\n other Mozilla-based products. Some of these bugs showed\n evidence of memory corruption under certain\n circumstances, and we presume that with enough effort at\n least some of these could be exploited to run arbitrary\n code. (MFSA 2011-36)\n\n In general these flaws cannot be exploited through email\n in the Thunderbird and SeaMonkey products because\n scripting is disabled,, but are potentially a risk in\n browser or browser-like contexts in those products.\n\n - Benjamin Smedberg, Bob Clary, and Jesse Ruderman\n reported memory safety problems that affected Firefox\n 3.6 and Firefox 6. (CVE-2011-2995)\n\n - Josh Aas reported a potential crash in the plugin API\n that affected Firefox 3.6 only. (CVE-2011-2996)\n\n - Mark Kaplan reported a potentially exploitable crash due\n to integer underflow when using a large JavaScript\n RegExp expression. We would also like to thank Mark for\n contributing the fix for this problem. (no CVE yet).\n (MFSA 2011-37)\n\n - Mozilla developer Boris Zbarsky reported that a frame\n named 'location' could shadow the window.location object\n unless a script in a page grabbed a reference to the\n true object before the frame was created. Because some\n plugins use the value of window.location to determine\n the page origin this could fool the plugin into granting\n the plugin content access to another site or the local\n file system in violation of the Same Origin Policy. This\n flaw allows circumvention of the fix added for MFSA\n 2010-10. (CVE-2011-2999). (MFSA 2011-38)\n\n - Ian Graham of Citrix Online reported that when multiple\n Location headers were present in a redirect response\n Mozilla behavior differed from other browsers: Mozilla\n would use the second Location header while Chrome and\n Internet Explorer would use the first. Two copies of\n this header with different values could be a symptom of\n a CRLF injection attack against a vulnerable server.\n Most commonly it is the Location header itself that is\n vulnerable to the response splitting and therefore the\n copy preferred by Mozilla is more likely to be the\n malicious one. It is possible, however, that the first\n copy was the injected one depending on the nature of the\n server vulnerability. (MFSA 2011-39)\n\n The Mozilla browser engine has been changed to treat two\n copies of this header with different values as an error\n condition. The same has been done with the headers\n Content-Length and Content-Disposition. (CVE-2011-3000)\n\n - Mariusz Mlynski reported that if you could convince a\n user to hold down the Enter key--as part of a game or\n test, perhaps--a malicious page could pop up a download\n dialog where the held key would then activate the\n default Open action. For some file types this would be\n merely annoying (the equivalent of a pop-up) but other\n file types have powerful scripting capabilities. And\n this would provide an avenue for an attacker to exploit\n a vulnerability in applications not normally exposed to\n potentially hostile internet content. (MFSA 2011-40)\n\n Holding enter allows arbitrary code execution due to\n Download Manager. (CVE-2011-2372)\"\n );\n # http://www.mozilla.org/security/announce/2010/mfsa2010-10.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2010-10/\"\n );\n # http://www.mozilla.org/security/announce/2011/mfsa2011-36.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2011-36/\"\n );\n # http://www.mozilla.org/security/announce/2011/mfsa2011-37.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2011-37/\"\n );\n # http://www.mozilla.org/security/announce/2011/mfsa2011-38.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2011-38/\"\n );\n # http://www.mozilla.org/security/announce/2011/mfsa2011-39.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2011-39/\"\n );\n # http://www.mozilla.org/security/announce/2011/mfsa2011-40.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2011-40/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2372.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2995.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2996.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2999.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-3000.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 7783.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/09/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/10/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"MozillaFirefox-3.6.23-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"MozillaFirefox-translations-3.6.23-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"mozilla-xulrunner192-1.9.2.23-1.6.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"mozilla-xulrunner192-gnome-1.9.2.23-1.6.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"mozilla-xulrunner192-translations-1.9.2.23-1.6.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"x86_64\", reference:\"mozilla-xulrunner192-32bit-1.9.2.23-1.6.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"x86_64\", reference:\"mozilla-xulrunner192-gnome-32bit-1.9.2.23-1.6.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"x86_64\", reference:\"mozilla-xulrunner192-translations-32bit-1.9.2.23-1.6.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T05:57:07", "description": "Mozilla Firefox was updated to version 3.6.23, fixing various bugs and\nsecurity issues.\n\n - Mozilla developers identified and fixed several memory\n safety bugs in the browser engine used in Firefox and\n other Mozilla-based products. Some of these bugs showed\n evidence of memory corruption under certain\n circumstances, and we presume that with enough effort at\n least some of these could be exploited to run arbitrary\n code. (MFSA 2011-36)\n\n In general these flaws cannot be exploited through email\n in the Thunderbird and SeaMonkey products because\n scripting is disabled,, but are potentially a risk in\n browser or browser-like contexts in those products.\n\n Benjamin Smedberg, Bob Clary, and Jesse Ruderman\n reported memory safety problems that affected Firefox\n 3.6 and Firefox 6. (CVE-2011-2995)\n\n Josh Aas reported a potential crash in the plugin API\n that affected Firefox 3.6 only. (CVE-2011-2996)\n\n - Mark Kaplan reported a potentially exploitable crash due\n to integer underflow when using a large JavaScript\n RegExp expression. We would also like to thank Mark for\n contributing the fix for this problem. (no CVE yet).\n (MFSA 2011-37)\n\n - Mozilla developer Boris Zbarsky reported that a frame\n named 'location' could shadow the window.location object\n unless a script in a page grabbed a reference to the\n true object before the frame was created. Because some\n plugins use the value of window.location to determine\n the page origin this could fool the plugin into granting\n the plugin content access to another site or the local\n file system in violation of the Same Origin Policy. This\n flaw allows circumvention of the fix added for MFSA\n 2010-10. (CVE-2011-2999). (MFSA 2011-38)\n\n - Ian Graham of Citrix Online reported that when multiple\n Location headers were present in a redirect response\n Mozilla behavior differed from other browsers: Mozilla\n would use the second Location header while Chrome and\n Internet Explorer would use the first. Two copies of\n this header with different values could be a symptom of\n a CRLF injection attack against a vulnerable server.\n Most commonly it is the Location header itself that is\n vulnerable to the response splitting and therefore the\n copy preferred by Mozilla is more likely to be the\n malicious one. It is possible, however, that the first\n copy was the injected one depending on the nature of the\n server vulnerability. (MFSA 2011-39)\n\n The Mozilla browser engine has been changed to treat two\n copies of this header with different values as an error\n condition. The same has been done with the headers\n Content-Length and Content-Disposition. (CVE-2011-3000)\n\n - Mariusz Mlynski reported that if you could convince a\n user to hold down the Enter key--as part of a game or\n test, perhaps--a malicious page could pop up a download\n dialog where the held key would then activate the\n default Open action. For some file types this would be\n merely annoying (the equivalent of a pop-up) but other\n file types have powerful scripting capabilities. And\n this would provide an avenue for an attacker to exploit\n a vulnerability in applications not normally exposed to\n potentially hostile internet content. (MFSA 2011-40)\n\n Holding enter allows arbitrary code execution due to\n Download Manager. (CVE-2011-2372)", "edition": 23, "published": "2011-12-13T00:00:00", "title": "SuSE 11.1 Security Update : Mozilla Firefox (SAT Patch Number 5224)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2995", "CVE-2011-2372", "CVE-2011-2996", "CVE-2011-3000", "CVE-2011-2999"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner192-translations", "p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner192-32bit", "cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner192-gnome", "p-cpe:/a:novell:suse_linux:11:MozillaFirefox-translations", "p-cpe:/a:novell:suse_linux:11:MozillaFirefox", "p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner192", "p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner192-translations-32bit", "p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner192-gnome-32bit"], "id": "SUSE_11_MOZILLAFIREFOX-111004.NASL", "href": "https://www.tenable.com/plugins/nessus/57083", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(57083);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2019/10/25 13:36:42\");\n\n script_cve_id(\"CVE-2011-2372\", \"CVE-2011-2995\", \"CVE-2011-2996\", \"CVE-2011-2999\", \"CVE-2011-3000\");\n\n script_name(english:\"SuSE 11.1 Security Update : Mozilla Firefox (SAT Patch Number 5224)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Mozilla Firefox was updated to version 3.6.23, fixing various bugs and\nsecurity issues.\n\n - Mozilla developers identified and fixed several memory\n safety bugs in the browser engine used in Firefox and\n other Mozilla-based products. Some of these bugs showed\n evidence of memory corruption under certain\n circumstances, and we presume that with enough effort at\n least some of these could be exploited to run arbitrary\n code. (MFSA 2011-36)\n\n In general these flaws cannot be exploited through email\n in the Thunderbird and SeaMonkey products because\n scripting is disabled,, but are potentially a risk in\n browser or browser-like contexts in those products.