This update addresses critical vulnerabilities in Adobe Shockwave Player 11.6.3.633 and earlier versions on the Windows and Macintosh operating systems. These vulnerabilities could allow an attacker, who successfully exploits these vulnerabilities, to run malicious code on the affected system. Adobe recommends users of Adobe Shockwave Player 11.6.3.633 and earlier versions update to Adobe Shockwave Player 11.6.4.634 using the instructions provided below.
AFFECTED SOFTWARE VERSIONS
Shockwave Player 11.6.3.633 and earlier versions for Windows and Macintosh
SOLUTION
Adobe recommends users of Adobe Shockwave Player 11.6.3.633 and earlier versions update to the newest version 11.6.4.634, available here: http://get.adobe.com/shockwave/.
SEVERITY RATING
Adobe categorizes this as a critical update and recommends that users apply the latest update for their product installation by following the instructions in the "Solution" section above.
DETAILS
This update addresses critical vulnerabilities in Adobe Shockwave Player 11.6.3.633 and earlier versions on the Windows and Macintosh operating systems. These vulnerabilities could allow an attacker, who successfully exploits these vulnerabilities, to run malicious code on the affected system. Adobe recommends users of Adobe Shockwave Player 11.6.3.633 and earlier versions update to Adobe Shockwave Player 11.6.4.634 using the instructions provided above.
This update resolves a memory corruption vulnerability in the Shockwave 3D Asset that could lead to code execution (CVE-2012-0757).
This update resolves a heap overflow vulnerability that could lead to code execution (CVE-2012-0758).
This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2012-0759).
This update resolves a memory corruption vulnerability in the Shockwave 3D Asset that could lead to code execution (CVE-2012-0760).
This update resolves a memory corruption vulnerability in the Shockwave 3D Asset that could lead to code execution (CVE-2012-0761).
This update resolves a memory corruption vulnerability in the Shockwave 3D Asset that could lead to code execution (CVE-2012-0762).
This update resolves a memory corruption vulnerability in the Shockwave 3D Asset that could lead to code execution (CVE-2012-0763).
This update resolves a memory corruption vulnerability in the Shockwave 3D Asset that could lead to code execution (CVE-2012-0764).
This update resolves a memory corruption vulnerability in the Shockwave 3D Asset that could lead to code execution (CVE-2012-0766).
ACKNOWLEDGMENTS
Adobe would like to thank the following individuals and organizations for reporting the relevant issues and for working with Adobe to help protect our customers:
Honggang Ren of Fortinet's FortiGuard Labs (CVE-2012-0757, CVE-2012-0760, CVE-2012-0761, CVE-2012-0762, CVE-2012-0763, CVE-2012-0764, CVE-2012-0766)
instruder of Code Audit Labs of vulnhunt.com (CVE-2012-0758, CVE-2012-0759)
{"id": "SECURITYVULNS:DOC:27687", "bulletinFamily": "software", "title": "Security update available for Adobe Shockwave Player", "description": "Security update available for Adobe Shockwave Player\r\n\r\nRelease date: February 14, 2012\r\n\r\nVulnerability identifier: APSB12-02\r\n\r\nCVE number: CVE-2012-0757, CVE-2012-0758, CVE-2012-0759, CVE-2012-0760, CVE-2012-0761, CVE-2012-0762, CVE-2012-0763, CVE-2012-0764, CVE-2012-0766\r\n\r\nPlatform: Windows and Macintosh\r\n\r\nSUMMARY\r\n\r\nThis update addresses critical vulnerabilities in Adobe Shockwave Player 11.6.3.633 and earlier versions on the Windows and Macintosh operating systems. These vulnerabilities could allow an attacker, who successfully exploits these vulnerabilities, to run malicious code on the affected system. Adobe recommends users of Adobe Shockwave Player 11.6.3.633 and earlier versions update to Adobe Shockwave Player 11.6.4.634 using the instructions provided below.\r\n\r\nAFFECTED SOFTWARE VERSIONS\r\n\r\nShockwave Player 11.6.3.633 and earlier versions for Windows and Macintosh\r\n\r\nSOLUTION\r\n\r\nAdobe recommends users of Adobe Shockwave Player 11.6.3.633 and earlier versions update to the newest version 11.6.4.634, available here: http://get.adobe.com/shockwave/.\r\n\r\nSEVERITY RATING\r\n\r\nAdobe categorizes this as a critical update and recommends that users apply the latest update for their product installation by following the instructions in the "Solution" section above.\r\n\r\nDETAILS\r\n\r\nThis update addresses critical vulnerabilities in Adobe Shockwave Player 11.6.3.633 and earlier versions on the Windows and Macintosh operating systems. These vulnerabilities could allow an attacker, who successfully exploits these vulnerabilities, to run malicious code on the affected system. Adobe recommends users of Adobe Shockwave Player 11.6.3.633 and earlier versions update to Adobe Shockwave Player 11.6.4.634 using the instructions provided above.\r\n\r\nThis update resolves a memory corruption vulnerability in the Shockwave 3D Asset that could lead to code execution (CVE-2012-0757).\r\n\r\nThis update resolves a heap overflow vulnerability that could lead to code execution (CVE-2012-0758).\r\n\r\nThis update resolves a memory corruption vulnerability that could lead to code execution (CVE-2012-0759).\r\n\r\nThis update resolves a memory corruption vulnerability in the Shockwave 3D Asset that could lead to code execution (CVE-2012-0760).\r\n\r\nThis update resolves a memory corruption vulnerability in the Shockwave 3D Asset that could lead to code execution (CVE-2012-0761).\r\n\r\nThis update resolves a memory corruption vulnerability in the Shockwave 3D Asset that could lead to code execution (CVE-2012-0762).