\n\n Benjamin Smedberg, Bob Clary, and Jesse Ruderman\n reported memory safety problems that affected Firefox\n 3.6 and Firefox 6. (CVE-2011-2995)\n\n Josh Aas reported a potential crash in the plugin API\n that affected Firefox 3.6 only. (CVE-2011-2996)\n\n - Mark Kaplan reported a potentially exploitable crash due\n to integer underflow when using a large JavaScript\n RegExp expression. We would also like to thank Mark for\n contributing the fix for this problem. (no CVE yet).\n (MFSA 2011-37)\n\n - Mozilla developer Boris Zbarsky reported that a frame\n named 'location' could shadow the window.location object\n unless a script in a page grabbed a reference to the\n true object before the frame was created. Because some\n plugins use the value of window.location to determine\n the page origin this could fool the plugin into granting\n the plugin content access to another site or the local\n file system in violation of the Same Origin Policy. This\n flaw allows circumvention of the fix added for MFSA\n 2010-10. (CVE-2011-2999). (MFSA 2011-38)\n\n - Ian Graham of Citrix Online reported that when multiple\n Location headers were present in a redirect response\n Mozilla behavior differed from other browsers: Mozilla\n would use the second Location header while Chrome and\n Internet Explorer would use the first. Two copies of\n this header with different values could be a symptom of\n a CRLF injection attack against a vulnerable server.\n Most commonly it is the Location header itself that is\n vulnerable to the response splitting and therefore the\n copy preferred by Mozilla is more likely to be the\n malicious one. It is possible, however, that the first\n copy was the injected one depending on the nature of the\n server vulnerability. (MFSA 2011-39)\n\n The Mozilla browser engine has been changed to treat two\n copies of this header with different values as an error\n condition. The same has been done with the headers\n Content-Length and Content-Disposition. (CVE-2011-3000)\n\n - Mariusz Mlynski reported that if you could convince a\n user to hold down the Enter key--as part of a game or\n test, perhaps--a malicious page could pop up a download\n dialog where the held key would then activate the\n default Open action. For some file types this would be\n merely annoying (the equivalent of a pop-up) but other\n file types have powerful scripting capabilities. And\n this would provide an avenue for an attacker to exploit\n a vulnerability in applications not normally exposed to\n potentially hostile internet content. (MFSA 2011-40)\n\n Holding enter allows arbitrary code execution due to\n Download Manager. (CVE-2011-2372)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2010/mfsa2010-10.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2011/mfsa2011-36.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2011/mfsa2011-37.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2011/mfsa2011-38.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2011/mfsa2011-39.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2011/mfsa2011-40.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=720264\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2372.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2995.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2996.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2999.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-3000.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 5224.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:MozillaFirefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:MozillaFirefox-translations\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner192\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner192-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner192-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner192-gnome-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner192-translations\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner192-translations-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/12/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2019 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 1) audit(AUDIT_OS_NOT, \"SuSE 11.1\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"MozillaFirefox-3.6.23-0.3.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"MozillaFirefox-translations-3.6.23-0.3.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"mozilla-xulrunner192-1.9.2.23-1.2.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"mozilla-xulrunner192-gnome-1.9.2.23-1.2.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"mozilla-xulrunner192-translations-1.9.2.23-1.2.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"MozillaFirefox-3.6.23-0.3.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"MozillaFirefox-translations-3.6.23-0.3.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"mozilla-xulrunner192-1.9.2.23-1.2.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"mozilla-xulrunner192-32bit-1.9.2.23-1.2.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"mozilla-xulrunner192-gnome-1.9.2.23-1.2.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"mozilla-xulrunner192-gnome-32bit-1.9.2.23-1.2.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"mozilla-xulrunner192-translations-1.9.2.23-1.2.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"mozilla-xulrunner192-translations-32bit-1.9.2.23-1.2.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"MozillaFirefox-3.6.23-0.3.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"MozillaFirefox-translations-3.6.23-0.3.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"mozilla-xulrunner192-1.9.2.23-1.2.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"mozilla-xulrunner192-gnome-1.9.2.23-1.2.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"mozilla-xulrunner192-translations-1.9.2.23-1.2.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"s390x\", reference:\"mozilla-xulrunner192-32bit-1.9.2.23-1.2.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"mozilla-xulrunner192-32bit-1.9.2.23-1.2.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T04:37:25", "description": "From Red Hat Security Advisory 2011:1341 :\n\nUpdated firefox packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 4, 5, and 6.\n\nThe Red Hat Security Response Team has rated this update as having\ncritical security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nMozilla Firefox is an open source web browser. XULRunner provides the\nXUL Runtime environment for Mozilla Firefox.\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning Firefox. (CVE-2011-2995)\n\nA flaw was found in the way Firefox processed the 'Enter' keypress\nevent. A malicious web page could present a download dialog while the\nkey is pressed, activating the default 'Open' action. A remote\nattacker could exploit this vulnerability by causing the browser to\nopen malicious web content. (CVE-2011-2372)\n\nA flaw was found in the way Firefox handled Location headers in\nredirect responses. Two copies of this header with different values\ncould be a symptom of a CRLF injection attack against a vulnerable\nserver. Firefox now treats two copies of the Location, Content-Length,\nor Content-Disposition header as an error condition. (CVE-2011-3000)\n\nA flaw was found in the way Firefox handled frame objects with certain\nnames. An attacker could use this flaw to cause a plug-in to grant its\ncontent access to another site or the local file system, violating the\nsame-origin policy. (CVE-2011-2999)\n\nAn integer underflow flaw was found in the way Firefox handled large\nJavaScript regular expressions. A web page containing malicious\nJavaScript could cause Firefox to access already freed memory, causing\nFirefox to crash or, potentially, execute arbitrary code with the\nprivileges of the user running Firefox. (CVE-2011-2998)\n\nFor technical details regarding these flaws, refer to the Mozilla\nsecurity advisories for Firefox 3.6.23. You can find a link to the\nMozilla advisories in the References section of this erratum.\n\nAll Firefox users should upgrade to these updated packages, which\ncontain Firefox version 3.6.23, which corrects these issues. After\ninstalling the update, Firefox must be restarted for the changes to\ntake effect.", "edition": 24, "published": "2013-07-12T00:00:00", "title": "Oracle Linux 4 / 5 / 6 : firefox (ELSA-2011-1341)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2998", "CVE-2011-2995", "CVE-2011-2372", "CVE-2011-3000", "CVE-2011-2999"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:xulrunner", "p-cpe:/a:oracle:linux:firefox", "cpe:/o:oracle:linux:5", "cpe:/o:oracle:linux:4", "p-cpe:/a:oracle:linux:xulrunner-devel"], "id": "ORACLELINUX_ELSA-2011-1341.NASL", "href": "https://www.tenable.com/plugins/nessus/68359", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2011:1341 and \n# Oracle Linux Security Advisory ELSA-2011-1341 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(68359);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2019/10/25 13:36:09\");\n\n script_cve_id(\"CVE-2011-2372\", \"CVE-2011-2995\", \"CVE-2011-2998\", \"CVE-2011-2999\", \"CVE-2011-3000\");\n script_xref(name:\"RHSA\", value:\"2011:1341\");\n\n script_name(english:\"Oracle Linux 4 / 5 / 6 : firefox (ELSA-2011-1341)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2011:1341 :\n\nUpdated firefox packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 4, 5, and 6.\n\nThe Red Hat Security Response Team has rated this update as having\ncritical security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nMozilla Firefox is an open source web browser. XULRunner provides the\nXUL Runtime environment for Mozilla Firefox.\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning Firefox. (CVE-2011-2995)\n\nA flaw was found in the way Firefox processed the 'Enter' keypress\nevent. A malicious web page could present a download dialog while the\nkey is pressed, activating the default 'Open' action. A remote\nattacker could exploit this vulnerability by causing the browser to\nopen malicious web content. (CVE-2011-2372)\n\nA flaw was found in the way Firefox handled Location headers in\nredirect responses. Two copies of this header with different values\ncould be a symptom of a CRLF injection attack against a vulnerable\nserver. Firefox now treats two copies of the Location, Content-Length,\nor Content-Disposition header as an error condition. (CVE-2011-3000)\n\nA flaw was found in the way Firefox handled frame objects with certain\nnames. An attacker could use this flaw to cause a plug-in to grant its\ncontent access to another site or the local file system, violating the\nsame-origin policy. (CVE-2011-2999)\n\nAn integer underflow flaw was found in the way Firefox handled large\nJavaScript regular expressions. A web page containing malicious\nJavaScript could cause Firefox to access already freed memory, causing\nFirefox to crash or, potentially, execute arbitrary code with the\nprivileges of the user running Firefox. (CVE-2011-2998)\n\nFor technical details regarding these flaws, refer to the Mozilla\nsecurity advisories for Firefox 3.6.23. You can find a link to the\nMozilla advisories in the References section of this erratum.\n\nAll Firefox users should upgrade to these updated packages, which\ncontain Firefox version 3.6.23, which corrects these issues. After\ninstalling the update, Firefox must be restarted for the changes to\ntake effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2011-September/002375.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2011-September/002378.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2011-September/002380.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected firefox packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:xulrunner\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:xulrunner-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/09/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/09/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(4|5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 4 / 5 / 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL4\", reference:\"firefox-3.6.23-1.0.1.el4\")) flag++;\n\nif (rpm_check(release:\"EL5\", reference:\"firefox-3.6.23-2.0.1.el5_7\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"xulrunner-1.9.2.23-1.0.1.el5_7\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"xulrunner-devel-1.9.2.23-1.0.1.el5_7\")) flag++;\n\nif (rpm_check(release:\"EL6\", reference:\"firefox-3.6.23-2.0.1.el6_1\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"xulrunner-1.9.2.23-1.0.1.el6_1.1\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"xulrunner-devel-1.9.2.23-1.0.1.el6_1.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox / xulrunner / xulrunner-devel\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-12T09:47:03", "description": "- CVE-2011-2372\n Mariusz Mlynski discovered that websites could open a\n download dialog -- which has 'open' as the default\n action --, while a user presses the ENTER key.\n\n - CVE-2011-2995\n Benjamin Smedberg, Bob Clary and Jesse Ruderman\n discovered crashes in the rendering engine, which could\n lead to the execution of arbitrary code.\n\n - CVE-2011-2998\n Mark Kaplan discovered an integer underflow in the\n JavaScript engine, which could lead to the execution of\n arbitrary code.\n\n - CVE-2011-2999\n Boris Zbarsky discovered that incorrect handling of the\n window.location object could lead to bypasses of the\n same-origin policy.\n\n - CVE-2011-3000\n Ian Graham discovered that multiple Location headers\n might lead to CRLF injection.\n\nAs indicated in the Lenny (oldstable) release notes, security support\nfor the Icedove packages in the oldstable needed to be stopped before\nthe end of the regular Lenny security maintenance life cycle. You are\nstrongly encouraged to upgrade to stable or switch to a different mail\nclient.", "edition": 17, "published": "2011-10-06T00:00:00", "title": "Debian DSA-2317-1 : icedove - several vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2998", "CVE-2011-2995", "CVE-2011-2372", "CVE-2011-3000", "CVE-2011-2999"], "modified": "2011-10-06T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:6.0", "p-cpe:/a:debian:debian_linux:icedove"], "id": "DEBIAN_DSA-2317.NASL", "href": "https://www.tenable.com/plugins/nessus/56395", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2317. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(56395);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2011-2372\", \"CVE-2011-2995\", \"CVE-2011-2998\", \"CVE-2011-2999\", \"CVE-2011-3000\");\n script_bugtraq_id(49809, 49810, 49811, 49848, 49849);\n script_xref(name:\"DSA\", value:\"2317\");\n\n script_name(english:\"Debian DSA-2317-1 : icedove - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"- CVE-2011-2372\n Mariusz Mlynski discovered that websites could open a\n download dialog -- which has 'open' as the default\n action --, while a user presses the ENTER key.\n\n - CVE-2011-2995\n Benjamin Smedberg, Bob Clary and Jesse Ruderman\n discovered crashes in the rendering engine, which could\n lead to the execution of arbitrary code.\n\n - CVE-2011-2998\n Mark Kaplan discovered an integer underflow in the\n JavaScript engine, which could lead to the execution of\n arbitrary code.\n\n - CVE-2011-2999\n Boris Zbarsky discovered that incorrect handling of the\n window.location object could lead to bypasses of the\n same-origin policy.\n\n - CVE-2011-3000\n Ian Graham discovered that multiple Location headers\n might lead to CRLF injection.\n\nAs indicated in the Lenny (oldstable) release notes, security support\nfor the Icedove packages in the oldstable needed to be stopped before\nthe end of the regular Lenny security maintenance life cycle. You are\nstrongly encouraged to upgrade to stable or switch to a different mail\nclient.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-2372\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-2995\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-2998\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-2999\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-3000\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze/icedove\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2011/dsa-2317\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the icedove packages.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 3.0.11-1+squeeze5.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/10/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"icedove\", reference:\"3.0.11-1+squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"icedove-dbg\", reference:\"3.0.11-1+squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"icedove-dev\", reference:\"3.0.11-1+squeeze5\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-12T09:47:01", "description": "Several vulnerabilities have been found in the Iceape internet suite,\nan unbranded version of SeaMonkey :\n\n - CVE-2011-2372\n Mariusz Mlynski discovered that websites could open a\n download dialog -- which has 'open' as the default\n action --, while a user presses the ENTER key.\n\n - CVE-2011-2995\n Benjamin Smedberg, Bob Clary and Jesse Ruderman\n discovered crashes in the rendering engine, which could\n lead to the execution of arbitrary code.\n\n - CVE-2011-2998\n Mark Kaplan discovered an integer underflow in the\n JavaScript engine, which could lead to the execution of\n arbitrary code.\n\n - CVE-2011-2999\n Boris Zbarsky discovered that incorrect handling of the\n window.location object could lead to bypasses of the\n same-origin policy.\n\n - CVE-2011-3000\n Ian Graham discovered that multiple Location headers\n might lead to CRLF injection.\n\nThe oldstable distribution (lenny) is not affected. The iceape package\nonly provides the XPCOM code.", "edition": 17, "published": "2011-09-30T00:00:00", "title": "Debian DSA-2312-1 : iceape - several vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2998", "CVE-2011-2995", "CVE-2011-2372", "CVE-2011-3000", "CVE-2011-2999"], "modified": "2011-09-30T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:6.0", "p-cpe:/a:debian:debian_linux:iceape"], "id": "DEBIAN_DSA-2312.NASL", "href": "https://www.tenable.com/plugins/nessus/56339", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2312. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(56339);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2011-2372\", \"CVE-2011-2995\", \"CVE-2011-2998\", \"CVE-2011-2999\", \"CVE-2011-3000\");\n script_bugtraq_id(49809, 49810, 49811, 49848, 49849);\n script_xref(name:\"DSA\", value:\"2312\");\n\n script_name(english:\"Debian DSA-2312-1 : iceape - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been found in the Iceape internet suite,\nan unbranded version of SeaMonkey :\n\n - CVE-2011-2372\n Mariusz Mlynski discovered that websites could open a\n download dialog -- which has 'open' as the default\n action --, while a user presses the ENTER key.\n\n - CVE-2011-2995\n Benjamin Smedberg, Bob Clary and Jesse Ruderman\n discovered crashes in the rendering engine, which could\n lead to the execution of arbitrary code.\n\n - CVE-2011-2998\n Mark Kaplan discovered an integer underflow in the\n JavaScript engine, which could lead to the execution of\n arbitrary code.\n\n - CVE-2011-2999\n Boris Zbarsky discovered that incorrect handling of the\n window.location object could lead to bypasses of the\n same-origin policy.\n\n - CVE-2011-3000\n Ian Graham discovered that multiple Location headers\n might lead to CRLF injection.\n\nThe oldstable distribution (lenny) is not affected. The iceape package\nonly provides the XPCOM code.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-2372\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-2995\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-2998\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-2999\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-3000\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze/iceape\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2011/dsa-2312\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the iceape packages.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 2.0.11-8. This update also marks the compromised DigiNotar\nroot certs as revoked rather then untrusted.