\r\n\r\nThis update resolves a memory corruption vulnerability in the Shockwave 3D Asset that could lead to code execution (CVE-2012-0763).\r\n\r\nThis update resolves a memory corruption vulnerability in the Shockwave 3D Asset that could lead to code execution (CVE-2012-0764).\r\n\r\nThis update resolves a memory corruption vulnerability in the Shockwave 3D Asset that could lead to code execution (CVE-2012-0766).\r\n\r\nACKNOWLEDGMENTS\r\n\r\nAdobe would like to thank the following individuals and organizations for reporting the relevant issues and for working with Adobe to help protect our customers:\r\n\r\nHonggang Ren of Fortinet's FortiGuard Labs (CVE-2012-0757, CVE-2012-0760, CVE-2012-0761, CVE-2012-0762, CVE-2012-0763, CVE-2012-0764, CVE-2012-0766)\r\ninstruder of Code Audit Labs of vulnhunt.com (CVE-2012-0758, CVE-2012-0759)", "published": "2012-02-16T00:00:00", "modified": "2012-02-16T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:27687", "reporter": "Securityvulns", "references": [], "cvelist": ["CVE-2012-0763", "CVE-2012-0758", "CVE-2012-0757", "CVE-2012-0764", "CVE-2012-0760", "CVE-2012-0759", "CVE-2012-0762", "CVE-2012-0761", "CVE-2012-0766"], "type": "securityvulns", "lastseen": "2018-08-31T11:10:43", "edition": 1, "viewCount": 18, "enchantments": {"score": {"value": 8.8, "vector": "NONE", "modified": "2018-08-31T11:10:43", "rev": 2}, "dependencies": {"references": [{"type": "nessus", "idList": ["SHOCKWAVE_PLAYER_APSB12-02.NASL", "MACOSX_SHOCKWAVE_PLAYER_APSB12-02.NASL", "OPENSUSE-2013-17.NASL"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:12208", "SECURITYVULNS:VULN:12207", "SECURITYVULNS:DOC:27689", "SECURITYVULNS:DOC:27690"]}, {"type": "seebug", "idList": ["SSV:30122"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310802803", "OPENVAS:1361412562310802398", "OPENVAS:802804", "OPENVAS:802803", "OPENVAS:1361412562310802804", "OPENVAS:802399", "OPENVAS:1361412562310802805", "OPENVAS:802805", "OPENVAS:802398", "OPENVAS:1361412562310802399"]}, {"type": "cve", "idList": ["CVE-2012-0764", "CVE-2012-0760", "CVE-2012-0758", "CVE-2012-0766", "CVE-2012-0757", "CVE-2012-0759", "CVE-2012-0762", "CVE-2012-0761", "CVE-2012-0763"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2014:1100-1", "OPENSUSE-SU-2013:0131-1", "OPENSUSE-SU-2013:0149-1"]}], "modified": "2018-08-31T11:10:43", "rev": 2}, "vulnersScore": 8.8}, "affectedSoftware": [], "immutableFields": [], "cvss2": {}, "cvss3": {}}
{"securityvulns": [{"id": "SECURITYVULNS:VULN:12207", "bulletinFamily": "software", "title": "Adobe Shockwave Player multiple security vulnerabilities", "description": "Buffer overflow, multiple memory corruptions.", "published": "2012-02-16T00:00:00", "modified": "2012-02-16T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:12207", "reporter": "ADOBE", "references": ["https://vulners.com/securityvulns/securityvulns:doc:27687", "https://vulners.com/securityvulns/securityvulns:doc:27690", "https://vulners.com/securityvulns/securityvulns:doc:27689"], "cvelist": ["CVE-2012-0763", "CVE-2012-0758", "CVE-2012-0757", "CVE-2012-0764", "CVE-2012-0760", "CVE-2012-0759", "CVE-2012-0762", "CVE-2012-0761", "CVE-2012-0766"], "type": "securityvulns", "lastseen": "2021-06-08T19:12:17", "history": [{"bulletin": {"affectedSoftware": [{"name": "Shockwave Player", "operator": "eq", "version": "11.6"}], "bulletinFamily": "software", "cvelist": ["CVE-2012-0763", "CVE-2012-0758", "CVE-2012-0757", "CVE-2012-0764", "CVE-2012-0760", "CVE-2012-0759", "CVE-2012-0762", "CVE-2012-0761", "CVE-2012-0766"], "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "Buffer overflow, multiple memory corruptions.", "edition": 1, "enchantments": {"dependencies": {"modified": "2018-08-31T11:09:46", "references": [{"idList": ["CVE-2012-0763", "CVE-2012-0758", "CVE-2012-0757", "CVE-2012-0764", "CVE-2012-0760", "CVE-2012-0759", "CVE-2012-0762", "CVE-2012-0761", "CVE-2012-0766"], "type": "cve"}, {"idList": ["OPENSUSE-SU-2013:0131-1", "OPENSUSE-SU-2014:1100-1", "OPENSUSE-SU-2013:0149-1"], "type": "suse"}, {"idList": ["OPENVAS:1361412562310802398", "OPENVAS:802805", "OPENVAS:802803", "OPENVAS:1361412562310802399", "OPENVAS:1361412562310802803", "OPENVAS:802399", "OPENVAS:802804", "OPENVAS:1361412562310802804", "OPENVAS:1361412562310802805", "OPENVAS:802398"], "type": "openvas"}, {"idList": ["SECURITYVULNS:DOC:27687", "SECURITYVULNS:DOC:27689", "SECURITYVULNS:VULN:12208", "SECURITYVULNS:DOC:27690"], "type": "securityvulns"}, {"idList": ["OPENSUSE-2013-17.NASL", "MACOSX_SHOCKWAVE_PLAYER_APSB12-02.NASL", "SHOCKWAVE_PLAYER_APSB12-02.NASL"], "type": "nessus"}, {"idList": ["SSV:30122"], "type": "seebug"}], "rev": 2}, "score": {"modified": "2018-08-31T11:09:46", "rev": 2, "value": 8.5, "vector": "NONE"}}, "hash": "fc14466c1627552cf0c0e1110f11628cdb02a310586deb729dc56e58241e9b29", "hashmap": [{"hash": "c9403a6957252648c59bddcb8af44b2b", "key": "references"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "immutableFields"}, {"hash": "e66fb857e48e693271f76d3043daec74", "key": "reporter"}, {"hash": "1af6047f13f6cb6c7548dbada42d0618", "key": "affectedSoftware"}, {"hash": "a26aa7c1e530f2343a4dc46066186430", "key": "href"}, {"hash": "2bdabeb49c44761f9565717ab0e38165", "key": "cvss"}, {"hash": "f9fa10ba956cacf91d7878861139efb9", "key": "bulletinFamily"}, {"hash": "1d3a9203bdbe5c338eb38b09e9d794f6", "key": "modified"}, {"hash": "62f7061df6b551ca34d696794009a2e2", "key": "description"}, {"hash": "71ad8fb01bc62fcd8b098980cca9a358", "key": "cvelist"}, {"hash": "d54751dd75af2ea0147b462b3e001cd0", "key": "type"}, {"hash": "9f11f4a56c46b567aaa08daf79a764e8", "key": "title"}, {"hash": "1d3a9203bdbe5c338eb38b09e9d794f6", "key": "published"}], "history": [], "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:12207", "id": "SECURITYVULNS:VULN:12207", "immutableFields": [], "lastseen": "2018-08-31T11:09:46", "modified": "2012-02-16T00:00:00", "objectVersion": "1.5", "published": "2012-02-16T00:00:00", "references": ["https://vulners.com/securityvulns/securityvulns:doc:27687", "https://vulners.com/securityvulns/securityvulns:doc:27690", "https://vulners.com/securityvulns/securityvulns:doc:27689"], "reporter": "ADOBE", "title": "Adobe