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceape\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/09/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/09/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"iceape\", reference:\"2.0.11-8\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"iceape-browser\", reference:\"2.0.11-8\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"iceape-chatzilla\", reference:\"2.0.11-8\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"iceape-dbg\", reference:\"2.0.11-8\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"iceape-dev\", reference:\"2.0.11-8\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"iceape-mailnews\", reference:\"2.0.11-8\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-06T09:27:17", "description": "Updated firefox packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 4, 5, and 6.\n\nThe Red Hat Security Response Team has rated this update as having\ncritical security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nMozilla Firefox is an open source web browser. XULRunner provides the\nXUL Runtime environment for Mozilla Firefox.\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning Firefox. (CVE-2011-2995)\n\nA flaw was found in the way Firefox processed the 'Enter' keypress\nevent. A malicious web page could present a download dialog while the\nkey is pressed, activating the default 'Open' action. A remote\nattacker could exploit this vulnerability by causing the browser to\nopen malicious web content. (CVE-2011-2372)\n\nA flaw was found in the way Firefox handled Location headers in\nredirect responses. Two copies of this header with different values\ncould be a symptom of a CRLF injection attack against a vulnerable\nserver. Firefox now treats two copies of the Location, Content-Length,\nor Content-Disposition header as an error condition. (CVE-2011-3000)\n\nA flaw was found in the way Firefox handled frame objects with certain\nnames. An attacker could use this flaw to cause a plug-in to grant its\ncontent access to another site or the local file system, violating the\nsame-origin policy. (CVE-2011-2999)\n\nAn integer underflow flaw was found in the way Firefox handled large\nJavaScript regular expressions. A web page containing malicious\nJavaScript could cause Firefox to access already freed memory, causing\nFirefox to crash or, potentially, execute arbitrary code with the\nprivileges of the user running Firefox. (CVE-2011-2998)\n\nFor technical details regarding these flaws, refer to the Mozilla\nsecurity advisories for Firefox 3.6.23. You can find a link to the\nMozilla advisories in the References section of this erratum.\n\nAll Firefox users should upgrade to these updated packages, which\ncontain Firefox version 3.6.23, which corrects these issues. After\ninstalling the update, Firefox must be restarted for the changes to\ntake effect.", "edition": 27, "published": "2011-09-29T00:00:00", "title": "CentOS 4 / 5 : firefox (CESA-2011:1341)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2998", "CVE-2011-2995", "CVE-2011-2372", "CVE-2011-3000", "CVE-2011-2999"], "modified": "2011-09-29T00:00:00", "cpe": ["p-cpe:/a:centos:centos:xulrunner-devel", "cpe:/o:centos:centos:4", "p-cpe:/a:centos:centos:xulrunner", "p-cpe:/a:centos:centos:firefox", "cpe:/o:centos:centos:5"], "id": "CENTOS_RHSA-2011-1341.NASL", "href": "https://www.tenable.com/plugins/nessus/56311", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2011:1341 and \n# CentOS Errata and Security Advisory 2011:1341 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(56311);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2011-2372\", \"CVE-2011-2995\", \"CVE-2011-2998\", \"CVE-2011-2999\", \"CVE-2011-3000\");\n script_xref(name:\"RHSA\", value:\"2011:1341\");\n\n script_name(english:\"CentOS 4 / 5 : firefox (CESA-2011:1341)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated firefox packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 4, 5, and 6.\n\nThe Red Hat Security Response Team has rated this update as having\ncritical security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nMozilla Firefox is an open source web browser. XULRunner provides the\nXUL Runtime environment for Mozilla Firefox.\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning Firefox. (CVE-2011-2995)\n\nA flaw was found in the way Firefox processed the 'Enter' keypress\nevent. A malicious web page could present a download dialog while the\nkey is pressed, activating the default 'Open' action. A remote\nattacker could exploit this vulnerability by causing the browser to\nopen malicious web content. (CVE-2011-2372)\n\nA flaw was found in the way Firefox handled Location headers in\nredirect responses. Two copies of this header with different values\ncould be a symptom of a CRLF injection attack against a vulnerable\nserver. Firefox now treats two copies of the Location, Content-Length,\nor Content-Disposition header as an error condition. (CVE-2011-3000)\n\nA flaw was found in the way Firefox handled frame objects with certain\nnames. An attacker could use this flaw to cause a plug-in to grant its\ncontent access to another site or the local file system, violating the\nsame-origin policy. (CVE-2011-2999)\n\nAn integer underflow flaw was found in the way Firefox handled large\nJavaScript regular expressions. A web page containing malicious\nJavaScript could cause Firefox to access already freed memory, causing\nFirefox to crash or, potentially, execute arbitrary code with the\nprivileges of the user running Firefox. (CVE-2011-2998)\n\nFor technical details regarding these flaws, refer to the Mozilla\nsecurity advisories for Firefox 3.6.23. You can find a link to the\nMozilla advisories in the References section of this erratum.\n\nAll Firefox users should upgrade to these updated packages, which\ncontain Firefox version 3.6.23, which corrects these issues. After\ninstalling the update, Firefox must be restarted for the changes to\ntake effect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2011-September/018079.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6736d1f8\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2011-September/018080.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a9bff1b5\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2011-September/018085.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8ba3960a\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2011-September/018086.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e6dd3998\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected firefox packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:xulrunner\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:xulrunner-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/09/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/09/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/09/29\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 4.x / 5.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"firefox-3.6.23-1.el4.centos\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"firefox-3.6.23-1.el4.centos\")) flag++;\n\nif (rpm_check(release:\"CentOS-5\", reference:\"firefox-3.6.23-2.el5.centos\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"xulrunner-1.9.2.23-1.el5_7\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"xulrunner-devel-1.9.2.23-1.el5_7\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox / xulrunner / xulrunner-devel\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "redhat": [{"lastseen": "2019-08-13T18:46:12", "bulletinFamily": "unix", "cvelist": ["CVE-2011-2372", "CVE-2011-2995", "CVE-2011-2998", "CVE-2011-2999", "CVE-2011-3000"], "description": "Mozilla Firefox is an open source web browser. XULRunner provides the XUL\nRuntime environment for Mozilla Firefox.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nFirefox. (CVE-2011-2995)\n\nA flaw was found in the way Firefox processed the \"Enter\" keypress event. A\nmalicious web page could present a download dialog while the key is\npressed, activating the default \"Open\" action. A remote attacker could\nexploit this vulnerability by causing the browser to open malicious web\ncontent. (CVE-2011-2372)\n\nA flaw was found in the way Firefox handled Location headers in redirect\nresponses. Two copies of this header with different values could be a\nsymptom of a CRLF injection attack against a vulnerable server. Firefox now\ntreats two copies of the Location, Content-Length, or Content-Disposition\nheader as an error condition. (CVE-2011-3000)\n\nA flaw was found in the way Firefox handled frame objects with certain\nnames. An attacker could use this flaw to cause a plug-in to grant its\ncontent access to another site or the local file system, violating the\nsame-origin policy. (CVE-2011-2999)\n\nAn integer underflow flaw was found in the way Firefox handled large\nJavaScript regular expressions. A web page containing malicious JavaScript\ncould cause Firefox to access already freed memory, causing Firefox to\ncrash or, potentially, execute arbitrary code with the privileges of the\nuser running Firefox. (CVE-2011-2998)\n\nFor technical details regarding these flaws, refer to the Mozilla security\nadvisories for Firefox 3.6.23. You can find a link to the Mozilla\nadvisories in the References section of this erratum.\n\nAll Firefox users should upgrade to these updated packages, which contain\nFirefox version 3.6.23, which corrects these issues. After installing the\nupdate, Firefox must be restarted for the changes to take effect.\n", "modified": "2018-06-06T20:24:20", "published": "2011-09-28T04:00:00", "id": "RHSA-2011:1341", "href": "https://access.redhat.com/errata/RHSA-2011:1341", "type": "redhat", "title": "(RHSA-2011:1341) Critical: firefox security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:45:55", "bulletinFamily": "unix", "cvelist": ["CVE-2011-2372", "CVE-2011-2995", "CVE-2011-2998", "CVE-2011-2999", "CVE-2011-3000"], "description": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the processing of malformed HTML content. An\nHTML mail message containing malicious content could cause Thunderbird to\ncrash or, potentially, execute arbitrary code with the privileges of the\nuser running Thunderbird. (CVE-2011-2995)\n\nA flaw was found in the way Thunderbird processed the \"Enter\" keypress\nevent. A malicious HTML mail message could present a download dialog while\nthe key is pressed, activating the default \"Open\" action. A remote attacker\ncould exploit this vulnerability by causing the mail client to open\nmalicious web content. (CVE-2011-2372)\n\nA flaw was found in the way Thunderbird handled Location headers in\nredirect responses. Two copies of this header with different values could\nbe a symptom of a CRLF injection attack against a vulnerable server.\nThunderbird now treats two copies of the Location, Content-Length, or\nContent-Disposition header as an error condition. (CVE-2011-3000)\n\nA flaw was found in the way Thunderbird handled frame objects with certain\nnames. An attacker could use this flaw to cause a plug-in to grant its\ncontent access to another site or the local file system, violating the\nsame-origin policy. (CVE-2011-2999)\n\nAn integer underflow flaw was found in the way Thunderbird handled large\nJavaScript regular expressions. An HTML mail message containing malicious\nJavaScript could cause Thunderbird to access already freed memory, causing\nThunderbird to crash or, potentially, execute arbitrary code with the\nprivileges of the user running Thunderbird. (CVE-2011-2998)\n\nAll Thunderbird users should upgrade to this updated package, which\nresolves these issues. All running instances of Thunderbird must be\nrestarted for the update to take effect.\n", "modified": "2018-06-06T20:24:37", "published": "2011-09-28T04:00:00", "id": "RHSA-2011:1342", "href": "https://access.redhat.com/errata/RHSA-2011:1342", "type": "redhat", "title": "(RHSA-2011:1342) Critical: thunderbird security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "centos": [{"lastseen": "2020-07-17T03:28:56", "bulletinFamily": "unix", "cvelist": ["CVE-2011-2998", "CVE-2011-2995", "CVE-2011-2372", "CVE-2011-3000", "CVE-2011-2999"], "description": "**CentOS Errata and Security Advisory** CESA-2011:1341\n\n\nMozilla Firefox is an open source web browser. XULRunner provides the XUL\nRuntime environment for Mozilla Firefox.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nFirefox. (CVE-2011-2995)\n\nA flaw was found in the way Firefox processed the \"Enter\" keypress event. A\nmalicious web page could present a download dialog while the key is\npressed, activating the default \"Open\" action. A remote attacker could\nexploit this vulnerability by causing the browser to open malicious web\ncontent. (CVE-2011-2372)\n\nA flaw was found in the way Firefox handled Location headers in redirect\nresponses. Two copies of this header with different values could be a\nsymptom of a CRLF injection attack against a vulnerable server. Firefox now\ntreats two copies of the Location, Content-Length, or Content-Disposition\nheader as an error condition. (CVE-2011-3000)\n\nA flaw was found in the way Firefox handled frame objects with certain\nnames. An attacker could use this flaw to cause a plug-in to grant its\ncontent access to another site or the local file system, violating the\nsame-origin policy. (CVE-2011-2999)\n\nAn integer underflow flaw was found in the way Firefox handled large\nJavaScript regular expressions. A web page containing malicious JavaScript\ncould cause Firefox to access already freed memory, causing Firefox to\ncrash or, potentially, execute arbitrary code with the privileges of the\nuser running Firefox. (CVE-2011-2998)\n\nFor technical details regarding these flaws, refer to the Mozilla security\nadvisories for Firefox 3.6.23. You can find a link to the Mozilla\nadvisories in the References section of this erratum.\n\nAll Firefox users should upgrade to these updated packages, which contain\nFirefox version 3.6.23, which corrects these issues. After installing the\nupdate, Firefox must be restarted for the changes to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2011-September/030117.html\nhttp://lists.centos.org/pipermail/centos-announce/2011-September/030118.html\nhttp://lists.centos.org/pipermail/centos-announce/2011-September/030123.html\nhttp://lists.centos.org/pipermail/centos-announce/2011-September/030124.html\n\n**Affected packages:**\nfirefox\nxulrunner\nxulrunner-devel\n\n**Upstream details at:**\n\nhttps://rhn.redhat.com/errata/RHSA-2011-1341.html", "edition": 5, "modified": "2011-09-29T18:49:05", "published": "2011-09-29T03:54:30", "href": "http://lists.centos.org/pipermail/centos-announce/2011-September/030117.html", "id": "CESA-2011:1341", "title": "firefox, xulrunner security update", "type": "centos", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "suse": [{"lastseen": "2016-09-04T11:38:59", "bulletinFamily": "unix", "cvelist": ["CVE-2011-2995", "CVE-2011-2372", "CVE-2011-2996", "CVE-2011-3000", "CVE-2011-2999"], "description": "Mozilla Firefox was updated to version 3.6.23, fixing\n various bugs and security issues.\n\n MFSA 2011-36: Mozilla developers identified and fixed\n several memory safety bugs in the browser engine used in\n Firefox and other Mozilla-based products. Some of these\n bugs showed evidence of memory corruption under certain\n circumstances, and we presume that with enough effort at\n least some of these could be exploited to run arbitrary\n code.\n\n In general these flaws cannot be exploited through email in\n the Thunderbird and SeaMonkey products because scripting is\n disabled,, but are potentially a risk in browser or\n browser-like contexts in those products.\n\n Benjamin Smedberg, Bob Clary, and Jesse Ruderman reported\n memory safety problems that affected Firefox 3.6 and\n Firefox 6. (CVE-2011-2995)\n\n Josh Aas reported a potential crash in the plugin API that\n affected Firefox 3.6 only. (CVE-2011-2996)\n\n MFSA 2011-37: Mark Kaplan reported a potentially\n exploitable crash due to integer underflow when using a\n large JavaScript RegExp expression. We would also like to\n thank Mark for contributing the fix for this problem. (no\n CVE yet)\n\n MFSA 2011-38: Mozilla developer Boris Zbarsky reported that\n a frame named "location" could shadow the window.location\n object unless a script in a page grabbed a reference to the\n true object before the frame was created. Because some\n plugins use the value of window.location to determine the\n page origin this could fool the plugin into granting the\n plugin content access to another site or the local file\n system in violation of the Same Origin Policy. This flaw\n allows circumvention of the fix added for MFSA 2010-10.\n (CVE-2011-2999)\n\n MFSA 2011-39: Ian Graham of Citrix Online reported that\n when multiple Location headers were present in a redirect\n response Mozilla behavior differed from other browsers:\n Mozilla would use the second Location header while Chrome\n and Internet Explorer would use the first. Two copies of\n this header with different values could be a symptom of a\n CRLF injection attack against a vulnerable server. Most\n commonly it is the Location header itself that is\n vulnerable to the response splitting and therefore the copy\n preferred by Mozilla is more likely to be the malicious\n one. It is possible, however, that the first copy was the\n injected one depending on the nature of the server\n vulnerability.\n\n The Mozilla browser engine has been changed to treat two\n copies of this header with different values as an error\n condition. The same has been done with the headers\n Content-Length and Content-Disposition. (CVE-2011-3000)\n\n MFSA 2011-40: Mariusz Mlynski reported that if you could\n convince a user to hold down the Enter key--as part of a\n game or test, perhaps--a malicious page could pop up a\n download dialog where the held key would then activate the\n default Open action. For some file types this would be\n merely annoying (the equivalent of a pop-up) but other file\n types have powerful scripting capabilities. And this would\n provide an avenue for an attacker to exploit a\n vulnerability in applications not normally exposed to\n potentially hostile internet content.\n\n Holding enter allows arbitrary code execution due to\n Download Manager (CVE-2011-2372)\n\n", "edition": 1, "modified": "2011-09-29T16:08:17", "published": "2011-09-29T16:08:17", "id": "OPENSUSE-SU-2011:1079-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00030.html", "title": "MozillaFirefox: Update to Firefox 3.6.23 (important)", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:50:17", "bulletinFamily": "unix", "cvelist": ["CVE-2011-2995", "CVE-2011-2372", "CVE-2011-2996", "CVE-2011-3000", "CVE-2011-2999"], "description": "Mozilla Firefox was updated to version 3.6.23, fixing\n various bugs and security issues.\n\n *\n\n MFSA 2011-36: Mozilla developers identified and fixed\n several memory safety bugs in the browser engine used in\n Firefox and other Mozilla-based products. Some of these\n bugs showed evidence of memory corruption under certain\n circumstances, and we presume that with enough effort at\n least some of these could be exploited to run arbitrary\n code.\n\n In general these flaws cannot be exploited through\n email in the Thunderbird and SeaMonkey products because\n scripting is disabled,, but are potentially a risk in\n browser or browser-like contexts in those products.\n\n *\n\n Benjamin Smedberg, Bob Clary, and Jesse Ruderman\n reported memory safety problems that affected Firefox 3.6\n and Firefox 6. (CVE-2011-2995)\n\n *\n\n Josh Aas reported a potential crash in the plugin API\n that affected Firefox 3.6 only. (CVE-2011-2996)\n\n *\n\n MFSA 2011-37: Mark Kaplan reported a potentially\n exploitable crash due to integer underflow when using a\n large JavaScript RegExp expression. We would also like to\n thank Mark for contributing the fix for this problem. (no\n CVE yet)\n\n *\n\n MFSA 2011-38: Mozilla developer Boris Zbarsky\n reported that a frame named "location" could shadow the\n window.location object unless a script in a page grabbed a\n reference to the true object before the frame was created.\n Because some plugins use the value of window.location to\n determine the page origin this could fool the plugin into\n granting the plugin content access to another site or the\n local file system in violation of the Same Origin Policy.\n This flaw allows circumvention of the fix added for MFSA\n 2010-10. (CVE-2011-2999)\n\n *\n\n MFSA 2011-39: Ian Graham of Citrix Online reported\n that when multiple Location headers were present in a\n redirect response Mozilla behavior differed from other\n browsers: Mozilla would use the second Location header\n while Chrome and Internet Explorer would use the first. Two\n copies of this header with different values could be a\n symptom of a CRLF injection attack against a vulnerable\n server. Most commonly it is the Location header itself that\n is vulnerable to the response splitting and therefore the\n copy preferred by Mozilla is more likely to be the\n malicious one. It is possible, however, that the first copy\n was the injected one depending on the nature of the server\n vulnerability.