Shockwave Player multiple security vulnerabilities", "type": "securityvulns", "viewCount": 3}, "different_elements": ["affectedSoftware"], "edition": 1, "lastseen": "2018-08-31T11:09:46"}], "edition": 2, "hashmap": [{"key": "affectedSoftware", "hash": "ef8b9b592319e26c4506c1577ee2cae5"}, {"key": "bulletinFamily", "hash": "f9fa10ba956cacf91d7878861139efb9"}, {"key": "cvelist", "hash": "71ad8fb01bc62fcd8b098980cca9a358"}, {"key": "cvss", "hash": "2bdabeb49c44761f9565717ab0e38165"}, {"key": "description", "hash": "62f7061df6b551ca34d696794009a2e2"}, {"key": "href", "hash": "a26aa7c1e530f2343a4dc46066186430"}, {"key": "immutableFields", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "modified", "hash": "1d3a9203bdbe5c338eb38b09e9d794f6"}, {"key": "published", "hash": "1d3a9203bdbe5c338eb38b09e9d794f6"}, {"key": "references", "hash": "c9403a6957252648c59bddcb8af44b2b"}, {"key": "reporter", "hash": "e66fb857e48e693271f76d3043daec74"}, {"key": "title", "hash": "9f11f4a56c46b567aaa08daf79a764e8"}, {"key": "type", "hash": "d54751dd75af2ea0147b462b3e001cd0"}], "hash": "4bd8bdf39594f4826535534654ac69b9c624c465908d57b28898958ff551773d", "viewCount": 3, "enchantments": {"dependencies": {"references": [{"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:12208", "SECURITYVULNS:DOC:27689", "SECURITYVULNS:DOC:27690", "SECURITYVULNS:DOC:27687"]}, {"type": "nessus", "idList": ["OPENSUSE-2013-17.NASL", "MACOSX_SHOCKWAVE_PLAYER_APSB12-02.NASL", "SHOCKWAVE_PLAYER_APSB12-02.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:802805", "OPENVAS:1361412562310802803", "OPENVAS:802399", "OPENVAS:802398", "OPENVAS:802803", "OPENVAS:1361412562310802399", "OPENVAS:1361412562310802398", "OPENVAS:802804", "OPENVAS:1361412562310802805", "OPENVAS:1361412562310802804"]}, {"type": "seebug", "idList": ["SSV:30122"]}, {"type": "cve", "idList": ["CVE-2012-0757", "CVE-2012-0764", "CVE-2012-0759", "CVE-2012-0760", "CVE-2012-0766", "CVE-2012-0761", "CVE-2012-0763", "CVE-2012-0762", "CVE-2012-0758"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2014:1100-1", "OPENSUSE-SU-2013:0131-1", "OPENSUSE-SU-2013:0149-1"]}], "modified": "2021-06-08T19:12:17", "rev": 2}, "score": {"value": 8.5, "vector": "NONE", "modified": "2021-06-08T19:12:17", "rev": 2}}, "objectVersion": "1.5", "affectedSoftware": [{"name": "shockwave player", "operator": "eq", "version": "11.6"}], "immutableFields": [], "scheme": null}, {"id": "SECURITYVULNS:DOC:27689", "bulletinFamily": "software", "title": "[CAL-2011-0055]Adobe Shockwave Player Parsing block_cout memory corruption vulnerability", "description": "[CAL-2011-0055]Adobe Shockwave Player Parsing block_cout memory \r\ncorruption vulnerability\r\n\r\n\r\nDiscover: instruder of code audit labs of vulnhunt.com\r\nCAL: CAL-2011-0055\r\nCVE: CVE-2012-0759\r\n\r\nhttp://blog.vulnhunt.com/index.php/2012/02/15/cal-2011-0055_adobe-shockwave-player-parsing-block_cout-memory-corruption-vulnerability/\r\n\r\nadobe security bulletins\r\nhttp://www.adobe.com/support/security/bulletins/apsb12-02.html\r\n\r\n\r\n1 Affected Products\r\n=================\r\nTest Version:\r\nAdobe Shockeave Player 11.6.3.633\r\nAdobe Shockwave Player 11.6.1.629\r\nand prior\r\n\r\n2 Vulnerability Details\r\n=====================\r\n\r\nWhen adobe shockwave player parsing the field of KEY_ATOM of Director File,\r\nit don't have proper check,this will lead the key atom pointer overwrite.\r\nSuccessfully exploited this vulnerability will lead to arbitrary code \r\nexecution.\r\n\r\n\r\n3 Exploitable?\r\n============\r\nThis vulnerability will lead the key atom pointer overwrite\r\nSuccessfully exploited this vulnerability will lead to arbitrary code \r\nexecution.\r\n\r\n\r\n\r\n4 About Code Audit Labs:\r\n=====================\r\nCode Audit Labs secure your software,provide Professional include source\r\ncode audit and binary code audit service.\r\nCode Audit Labs:" You create value for customer,We protect your value"\r\nhttp://www.VulnHunt.com\r\nhttp://blog.vulnhunt.com\r\nhttp://t.qq.com/vulnhunt\r\nhttp://weibo.com/vulnhunt\r\n\r\n", "published": "2012-02-16T00:00:00", "modified": "2012-02-16T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:27689", "reporter": "Securityvulns", "references": [], "cvelist": ["CVE-2012-0759"], "type": "securityvulns", "lastseen": "2018-08-31T11:10:43", "history": [], "edition": 1, "hashmap": [{"key": "affectedSoftware", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "bulletinFamily", "hash": "f9fa10ba956cacf91d7878861139efb9"}, {"key": "cvelist", "hash": "aaec2641f6f0c5056e637a36b1773079"}, {"key": "cvss", "hash": "2bdabeb49c44761f9565717ab0e38165"}, {"key": "description", "hash": "55aed3801a66d508398e3ed9bbae3e23"}, {"key": "href", "hash": "129737b82a73dc22e23a8453cb99128d"}, {"key": "modified", "hash": "1d3a9203bdbe5c338eb38b09e9d794f6"}, {"key": "published", "hash": "1d3a9203bdbe5c338eb38b09e9d794f6"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "a49ebb2e1a771348dfa0039e0d589df6"}, {"key": "title", "hash": "350ad3c1482af9fb68677144975ab10b"}, {"key": "type", "hash": "d54751dd75af2ea0147b462b3e001cd0"}], "hash": "a4fc0137cd1497c55545aecc16deb05600e2ad4ae7e5d6d187e9048c0a45b2a6", "viewCount": 