\n\n The Mozilla browser engine has been changed to treat\n two copies of this header with different values as an error\n condition. The same has been done with the headers\n Content-Length and Content-Disposition. (CVE-2011-3000)\n\n *\n\n MFSA 2011-40: Mariusz Mlynski reported that if you\n could convince a user to hold down the Enter key--as part\n of a game or test, perhaps--a malicious page could pop up a\n download dialog where the held key would then activate the\n default Open action. For some file types this would be\n merely annoying (the equivalent of a pop-up) but other file\n types have powerful scripting capabilities. And this would\n provide an avenue for an attacker to exploit a\n vulnerability in applications not normally exposed to\n potentially hostile internet content.\n\n Holding enter allows arbitrary code execution due to\n Download Manager (CVE-2011-2372)\n", "edition": 1, "modified": "2011-10-06T00:08:31", "published": "2011-10-06T00:08:31", "id": "SUSE-SU-2011:1096-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2011-10/msg00001.html", "title": "Security update for Mozilla Firefox (important)", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:36:29", "bulletinFamily": "unix", "cvelist": ["CVE-2011-2995", "CVE-2011-2372", "CVE-2011-2996", "CVE-2011-3000", "CVE-2011-2999"], "description": "Mozilla XULRunner was updated to version 1.9.2.23, fixing\n various bugs and security issues.\n\n MFSA 2011-36: Mozilla developers identified and fixed\n several memory safety bugs in the browser engine used in\n Firefox and other Mozilla-based products. Some of these\n bugs showed evidence of memory corruption under certain\n circumstances, and we presume that with enough effort at\n least some of these could be exploited to run arbitrary\n code.\n\n In general these flaws cannot be exploited through email in\n the Thunderbird and SeaMonkey products because scripting is\n disabled,, but are potentially a risk in browser or\n browser-like contexts in those products.\n\n Benjamin Smedberg, Bob Clary, and Jesse Ruderman reported\n memory safety problems that affected Firefox 3.6 and\n Firefox 6. (CVE-2011-2995)\n\n Josh Aas reported a potential crash in the plugin API that\n affected Firefox 3.6 only. (CVE-2011-2996)\n\n MFSA 2011-37: Mark Kaplan reported a potentially\n exploitable crash due to integer underflow when using a\n large JavaScript RegExp expression. We would also like to\n thank Mark for contributing the fix for this problem. (no\n CVE yet)\n\n MFSA 2011-38: Mozilla developer Boris Zbarsky reported that\n a frame named "location" could shadow the window.location\n object unless a script in a page grabbed a reference to the\n true object before the frame was created. Because some\n plugins use the value of window.location to determine the\n page origin this could fool the plugin into granting the\n plugin content access to another site or the local file\n system in violation of the Same Origin Policy. This flaw\n allows circumvention of the fix added for MFSA 2010-10.\n (CVE-2011-2999)\n\n MFSA 2011-39: Ian Graham of Citrix Online reported that\n when multiple Location headers were present in a redirect\n response Mozilla behavior differed from other browsers:\n Mozilla would use the second Location header while Chrome\n and Internet Explorer would use the first. Two copies of\n this header with different values could be a symptom of a\n CRLF injection attack against a vulnerable server. Most\n commonly it is the Location header itself that is\n vulnerable to the response splitting and therefore the copy\n preferred by Mozilla is more likely to be the malicious\n one. It is possible, however, that the first copy was the\n injected one depending on the nature of the server\n vulnerability.\n\n The Mozilla browser engine has been changed to treat two\n copies of this header with different values as an error\n condition. The same has been done with the headers\n Content-Length and Content-Disposition. (CVE-2011-3000)\n MFSA 2011-40: Mariusz Mlynski reported that if you could\n convince a user to hold down the Enter key--as part of a\n game or test, perhaps--a malicious page could pop up a\n download dialog where the held key would then activate the\n default Open action. For some file types this would be\n merely annoying (the equivalent of a pop-up) but other file\n types have powerful scripting capabilities. And this would\n provide an avenue for an attacker to exploit a\n vulnerability in applications not normally exposed to\n potentially hostile internet content.\n\n Holding enter allows arbitrary code execution due to\n Download Manager (CVE-2011-2372)\n\n", "edition": 1, "modified": "2011-09-29T14:08:20", "published": "2011-09-29T14:08:20", "id": "OPENSUSE-SU-2011:1076-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00028.html", "type": "suse", "title": "mozilla-xulrunner192: Update to Mozilla XULRunner 1.9.2.23 (important)", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:18:18", "bulletinFamily": "unix", "cvelist": ["CVE-2011-2995", "CVE-2011-2372", "CVE-2011-2997", "CVE-2011-3232", "CVE-2011-3000", "CVE-2011-3005", "CVE-2011-2999", "CVE-2011-3001"], "description": "Mozilla Thunderbird was updated to version 3.1.14, fixing\n various bugs and security issues.\n\n MFSA 2011-36: Mozilla developers identified and fixed\n several memory safety bugs in the browser engine used in\n Firefox and other Mozilla-based products. Some of these\n bugs showed evidence of memory corruption under certain\n circumstances, and we presume that with enough effort at\n least some of these could be exploited to run arbitrary\n code.\n\n In general these flaws cannot be exploited through email in\n the Thunderbird and SeaMonkey products because scripting is\n disabled, but are potentially a risk in browser or\n browser-like contexts in those products.\n\n Benjamin Smedberg, Bob Clary, and Jesse Ruderman reported\n memory safety problems that affected Firefox 3.6 and\n Firefox 6. (CVE-2011-2995)\n\n Bob Clary, Andrew McCreight, Andreas Gal, Gary Kwong, Igor\n Bukanov, Jason Orendorff, Jesse Ruderman, and Marcia Knous\n reported memory safety problems that affected Firefox 6,\n fixed in Firefox 7. (CVE-2011-2997)\n\n\n\n MFSA 2011-38: Mozilla developer Boris Zbarsky reported that\n a frame named "location" could shadow the window.location\n object unless a script in a page grabbed a reference to the\n true object before the frame was created. Because some\n plugins use the value of window.location to determine the\n page origin this could fool the plugin into granting the\n plugin content access to another site or the local file\n system in violation of the Same Origin Policy. This flaw\n allows circumvention of the fix added for MFSA 2010-10.\n (CVE-2011-2999)\n\n MFSA 2011-39: Ian Graham of Citrix Online reported that\n when multiple Location headers were present in a redirect\n response Mozilla behavior differed from other browsers:\n Mozilla would use the second Location header while Chrome\n and Internet Explorer would use the first. Two copies of\n this header with different values could be a symptom of a\n CRLF injection attack against a vulnerable server. Most\n commonly it is the Location header itself that is\n vulnerable to the response splitting and therefore the copy\n preferred by Mozilla is more likely to be the malicious\n one. It is possible, however, that the first copy was the\n injected one depending on the nature of the server\n vulnerability.\n\n The Mozilla browser engine has been changed to treat two\n copies of this header with different values as an error\n condition. The same has been done with the headers\n Content-Length and Content-Disposition. (CVE-2011-3000)\n\n MFSA 2011-40: Mariusz Mlynski reported that if you could\n convince a user to hold down the Enter key--as part of a\n game or test, perhaps--a malicious page could pop up a\n download dialog where the held key would then activate the\n default Open action. For some file types this would be\n merely annoying (the equivalent of a pop-up) but other file\n types have powerful scripting capabilities. And this would\n provide an avenue for an attacker to exploit a\n vulnerability in applications not normally exposed to\n potentially hostile internet content.\n\n Mariusz also reported a similar flaw with manual plugin\n installation using the PLUGINSPAGE attribute. It was\n possible to create an internal error that suppressed a\n confirmation dialog, such that holding enter would lead to\n the installation of an arbitrary add-on. (This variant did\n not affect Firefox 3.6)\n\n Holding enter allows arbitrary code execution due to\n Download Manager (CVE-2011-2372)\n\n Holding enter allows arbitrary extension installation\n (CVE-2011-3001)\n\n MFSA 2011-42: Security researcher Aki Helin reported a\n potentially exploitable crash in the YARR regular\n expression library used by JavaScript. (CVE-2011-3232)\n\n MFSA 2011-44: sczimmer reported that Firefox crashed when\n loading a particular .ogg file. This was due to a\n use-after-free condition and could potentially be exploited\n to install malware. (CVE-2011-3005)\n\n This vulnerability does not affect Firefox 3.6 or earlier.\n\n", "edition": 1, "modified": "2011-10-04T15:08:20", "published": "2011-10-04T15:08:20", "id": "OPENSUSE-SU-2011:1076-2", "href": "http://lists.opensuse.org/opensuse-security-announce/2011-10/msg00000.html", "type": "suse", "title": "MozillaThunderbird: Update to Mozilla Thunderbird 3.1.14 (important)", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:20:21", "bulletinFamily": "unix", "cvelist": ["CVE-2011-2995", "CVE-2011-2372", "CVE-2011-2997", "CVE-2011-3002", "CVE-2011-3232", "CVE-2011-3004", "CVE-2011-3000", "CVE-2011-3005", "CVE-2011-2999", "CVE-2011-3003", "CVE-2011-3001"], "description": "Mozilla Seamonkey was updated to version 2.4, fixing\n various bugs and security issues.\n\n MFSA 2011-36: Mozilla developers identified and fixed\n several memory safety bugs in the browser engine used in\n Firefox and other Mozilla-based products. Some of these\n bugs showed evidence of memory corruption under certain\n circumstances, and we presume that with enough effort at\n least some of these could be exploited to run arbitrary\n code.\n\n In general these flaws cannot be exploited through email in\n the Thunderbird and SeaMonkey products because scripting is\n disabled, but are potentially a risk in browser or\n browser-like contexts in those products.