12, "enchantments": {"score": {"value": 8.8, "vector": "NONE", "modified": "2018-08-31T11:10:43", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2012-0759"]}, {"type": "nessus", "idList": ["SHOCKWAVE_PLAYER_APSB12-02.NASL", "MACOSX_SHOCKWAVE_PLAYER_APSB12-02.NASL", "OPENSUSE-2013-17.NASL"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:12207", "SECURITYVULNS:DOC:27687"]}, {"type": "seebug", "idList": ["SSV:30122"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310802398", "OPENVAS:1361412562310850391", "OPENVAS:802399", "OPENVAS:1361412562310850607", "OPENVAS:802398", "OPENVAS:1361412562310802399", "OPENVAS:850391"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2014:1100-1", "OPENSUSE-SU-2013:0131-1", "OPENSUSE-SU-2013:0149-1"]}], "modified": "2018-08-31T11:10:43", "rev": 2}}, "objectVersion": "1.3", "affectedSoftware": []}, {"id": "SECURITYVULNS:DOC:27690", "bulletinFamily": "software", "title": "[CAL-2011-0071]Adobe Shockwave Player Parsing cupt atom heap overflow", "description": "[CAL-2011-0071]Adobe Shockwave Player Parsing cupt atom heap overflow\r\n\r\n\r\nDiscover: instruder of code audit labs of vulnhunt.com\r\nCAL: CAL-2011-0071\r\nCVE: CVE-2012-0758\r\n\r\nhttp://blog.vulnhunt.com/index.php/2012/02/15/cal-2011-0071_adobe-shockwave-player-parsing-cupt-atom-heap-overflow/\r\n\r\nadobe security bulletins\r\nhttp://www.adobe.com/support/security/bulletins/apsb12-02.html\r\n\r\n\r\n1 Affected Products\r\n=================\r\nadobe shockwave 11.6.3.633\r\nadobe Shockwave 11.6.1.629 and prior\r\n\r\n\r\n2 Vulnerability Details\r\n=====================\r\nWhen adobe shockwave player parsing a dir type file,\r\nit takes a dword from the dir file,and then take some\r\nComputing this computing will leding to Integer overflow,\r\nallocate a small memory,this Cause a heap overflow.\r\n\r\n\r\n3 Analysis\r\n=========\r\nasm in dirapi.dll 11.6.1.629\r\n\r\ntext:6809FC7A push esi\r\ntext:6809FC7B push edi\r\ntext:6809FC7C push ebp\r\ntext:6809FC7D call IML32_1414_get_a_dword //get a \r\ndword form dir file\r\ntext:6809FC82 mov esi, eax //if eax=66666680 \r\nsome like this,after esi+esi*4 Will cause a heap overflow\r\ntext:6809FC84 lea eax, [esi+esi*4] // Integrated \r\n overflow\r\ntext:6809FC87 push 1\r\ntext:6809FC89 lea ecx, ds:24h[eax*8]\r\ntext:6809FC90 push ecx\r\ntext:6809FC91 call IML32_1111 ; \r\ntext:6809FC96 push eax\r\ntext:6809FC97 mov [esp+14h+arg_4], eax\r\ntext:6809FC9B call IML32_1114 //allocate memory \r\ntext:6809FCA0 mov edi, eax\r\ntext:6809FCA2 test edi, edi\r\ntext:6809FCA4 jz short loc_6809FD03\r\ntext:6809FCA6 mov [edi+1Ch], esi\r\ntext:6809FCA9 test esi, esi\r\ntext:6809FCAB jbe short loc_6809FCCB\r\ntext:6809FCAD lea esi, [edi+28h]\r\ntext:6809FCB0\r\ntext:6809FCB0 loc_6809FCB0: ; CODE XREF: \r\nsub_6809FC60+69\u0019j\r\ntext:6809FCB0 push ebp\r\ntext:6809FCB1 call IML32_1414_get_a_dword ////write \r\nthe dword to the heap\r\ntext:6809FCB6 push 20h\r\ntext:6809FCB8 push esi\r\ntext:6809FCB9 push ebp\r\ntext:6809FCBA mov [esi-4], eax\r\ntext:6809FCBD call IML32_1409\r\ntext:6809FCC2 inc ebx\r\ntext:6809FCC3 add esi, 28h ////heap buffer overflow\r\ntext:6809FCC6 cmp ebx, [edi+1Ch]\r\ntext:6809FCC9 jb short loc_6809FCB0 //Cycle\r\n\r\n\r\n\r\nc code like\r\n==================\r\n\r\n v6 = v4 + 40;\r\n do\r\n {\r\n *(_DWORD *)(v6 - 4) = IML32_1414_get_a_dword(v3);\r\n v4 = IML32_1409();\r\n ++v2;\r\n v6 += 40;\r\n }\r\n while ( v2 < *(_DWORD *)(v5 + 0x1C) );\r\n\r\n\r\n\r\n\r\n4 Exploitable?\r\n============\r\nSuccessfully exploited this vulnerability could lead to arbitrary code \r\nexecution.\r\n\r\n\r\n5 Crash info:\r\n===============\r\neax=00000000 ebx=00002a63 ecx=07916058 edx=08980028 esi=07981008 \r\nedi=07917068\r\neip=0754fd5a esp=09e9ef28 ebp=08250bd8 iopl=0 nv up ei pl zr na \r\npe nc\r\ncs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 \r\nefl=00210246\r\n*** ERROR: Module load completed but symbols could not be loaded for \r\nC:\WINDOWS\system32\Adobe\Shockwave 11\DIRAPI.dll\r\nDIRAPI+0x9fd5a:\r\n0754fd5a 8946fc mov dword ptr [esi-4],eax \r\nds:0023:07981004=????????0:028> 0:023> kb\r\nChildEBP RetAddr Args to Child\r\nWARNING: Stack unwind information not available. Following frames may be \r\nwrong.\r\n09e9ef40 0755028c 07894154 08250bb0 07894154 DIRAPI+0x9fd5a\r\n00000000 00000000 00000000 00000000 00000000 DIRAPI+0xa028cPOC\r\n\r\n\r\n6 About Code Audit Labs:\r\n=====================\r\nCode Audit Labs secure your software,provide Professional include source\r\ncode audit and binary code audit service.\r\nCode Audit Labs:" You create value for customer,We protect your value"\r\nhttp://www.VulnHunt.com\r\nhttp://blog.vulnhunt.com\r\nhttp://t.qq.com/vulnhunt\r\nhttp://weibo.com/vulnhunt\r\n", "published": "2012-02-16T00:00:00", "modified": "2012-02-16T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:27690", "reporter": "Securityvulns", "references": [], "cvelist": ["CVE-2012-0758"], "type": "securityvulns", "lastseen": "2018-08-31T11:10:43", "history": [], "edition": 1, "hashmap": [{"key": "affectedSoftware", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "bulletinFamily", "hash": "f9fa10ba956cacf91d7878861139efb9"}, {"key": "cvelist", "hash": "3d7542a78d58daaa331a4e64a2e9aa68"}, {"key": "cvss", "hash": "2bdabeb49c44761f9565717ab0e38165"}, {"key": "description", "hash": "197e0c2ef99d01de0c00d0e5d03fd497"}, {"key": "href", "hash": "100642a71a06065a03e64b0e95a9a561"}, {"key": "modified", "hash": "1d3a9203bdbe5c338eb38b09e9d794f6"}, {"key": "published", "hash": "1d3a9203bdbe5c338eb38b09e9d794f6"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "a49ebb2e1a771348dfa0039e0d589df6"}, {"key": "title", "hash": "bcea5e0561abd7bb387d73e5a2ebbbca"}, {"key": "type", "hash": "d54751dd75af2ea0147b462b3e001cd0"}], "hash": "c073efda04984dc817c55d9061a8f0529dfd1fa7e79abfebb8d382470e538be1", "viewCount": 13, "enchantments": {"score": {"value": 7.6, "vector": "NONE", "modified": "2018-08-31T11:10:43", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2012-0758"]}, {"type": "nessus", "idList": ["SHOCKWAVE_PLAYER_APSB12-02.NASL", "MACOSX_SHOCKWAVE_PLAYER_APSB12-02.NASL"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:12207", "SECURITYVULNS:DOC:27687"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310802399", "OPENVAS:1361412562310802398", "OPENVAS:802399", "OPENVAS:802398"]}], "modified": "2018-08-31T11:10:43", "rev": 2}}, "objectVersion": "1.3", "affectedSoftware": []}, {"id": "SECURITYVULNS:VULN:12208", "bulletinFamily": "software", "title": "Adobe Flash Player multiple security vulnerabilities", "description": "Memory corruptions, protection bypass, crossite scripting.", "published": "2012-06-13T00:00:00", "modified": "2012-06-13T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:12208", "reporter": "ADOBE", "references": ["https://vulners.com/securityvulns/securityvulns:doc:27688", "https://vulners.com/securityvulns/securityvulns:doc:28140"], "cvelist": ["CVE-2012-0754", "CVE-2012-0752", "CVE-2012-0757", "CVE-2012-0753", "CVE-2012-0756", "CVE-2012-0751", "CVE-2012-0755"], "type": "securityvulns", "lastseen": "2021-06-08T18:56:57", "history": [{"bulletin": {"affectedSoftware": [{"name": "Flash Player", "operator": "eq", "version": "11.1"}], "bulletinFamily": "software", "cvelist": ["CVE-2012-0754", "CVE-2012-0752", "CVE-2012-0757", "CVE-2012-0753", "CVE-2012-0756", "CVE-2012-0751", "CVE-2012-0755"], "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "Memory corruptions, protection bypass, crossite scripting.", "edition": 1, "enchantments": {"dependencies": {"modified": "2018-08-31T11:09:46", "references": [{"idList": ["EDB-ID:18572"], "type": "exploitdb"}, {"idList": ["OPENVAS:71165", "OPENVAS:802805", "OPENVAS:802803", "OPENVAS:1361412562310850292", "OPENVAS:1361412562310802803", "OPENVAS:802804", "OPENVAS:1361412562310802804", "OPENVAS:136141256231071165", "OPENVAS:1361412562310802805", "OPENVAS:850292"], "type": "openvas"}, {"idList": ["SECURELIST:FA58963C07F2F288FA3096096F60BCF3"], "type": "securelist"}, {"idList": ["F63BF080-619D-11E1-91AF-003067B2972C"], "type": "freebsd"}, {"idList": ["OPENSUSE-SU-2012:0265-1", "SUSE-SU-2012:0280-1", "SUSE-SU-2012:0299-1"], "type": "suse"}, {"idList": ["ZDI-12-080", "ZDI-12-047"], "type": "zdi"}, {"idList": ["GLSA-201204-07"], "type": "gentoo"}, {"idList": ["SMNTC-52034"], "type": "symantec"}, {"idList": ["ADOBE_FLASH_MP4_CPRT"], "type": "canvas"}, {"idList": ["RHSA-2012:0144"], "type": "redhat"}, {"idList": ["MSF:EXPLOIT/WINDOWS/BROWSER/ADOBE_FLASH_MP4_CPRT"], "type": "metasploit"}, {"idList": ["SECURITYVULNS:DOC:27687", "SECURITYVULNS:DOC:27688", "SECURITYVULNS:DOC:28140", "SECURITYVULNS:VULN:12207"], "type": "securityvulns"}, {"idList": ["SSV:72652", "SSV:30126", "SSV:30122", "SSV:30127"], "type": "seebug"}, {"idList": ["CVE-2012-0754", "CVE-2012-0752", "CVE-2012-0757", "CVE-2012-0753", "CVE-2012-0756", "CVE-2012-0751", "CVE-2012-0755"], "type": "cve"}, {"idList": ["SAINT:45F73D67C89B09D378D3607F06A1657B", "SAINT:82F50062D6E1368900D998FC42FC8FC7", "SAINT:C93DC6DF137307868C38645D758E578E"], "type": "saint"}, {"idList": ["PACKETSTORM:110559"], "type": "packetstorm"}, {"idList": ["FLASH_PLAYER_APSB12-03.NASL", "FREEBSD_PKG_F63BF080619D11E191AF003067B2972C.NASL", "GENTOO_GLSA-201204-07.NASL", "SUSE_FLASH-PLAYER-7982.NASL", "OPENSUSE-2012-98.NASL", "MACOSX_FLASH_PLAYER_11_1_102_62.NASL", "MACOSX_ADOBE_READER_APSB12-08.NASL", "REDHAT-RHSA-2012-0144.NASL", "SUSE_11_4_FLASH-PLAYER-120216.NASL", "SUSE_11_FLASH-PLAYER-120216.NASL"], "type": "nessus"}, {"idList": ["THREATPOST:CCE9EBF5B99C6E51775FBFE56555414D", "THREATPOST:D17217FC687A5798310BB8A4976EF252", "THREATPOST:0EF2611E64611F9EBB9DD054ABF7473B", "THREATPOST:A681E28F5715293A8048074FD1795ADD", "THREATPOST:BD2F67E24A249342BCF7347DF7935828", "THREATPOST:B5C592F42525CA35F23F8179FC0E60B7"], "type": "threatpost"}], "rev": 2}, "score": {"modified": "2018-08-31T11:09:46", "rev": 2, "value": 8.6, "vector": "NONE"}}, "hash": "78b05cf48b4d34904d6eb70fe6691a7de194cec6c24914a6a925dfc70d237b7c", "hashmap": [{"hash": "14fffe35561099043d4c4d2b0b2eb2dd", "key": "published"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "immutableFields"}, {"hash": "e66fb857e48e693271f76d3043daec74", "key": "reporter"}, {"hash": "5e21719022d4e887735b4706becdacf2", "key": "references"}, {"hash": "3b0ab8aeb9ce47ebc8ff0f9d20847093", "key": "cvelist"}, {"hash": "2bdabeb49c44761f9565717ab0e38165", "key": "cvss"}, {"hash": "2511170fa6d0a85da60dc9730c887e38", "key": "title"}, {"hash": "f9fa10ba956cacf91d7878861139efb9", "key": "bulletinFamily"}, {"hash": "448b73c05c702b20b08f04fa226d8849", "key": "affectedSoftware"}, {"hash": "d153b7cde15d8700fdaea7514495ac21", "key": "description"}, {"hash": "26a7ed196a8aad6bb5f392f58ed747de", "key": "href"}, {"hash": "14fffe35561099043d4c4d2b0b2eb2dd", "key": "modified"}, {"hash": "d54751dd75af2ea0147b462b3e001cd0", "key": "type"}], "history": [], "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:12208", "id": "SECURITYVULNS:VULN:12208", "immutableFields": [], "lastseen": "2018-08-31T11:09:46", "modified": "2012-06-13T00:00:00", "objectVersion": "1.5", "published": "2012-06-13T00:00:00", "references": ["https://vulners.com/securityvulns/securityvulns:doc:27688", "https://vulners.com/securityvulns/securityvulns:doc:28140"], "reporter": "ADOBE", "title": "Adobe