\n\n Benjamin Smedberg, Bob Clary, and Jesse Ruderman reported\n memory safety problems that affected Firefox 3.6 and\n Firefox 6. (CVE-2011-2995)\n\n Bob Clary, Andrew McCreight, Andreas Gal, Gary Kwong, Igor\n Bukanov, Jason Orendorff, Jesse Ruderman, and Marcia Knous\n reported memory safety problems that affected Firefox 6,\n fixed in Firefox 7. (CVE-2011-2997)\n\n\n\n MFSA 2011-38: Mozilla developer Boris Zbarsky reported that\n a frame named "location" could shadow the window.location\n object unless a script in a page grabbed a reference to the\n true object before the frame was created. Because some\n plugins use the value of window.location to determine the\n page origin this could fool the plugin into granting the\n plugin content access to another site or the local file\n system in violation of the Same Origin Policy. This flaw\n allows circumvention of the fix added for MFSA 2010-10.\n (CVE-2011-2999)\n\n MFSA 2011-39: Ian Graham of Citrix Online reported that\n when multiple Location headers were present in a redirect\n response Mozilla behavior differed from other browsers:\n Mozilla would use the second Location header while Chrome\n and Internet Explorer would use the first. Two copies of\n this header with different values could be a symptom of a\n CRLF injection attack against a vulnerable server. Most\n commonly it is the Location header itself that is\n vulnerable to the response splitting and therefore the copy\n preferred by Mozilla is more likely to be the malicious\n one. It is possible, however, that the first copy was the\n injected one depending on the nature of the server\n vulnerability.\n\n The Mozilla browser engine has been changed to treat two\n copies of this header with different values as an error\n condition. The same has been done with the headers\n Content-Length and Content-Disposition. (CVE-2011-3000)\n\n MFSA 2011-40: Mariusz Mlynski reported that if you could\n convince a user to hold down the Enter key--as part of a\n game or test, perhaps--a malicious page could pop up a\n download dialog where the held key would then activate the\n default Open action. For some file types this would be\n merely annoying (the equivalent of a pop-up) but other file\n types have powerful scripting capabilities. And this would\n provide an avenue for an attacker to exploit a\n vulnerability in applications not normally exposed to\n potentially hostile internet content.\n\n Mariusz also reported a similar flaw with manual plugin\n installation using the PLUGINSPAGE attribute. It was\n possible to create an internal error that suppressed a\n confirmation dialog, such that holding enter would lead to\n the installation of an arbitrary add-on. (This variant did\n not affect Firefox 3.6)\n\n Holding enter allows arbitrary code execution due to\n Download Manager (CVE-2011-2372)\n\n Holding enter allows arbitrary extension installation\n (CVE-2011-3001)\n\n MFSA 2011-41: Michael Jordon of Context IS reported that in\n the ANGLE library used by WebGL the return value from\n GrowAtomTable() was not checked for errors. If an attacker\n could cause requests that exceeded the available memeory\n those would fail and potentially lead to a buffer overrun\n as subsequent code wrote into the non-allocated space.\n (CVE-2011-3002)\n\n Ben Hawkes of the Google Security Team reported a WebGL\n test case that demonstrated an out of bounds write after an\n allocation failed. (CVE-2011-3003)\n\n MFSA 2011-42: Security researcher Aki Helin reported a\n potentially exploitable crash in the YARR regular\n expression library used by JavaScript. (CVE-2011-3232)\n\n\n MFSA 2011-43: David Rees reported that the\n JSSubScriptLoader (a feature used by some add-ons) was\n "unwrapping" XPCNativeWrappers when they were used as the\n scope parameter to loadSubScript(). Without the protection\n of the wrappers the add-on could be vulnerable to privilege\n escalation attacks from malicious web content. Whether any\n given add-on were vulnerable would depend on how the add-on\n used the feature and whether it interacted directly with\n web content, but we did find at least one vulnerable add-on\n and presumer there are more. (CVE-2011-3004)\n\n The unwrapping behavior was a change introduced during\n Firefox 4 development. Firefox 3.6 and earlier versions are\n not affected.\n\n\n MFSA 2011-44: sczimmer reported that Firefox crashed when\n loading a particular .ogg file. This was due to a\n use-after-free condition and could potentially be exploited\n to install malware. (CVE-2011-3005)\n\n This vulnerability does not affect Firefox 3.6 or earlier.\n\n\n MFSA 2011-45: University of California, Davis researchers\n Liang Cai and Hao Chen presented a paper at the 2011 USENIX\n HotSec workshop on inferring keystrokes from device motion\n data on mobile devices. Web pages can now receive data\n similar to the apps studied in that paper and likely\n present a similar risk. We have decided to limit motion\n data events to the currently-active tab to prevent the\n possibility of background tabs attempting to decipher\n keystrokes the user is entering into the foreground tab.\n\n", "edition": 1, "modified": "2011-09-29T15:08:19", "published": "2011-09-29T15:08:19", "id": "OPENSUSE-SU-2011:1077-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00029.html", "type": "suse", "title": "seamonkey: Update to Mozilla Seamonkey 2.4 (important)", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:56:41", "bulletinFamily": "unix", "cvelist": ["CVE-2011-3648", "CVE-2011-2998", "CVE-2011-2372", "CVE-2011-3650", "CVE-2011-3647", "CVE-2011-3653", "CVE-2011-3649", "CVE-2011-2996", "CVE-2011-3651", "CVE-2011-3000", "CVE-2011-3655", "CVE-2011-2999", "CVE-2011-3001"], "description": "MozillaFirefox has been updated to version 1.9.2.24\n (bnc#728520) to fix the following security issues:\n\n * MFSA 2011-46/CVE-2011-3647 (bmo#680880) loadSubScript\n unwraps XPCNativeWrapper scope parameter\n * MFSA 2011-47/CVE-2011-3648 (bmo#690225) Potential XSS\n against sites using Shift-JIS\n * MFSA 2011-49/CVE-2011-3650 (bmo#674776) Memory\n corruption while profiling using Firebug\n", "edition": 1, "modified": "2011-11-17T23:08:23", "published": "2011-11-17T23:08:23", "id": "SUSE-SU-2011:1256-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00020.html", "type": "suse", "title": "Security update for Mozilla Firefox (critical)", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:23:19", "bulletinFamily": "unix", "cvelist": ["CVE-2011-3648", "CVE-2011-2998", "CVE-2011-2372", "CVE-2011-3389", "CVE-2011-3650", "CVE-2011-3647", "CVE-2011-3653", "CVE-2011-3649", "CVE-2011-2996", "CVE-2011-3651", "CVE-2011-3000", "CVE-2011-3655", "CVE-2011-2999", "CVE-2011-3001"], "description": "This update to version 3.13.1 of mozilla-nss fixes the\n following issues:\n\n * Explicitly distrust DigiCert Sdn. Bhd (bmo#698753)\n * Better SHA-224 support (bmo#647706)\n * Fix a regression (causing hangs in some situations)\n introduced in 3.13 (bmo#693228)\n * SSL 2.0 is disabled by default\n * A defense against the SSL 3.0 and TLS 1.0 CBC chosen\n plaintext attack demonstrated by Rizzo and Duong\n (CVE-2011-3389) has been enabled by default. Set the\n SSL_CBC_RANDOM_IV SSL option to PR_FALSE to disable it.\n * Support SHA-224\n * Add PORT_ErrorToString and PORT_ErrorToName to return\n the error message and symbolic name of an NSS error code\n * Add NSS_GetVersion to return the NSS version string\n * Add experimental support of RSA-PSS to the softoken\n only\n * NSS_NoDB_Init does not try to open /pkcs11.txt and\n /secmod.db anymore (bmo#641052)\n\n Security Issues:\n\n * CVE-2011-3648\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3648\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3648</a>\n >\n * CVE-2011-3000\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3000\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3000</a>\n >\n * CVE-2011-3001\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3001\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3001</a>\n >\n * CVE-2011-3647\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3647\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3647</a>\n >\n * CVE-2011-2372\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2372\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2372</a>\n >\n * CVE-2011-2999\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2999\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2999</a>\n >\n * CVE-2011-3650\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3650\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3650</a>\n >\n * CVE-2011-2998\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2998\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2998</a>\n >\n * CVE-2011-2996\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2996\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2996</a>\n >\n * CVE-2011-3655\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3655\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3655</a>\n >\n * CVE-2011-3653\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3653\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3653</a>\n >\n * CVE-2011-3649\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3649\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3649</a>\n >\n * CVE-2011-3651\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3651\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3651</a>\n >\n", "edition": 1, "modified": "2011-11-18T22:08:26", "published": "2011-11-18T22:08:26", "id": "SUSE-SU-2011:1256-2", "href": "http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00023.html", "title": "Security update for mozilla-nss (critical)", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "ubuntu": [{"lastseen": "2020-07-09T00:21:41", "bulletinFamily": "unix", "cvelist": ["CVE-2011-2995", "CVE-2011-2372", "CVE-2011-2996", "CVE-2011-3000", "CVE-2011-2999"], "description": "Benjamin Smedberg, Bob Clary, Jesse Ruderman, and Josh Aas discovered \nmultiple memory vulnerabilities in the Gecko rendering engine. An \nattacker could use these to possibly execute arbitrary code with the \nprivileges of the user invoking Thunderbird. (CVE-2011-2995, CVE-2011-2996)\n\nBoris Zbarsky discovered that a frame named \"location\" could shadow the \nwindow.location object unless a script in a page grabbed a reference to the \ntrue object before the frame was created. This is in violation of the Same \nOrigin Policy. A malicious E-Mail could possibly use this to access the \nlocal file system. (CVE-2011-2999)\n\nMark Kaplan discovered an integer underflow in the SpiderMonkey JavaScript \nengine. An attacker could potentially use this to crash Thunderbird.