Flash Player multiple security vulnerabilities", "type": "securityvulns", "viewCount": 29}, "different_elements": ["affectedSoftware"], "edition": 1, "lastseen": "2018-08-31T11:09:46"}], "edition": 2, "hashmap": [{"key": "affectedSoftware", "hash": "6aebd7efc758b0b366dc550cca5e7ba5"}, {"key": "bulletinFamily", "hash": "f9fa10ba956cacf91d7878861139efb9"}, {"key": "cvelist", "hash": "3b0ab8aeb9ce47ebc8ff0f9d20847093"}, {"key": "cvss", "hash": "2bdabeb49c44761f9565717ab0e38165"}, {"key": "description", "hash": "d153b7cde15d8700fdaea7514495ac21"}, {"key": "href", "hash": "26a7ed196a8aad6bb5f392f58ed747de"}, {"key": "immutableFields", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "modified", "hash": "14fffe35561099043d4c4d2b0b2eb2dd"}, {"key": "published", "hash": "14fffe35561099043d4c4d2b0b2eb2dd"}, {"key": "references", "hash": "5e21719022d4e887735b4706becdacf2"}, {"key": "reporter", "hash": "e66fb857e48e693271f76d3043daec74"}, {"key": "title", "hash": "2511170fa6d0a85da60dc9730c887e38"}, {"key": "type", "hash": "d54751dd75af2ea0147b462b3e001cd0"}], "hash": "07a563fde68161ba3ef4e7ed5a884344715a7476bfa29b7f7a81a98faa778297", "viewCount": 29, "enchantments": {"dependencies": {"references": [{"type": "seebug", "idList": ["SSV:30122", "SSV:72652", "SSV:30126", "SSV:30127"]}, {"type": "openvas", "idList": ["OPENVAS:850292", "OPENVAS:1361412562310802804", "OPENVAS:1361412562310850292", "OPENVAS:136141256231071165", "OPENVAS:71165", "OPENVAS:1361412562310802805", "OPENVAS:802804", "OPENVAS:1361412562310802803", "OPENVAS:802805", "OPENVAS:802803"]}, {"type": "suse", "idList": ["SUSE-SU-2012:0299-1", "SUSE-SU-2012:0280-1", "OPENSUSE-SU-2012:0265-1"]}, {"type": "nessus", "idList": ["MACOSX_FLASH_PLAYER_11_1_102_62.NASL", "REDHAT-RHSA-2012-0144.NASL", "OPENSUSE-2012-98.NASL", "6804.PRM", "SUSE_11_4_FLASH-PLAYER-120216.NASL", "SUSE_FLASH-PLAYER-7982.NASL", "FREEBSD_PKG_F63BF080619D11E191AF003067B2972C.NASL", "MACOSX_ADOBE_READER_APSB12-08.NASL", "SUSE_11_FLASH-PLAYER-120216.NASL", "FLASH_PLAYER_APSB12-03.NASL"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:28140", "SECURITYVULNS:DOC:27687", "SECURITYVULNS:VULN:12207", "SECURITYVULNS:DOC:27688"]}, {"type": "freebsd", "idList": ["F63BF080-619D-11E1-91AF-003067B2972C"]}, {"type": "cve", "idList": ["CVE-2012-0752", "CVE-2012-0757", "CVE-2012-0751", "CVE-2012-0756", "CVE-2012-0753", "CVE-2012-0754", "CVE-2012-0755"]}, {"type": "redhat", "idList": ["RHSA-2012:0144"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2012-0752", "UB:CVE-2012-0751", "UB:CVE-2012-0754", "UB:CVE-2012-0753", "UB:CVE-2012-0755", "UB:CVE-2012-0756"]}, {"type": "threatpost", "idList": ["THREATPOST:CCE9EBF5B99C6E51775FBFE56555414D", "THREATPOST:A681E28F5715293A8048074FD1795ADD", "THREATPOST:0EF2611E64611F9EBB9DD054ABF7473B", "THREATPOST:D17217FC687A5798310BB8A4976EF252", "THREATPOST:B5C592F42525CA35F23F8179FC0E60B7", "THREATPOST:BD2F67E24A249342BCF7347DF7935828"]}, {"type": "symantec", "idList": ["SMNTC-52034"]}, {"type": "gentoo", "idList": ["GLSA-201204-07"]}, {"type": "canvas", "idList": ["ADOBE_FLASH_MP4_CPRT"]}, {"type": "zdi", "idList": ["ZDI-12-080", "ZDI-12-047"]}, {"type": "saint", "idList": ["SAINT:45F73D67C89B09D378D3607F06A1657B", "SAINT:C93DC6DF137307868C38645D758E578E", "SAINT:82F50062D6E1368900D998FC42FC8FC7"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:110559"]}, {"type": "metasploit", "idList": ["MSF:EXPLOIT/WINDOWS/BROWSER/ADOBE_FLASH_MP4_CPRT"]}, {"type": "exploitdb", "idList": ["EDB-ID:18572"]}, {"type": "securelist", "idList": ["SECURELIST:FA58963C07F2F288FA3096096F60BCF3"]}], "modified": "2021-06-08T18:56:57", "rev": 2}, "score": {"value": 8.6, "vector": "NONE", "modified": "2021-06-08T18:56:57", "rev": 2}}, "objectVersion": "1.5", "affectedSoftware": [{"name": "flash player", "operator": "eq", "version": "11.1"}], "immutableFields": [], "scheme": null, "cvss2": {}, "cvss3": {}}], "nessus": [{"id": "SHOCKWAVE_PLAYER_APSB12-02.NASL", "hash": "3a44b7beb1fec5b7c6c87b0608ff1592", "type": "nessus", "bulletinFamily": "scanner", "title": "Shockwave Player <= 11.6.3.633 Multiple Code Execution Vulnerabilities (APSB12-02)", "description": "The remote Windows host contains a version of Adobe's Shockwave Player that is 11.6.3.633 or earlier. As such, it is potentially affected by multiple code execution vulnerabilities. \n\n - Multiple memory corruption issues exist related to the Shockwave 3D Asset that could lead to code execution.\n (CVE-2012-0757, CVE-2012-0760, CVE-2012-0761, CVE-2012-0762, CVE-2012-0763, CVE-2012-0764, CVE-2012-0766)\n\n - An unspecified heap-based buffer overflow exists that could lead to code execution. (CVE-2012-0758)\n\n - An unspecified memory corruption vulnerability exists that could lead to code execution. (CVE-2012-0759)\n\nA remote attacker could exploit these issues by tricking a user into viewing a malicious Shockwave file, resulting in arbitrary code execution.", "published": "2012-02-14T00:00:00", "modified": "2018-07-27T00:00:00", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {"score": null, "vector": null}, "href": "https://www.tenable.com/plugins/nessus/57941", "reporter": "This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0760", "http://www.adobe.com/support/security/bulletins/apsb12-02.html", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0757", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0764", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0758", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0759", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0761", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0763", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0766", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0762"], "cvelist": ["CVE-2012-0757", "CVE-2012-0758", "CVE-2012-0759", "CVE-2012-0760", "CVE-2012-0761", "CVE-2012-0762", "CVE-2012-0763", "CVE-2012-0764", "CVE-2012-0766"], "immutableFields": [], "lastseen": "2021-08-19T12:59:01", "history": [{"bulletin": {"id": "SHOCKWAVE_PLAYER_APSB12-02.NASL", "hash": "6c5c730c4610acd690dcf4bbcf0e538fcf73a084391b301a90c61619dc3e4021", "type": "nessus", "bulletinFamily": "scanner", "title": "Shockwave Player <= 11.6.3.633 Multiple Code Execution Vulnerabilities (APSB12-02)", "description": "The remote Windows host contains a version of Adobe's Shockwave Player that is 11.6.3.633 or earlier. As such, it is potentially affected by multiple code execution vulnerabilities. \n\n - Multiple memory corruption issues exist related to the Shockwave 3D Asset that could lead to code execution.\n (CVE-2012-0757, CVE-2012-0760, CVE-2012-0761, CVE-2012-0762, CVE-2012-0763, CVE-2012-0764, CVE-2012-0766)\n\n - An unspecified heap-based buffer overflow exists that could lead to code execution. (CVE-2012-0758)\n\n - An unspecified memory corruption vulnerability exists that could lead to code execution. (CVE-2012-0759)\n\nA remote attacker could exploit these issues by tricking a user into viewing a malicious Shockwave file, resulting in arbitrary code execution.", "published": "2012-02-14T00:00:00", "modified": "2018-07-27T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=57941", "reporter": "Tenable", "references": ["http://www.adobe.com/support/security/bulletins/apsb12-02.html"], "cvelist": ["CVE-2012-0763", "CVE-2012-0758", "CVE-2012-0757", "CVE-2012-0764", "CVE-2012-0760", "CVE-2012-0759", "CVE-2012-0762", "CVE-2012-0761", "CVE-2012-0766"], "immutableFields": [], "lastseen": "2018-07-30T13:46:35", "history": [], "viewCount": 0, "enchantments": {"score": {"value": 9.3, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "57941", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(57941);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2018/07/27 18:38:15\");\n\n script_bugtraq_id(\n 51999,\n 52000,\n 52001,\n 52002,\n 52003,\n 52004,\n 52005,\n 52006,\n 52007\n );\n script_cve_id(\n \"CVE-2012-0757\",\n \"CVE-2012-0758\",\n \"CVE-2012-0759\",\n \"CVE-2012-0760\",\n \"CVE-2012-0761\",\n \"CVE-2012-0762\",\n \"CVE-2012-0763\",\n \"CVE-2012-0764\",\n \"CVE-2012-0766\"\n );\n\n script_name(english:\"Shockwave Player <= 11.6.3.633 Multiple Code Execution Vulnerabilities (APSB12-02)\");\n script_summary(english:\"Checks version of Shockwave Player\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host contains a web browser plugin that is\naffected by multiple vulnerabilities.\");\n\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host contains a version of Adobe's Shockwave\nPlayer that is 11.6.3.633 or earlier. As such, it is potentially\naffected by multiple code execution vulnerabilities. \n\n - Multiple memory corruption issues exist related to the\n Shockwave 3D Asset that could lead to code execution.\n (CVE-2012-0757, CVE-2012-0760, CVE-2012-0761,\n CVE-2012-0762, CVE-2012-0763, CVE-2012-0764,\n CVE-2012-0766)\n\n - An unspecified heap-based buffer overflow exists that\n could lead to code execution. (CVE-2012-0758)\n\n - An unspecified memory corruption vulnerability exists\n that could lead to code execution. (CVE-2012-0759)\n\nA remote attacker could exploit these issues by tricking a user into\nviewing a malicious Shockwave file, resulting in arbitrary code\nexecution.\");\n\n script_set_attribute(attribute:\"see_also\", value:\"http://www.adobe.com/support/security/bulletins/apsb12-02.html\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Adobe Shockwave 11.6.4.634 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/02/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/02/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:shockwave_player\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"shockwave_player_apsb09_08.nasl\");\n script_require_keys(\"SMB/shockwave_player\");\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nport = get_kb_item(\"SMB/transport\");\ninstalls = get_kb_list_or_exit(\"SMB/shockwave_player/*/path\");\n\ninfo = NULL;\npattern = \"SMB/shockwave_player/([^/]+)/([^/]+)/path\";\n\nforeach install (keys(installs))\n{\n match = eregmatch(string:install, pattern:pattern);\n if (!match) exit(1, \"Unexpected format of KB key '\" + install + \"'.\");\n\n file = installs[install];\n variant = match[1];\n version = match[2];\n\n # nb: APSB12-02 says version 11.6.3.633 and earlier are affected.\n if (ver_compare(ver:version, fix:\"11.6.3.633\") <= 0)\n {\n if (variant == \"Plugin\")\n info += '\\n - Browser Plugin (for Firefox / Netscape / Opera) :\\n';\n else if (variant == \"ActiveX\")\n info += '\\n - ActiveX control (for Internet Explorer) :\\n';\n info += ' ' + file + ', ' + version + '\\n';\n }\n}\n\nif (!info) exit(0, \"No vulnerable installs of Shockwave Player were found.