\n\nIan Graham discovered that when multiple Location headers were present, \nThunderbird would use the second one resulting in a possible CRLF injection \nattack. CRLF injection issues can result in a wide variety of attacks, such \nas XSS (Cross-Site Scripting) vulnerabilities, browser cache poisoning, and \ncookie theft. (CVE-2011-3000)\n\nMariusz Mlynski discovered that if the user could be convinced to hold down \nthe enter key, a malicious website or E-Mail could potential pop up a \ndownload dialog and the default open action would be selected. This would \nresult in potentially malicious content being run with privileges of the \nuser invoking Thunderbird. (CVE-2011-2372)", "edition": 5, "modified": "2011-09-28T00:00:00", "published": "2011-09-28T00:00:00", "id": "USN-1213-1", "href": "https://ubuntu.com/security/notices/USN-1213-1", "title": "Thunderbird vulnerabilities", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-09T00:28:04", "bulletinFamily": "unix", "cvelist": ["CVE-2011-2995", "CVE-2011-2372", "CVE-2011-2996", "CVE-2011-3000", "CVE-2011-2999"], "description": "Benjamin Smedberg, Bob Clary, Jesse Ruderman, and Josh Aas discovered \nmultiple memory vulnerabilities in the browser rendering engine. An \nattacker could use these to possibly execute arbitrary code with the \nprivileges of the user invoking Firefox. (CVE-2011-2995, CVE-2011-2996)\n\nBoris Zbarsky discovered that a frame named \"location\" could shadow the \nwindow.location object unless a script in a page grabbed a reference to the \ntrue object before the frame was created. This is in violation of the Same \nOrigin Policy. A malicious website could possibly use this to access \nanother website or the local file system. (CVE-2011-2999)\n\nMark Kaplan discovered an integer underflow in the SpiderMonkey JavaScript \nengine. An attacker could potentially use this to crash Firefox.\n\nIan Graham discovered that when multiple Location headers were present, \nFirefox would use the second one resulting in a possible CRLF injection \nattack. CRLF injection issues can result in a wide variety of attacks, such \nas XSS (Cross-Site Scripting) vulnerabilities, browser cache poisoning, and \ncookie theft. (CVE-2011-3000)\n\nMariusz Mlynski discovered that if the user could be convinced to hold down \nthe enter key, a malicious website could potential pop up a download dialog \nand the default open action would be selected. This would result in \npotentially malicious content being run with privileges of the user \ninvoking Firefox. (CVE-2011-2372)", "edition": 5, "modified": "2011-09-28T00:00:00", "published": "2011-09-28T00:00:00", "id": "USN-1210-1", "href": "https://ubuntu.com/security/notices/USN-1210-1", "title": "Firefox and Xulrunner vulnerabilities", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-08T23:38:42", "bulletinFamily": "unix", "cvelist": ["CVE-2011-2995", "CVE-2011-2372", "CVE-2011-2997", "CVE-2011-3002", "CVE-2011-3232", "CVE-2011-3000", "CVE-2011-3005", "CVE-2011-2999", "CVE-2011-3003", "CVE-2011-3001"], "description": "USN-1222-1 fixed vulnerabilities in Firefox. This update provides updated \npackages for use with Firefox 7.\n\nOriginal advisory details:\n\nBenjamin Smedberg, Bob Clary, Jesse Ruderman, Bob Clary, Andrew McCreight, \nAndreas Gal, Gary Kwong, Igor Bukanov, Jason Orendorff, Jesse Ruderman, and \nMarcia Knous discovered multiple memory vulnerabilities in the browser \nrendering engine. An attacker could use these to possibly execute arbitrary \ncode with the privileges of the user invoking Firefox. (CVE-2011-2995, \nCVE-2011-2997)\n\nBoris Zbarsky discovered that a frame named \"location\" could shadow the \nwindow.location object unless a script in a page grabbed a reference to the \ntrue object before the frame was created. This is in violation of the Same \nOrigin Policy. A malicious website could possibly use this to access \nanother website or the local file system. (CVE-2011-2999)\n\nIan Graham discovered that when multiple Location headers were present, \nFirefox would use the second one resulting in a possible CRLF injection \nattack. CRLF injection issues can result in a wide variety of attacks, such \nas XSS (Cross-Site Scripting) vulnerabilities, browser cache poisoning, and \ncookie theft. (CVE-2011-3000)\n\nMariusz Mlynski discovered that if the user could be convinced to hold down \nthe enter key, a malicious website could potential pop up a download dialog \nand the default open action would be selected or lead to the installation \nof an arbitrary add-on. This would result in potentially malicious content \nbeing run with privileges of the user invoking Firefox. (CVE-2011-2372, \nCVE-2011-3001)\n\nMichael Jordon and Ben Hawkes discovered flaws in WebGL. If a user were \ntricked into opening a malicious page, an attacker could cause the browser \nto crash. (CVE-2011-3002, CVE-2011-3003)\n\nIt was discovered that Firefox did not properly free memory when processing \nogg files. If a user were tricked into opening a malicious page, an \nattacker could cause the browser to crash. (CVE-2011-3005)\n\nDavid Rees and Aki Helin discovered a problems in the JavaScript engine. An \nattacker could exploit this to crash the browser or potentially escalate \nprivileges within the browser. (CVE-2011-3232)", "edition": 5, "modified": "2011-10-04T00:00:00", "published": "2011-10-04T00:00:00", "id": "USN-1222-2", "href": "https://ubuntu.com/security/notices/USN-1222-2", "title": "Mozvoikko, ubufox, webfav update", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-08T23:36:24", "bulletinFamily": "unix", "cvelist": ["CVE-2011-2995", "CVE-2011-2372", "CVE-2011-2997", "CVE-2011-3002", "CVE-2011-3232", "CVE-2011-3004", "CVE-2011-3000", "CVE-2011-3005", "CVE-2011-2999", "CVE-2011-3003", "CVE-2011-3001"], "description": "Benjamin Smedberg, Bob Clary, Jesse Ruderman, Bob Clary, Andrew McCreight, \nAndreas Gal, Gary Kwong, Igor Bukanov, Jason Orendorff, Jesse Ruderman, and \nMarcia Knous discovered multiple memory vulnerabilities in the browser \nrendering engine. An attacker could use these to possibly execute arbitrary \ncode with the privileges of the user invoking Firefox. (CVE-2011-2995, \nCVE-2011-2997)\n\nBoris Zbarsky discovered that a frame named \"location\" could shadow the \nwindow.location object unless a script in a page grabbed a reference to the \ntrue object before the frame was created. This is in violation of the Same \nOrigin Policy. A malicious website could possibly use this to access \nanother website or the local file system. (CVE-2011-2999)\n\nIan Graham discovered that when multiple Location headers were present, \nFirefox would use the second one resulting in a possible CRLF injection \nattack. CRLF injection issues can result in a wide variety of attacks, such \nas XSS (Cross-Site Scripting) vulnerabilities, browser cache poisoning, and \ncookie theft. (CVE-2011-3000)\n\nMariusz Mlynski discovered that if the user could be convinced to hold down \nthe enter key, a malicious website could potential pop up a download dialog \nand the default open action would be selected or lead to the installation \nof an arbitrary add-on. This would result in potentially malicious content \nbeing run with privileges of the user invoking Firefox. (CVE-2011-2372, \nCVE-2011-3001)\n\nMichael Jordon and Ben Hawkes discovered flaws in WebGL. If a user were \ntricked into opening a malicious page, an attacker could cause the browser \nto crash. (CVE-2011-3002, CVE-2011-3003)\n\nIt was discovered that Firefox did not properly free memory when processing \nogg files. If a user were tricked into opening a malicious page, an \nattacker could cause the browser to crash. (CVE-2011-3005)\n\nDavid Rees and Aki Helin discovered a problems in the JavaScript engine. An \nattacker could exploit this to crash the browser or potentially escalate \nprivileges within the browser. (CVE-2011-3232)", "edition": 5, "modified": "2011-09-29T00:00:00", "published": "2011-09-29T00:00:00", "id": "USN-1222-1", "href": "https://ubuntu.com/security/notices/USN-1222-1", "title": "Firefox vulnerabilities", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "freebsd": [{"lastseen": "2019-05-29T18:33:56", "bulletinFamily": "unix", "cvelist": ["CVE-2011-2995", "CVE-2011-2372", "CVE-2011-2997", "CVE-2011-2996", "CVE-2011-3002", "CVE-2011-3232", "CVE-2011-3004", "CVE-2011-3000", "CVE-2011-3005", "CVE-2011-2999", "CVE-2011-3003", "CVE-2011-3001"], "description": "\nThe Mozilla Project reports:\n\nMFSA 2011-36 Miscellaneous memory safety hazards (rv:7.0 /\n\t rv:1.9.2.23)\nMFSA 2011-37 Integer underflow when using JavaScript RegExp\nMFSA 2011-38 XSS via plugins and shadowed window.location\n\t object\nMFSA 2011-39 Defense against multiple Location headers due to\n\t CRLF Injection\nMFSA 2011-40 Code installation through holding down Enter\nMFSA 2011-41 Potentially exploitable WebGL crashes\nMFSA 2011-42 Potentially exploitable crash in the YARR regular\n\t expression library\nMFSA 2011-43 loadSubScript unwraps XPCNativeWrapper scope\n\t parameter\nMFSA 2011-44 Use after free reading OGG headers\nMFSA 2011-45 Inferring Keystrokes from motion data\n\n", "edition": 4, "modified": "2011-09-27T00:00:00", "published": "2011-09-27T00:00:00", "id": "1FADE8A3-E9E8-11E0-9580-4061862B8C22", "href": "https://vuxml.freebsd.org/freebsd/1fade8a3-e9e8-11e0-9580-4061862b8c22.html", "title": "Mozilla -- multiple vulnerabilities", "type": "freebsd", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:43", "bulletinFamily": "software", "cvelist": ["CVE-2011-2998", "CVE-2011-2995", "CVE-2011-2372", "CVE-2011-2997", "CVE-2011-2996", "CVE-2011-3002", "CVE-2011-3232", "CVE-2011-3004", "CVE-2011-3000", "CVE-2011-3005", "CVE-2011-2999", "CVE-2011-3003", "CVE-2011-3001"], "description": "Multiple memory corruptions, crossite scripting, code executions, etc", "edition": 1, "modified": "2011-10-01T00:00:00", "published": "2011-10-01T00:00:00", "id": "SECURITYVULNS:VULN:11929", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:11929", "title": "Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