\");\n\nif (report_verbosity > 0)\n{\n if (max_index(split(info)) > 2) s = \"s\";\n else s = \"\";\n\n report =\n '\\nNessus has identified the following vulnerable instance' + s + ' of Shockwave'+\n '\\nPlayer installed on the remote host :' +\n '\\n' +\n info;\n security_hole(port:port, extra:report);\n}\nelse security_hole(port);\n", "naslFamily": "Windows", "cpe": ["cpe:/a:adobe:shockwave_player"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2018-07-30T13:46:35", "differentElements": ["cvss", "description", "href", "modified", "reporter"], "edition": 1}, {"bulletin": {"id": "SHOCKWAVE_PLAYER_APSB12-02.NASL", "hash": "36a3a87b929adebf21fcf33699595b87cd13a9b038812bac4caff590df987cf7", "type": "nessus", "bulletinFamily": "scanner", "title": "Shockwave Player <= 11.6.3.633 Multiple Code Execution Vulnerabilities (APSB12-02)", "description": "The remote Windows host contains a version of Adobe", "published": "2012-02-14T00:00:00", "modified": "2020-03-02T00:00:00", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/57941", "reporter": "This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.", "references": ["http://www.adobe.com/support/security/bulletins/apsb12-02.html"], "cvelist": ["CVE-2012-0763", "CVE-2012-0758", "CVE-2012-0757", "CVE-2012-0764", "CVE-2012-0760", "CVE-2012-0759", "CVE-2012-0762", "CVE-2012-0761", "CVE-2012-0766"], "immutableFields": [], "lastseen": "2020-03-18T02:46:32", "history": [], "viewCount": 0, "enchantments": {"dependencies": {"modified": "2020-03-18T02:46:32", "references": [{"idList": ["CVE-2012-0763", "CVE-2012-0758", "CVE-2012-0757", "CVE-2012-0764", "CVE-2012-0760", "CVE-2012-0759", "CVE-2012-0762", "CVE-2012-0761", "CVE-2012-0766"], "type": "cve"}, {"idList": ["OPENSUSE-SU-2013:0131-1", "OPENSUSE-SU-2014:1100-1", "OPENSUSE-SU-2013:0149-1"], "type": "suse"}, {"idList": ["OPENVAS:1361412562310802398", "OPENVAS:802805", "OPENVAS:802803", "OPENVAS:1361412562310802399", "OPENVAS:1361412562310802803", "OPENVAS:802399", "OPENVAS:802804", "OPENVAS:1361412562310802804", "OPENVAS:1361412562310802805", "OPENVAS:802398"], "type": "openvas"}, {"idList": ["SECURITYVULNS:DOC:27687", "SECURITYVULNS:DOC:27689", "SECURITYVULNS:VULN:12208", "SECURITYVULNS:DOC:27690", "SECURITYVULNS:VULN:12207"], "type": "securityvulns"}, {"idList": ["OPENSUSE-2013-17.NASL", "MACOSX_SHOCKWAVE_PLAYER_APSB12-02.NASL"], "type": "nessus"}, {"idList": ["SSV:30122"], "type": "seebug"}]}, "score": {"modified": "2020-03-18T02:46:32", "value": 8.9, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "57941", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(57941);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2018/07/27 18:38:15\");\n\n script_bugtraq_id(\n 51999,\n 52000,\n 52001,\n 52002,\n 52003,\n 52004,\n 52005,\n 52006,\n 52007\n );\n script_cve_id(\n \"CVE-2012-0757\",\n \"CVE-2012-0758\",\n \"CVE-2012-0759\",\n \"CVE-2012-0760\",\n \"CVE-2012-0761\",\n \"CVE-2012-0762\",\n \"CVE-2012-0763\",\n \"CVE-2012-0764\",\n \"CVE-2012-0766\"\n );\n\n script_name(english:\"Shockwave Player <= 11.6.3.633 Multiple Code Execution Vulnerabilities (APSB12-02)\");\n script_summary(english:\"Checks version of Shockwave Player\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host contains a web browser plugin that is\naffected by multiple vulnerabilities.\");\n\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host contains a version of Adobe's Shockwave\nPlayer that is 11.6.3.633 or earlier. As such, it is potentially\naffected by multiple code execution vulnerabilities. \n\n - Multiple memory corruption issues exist related to the\n Shockwave 3D Asset that could lead to code execution.\n (CVE-2012-0757, CVE-2012-0760, CVE-2012-0761,\n CVE-2012-0762, CVE-2012-0763, CVE-2012-0764,\n CVE-2012-0766)\n\n - An unspecified heap-based buffer overflow exists that\n could lead to code execution. (CVE-2012-0758)\n\n - An unspecified memory corruption vulnerability exists\n that could lead to code execution. (CVE-2012-0759)\n\nA remote attacker could exploit these issues by tricking a user into\nviewing a malicious Shockwave file, resulting in arbitrary code\nexecution.\");\n\n script_set_attribute(attribute:\"see_also\", value:\"http://www.adobe.com/support/security/bulletins/apsb12-02.html\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Adobe Shockwave 11.6.4.634 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/02/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/02/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:shockwave_player\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"shockwave_player_apsb09_08.nasl\");\n script_require_keys(\"SMB/shockwave_player\");\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nport = get_kb_item(\"SMB/transport\");\ninstalls = get_kb_list_or_exit(\"SMB/shockwave_player/*/path\");\n\ninfo = NULL;\npattern = \"SMB/shockwave_player/([^/]+)/([^/]+)/path\";\n\nforeach install (keys(installs))\n{\n match = eregmatch(string:install, pattern:pattern);\n if (!match) exit(1, \"Unexpected format of KB key '\" + install + \"'.\");\n\n file = installs[install];\n variant = match[1];\n version = match[2];\n\n # nb: APSB12-02 says version 11.6.3.633 and earlier are affected.\n if (ver_compare(ver:version, fix:\"11.6.3.633\") <= 0)\n {\n if (variant == \"Plugin\")\n info += '\\n - Browser Plugin (for Firefox / Netscape / Opera) :\\n';\n else if (variant == \"ActiveX\")\n info += '\\n - ActiveX control (for Internet Explorer) :\\n';\n info += ' ' + file + ', ' + version + '\\n';\n }\n}\n\nif (!info) exit(0, \"No vulnerable installs of Shockwave Player were found.\");\n\nif (report_verbosity > 0)\n{\n if (max_index(split(info)) > 2) s = \"s\";\n else s = \"\";\n\n report =\n '\\nNessus has identified the following vulnerable instance' + s + ' of Shockwave'+\n '\\nPlayer installed on the remote host :' +\n '\\n' +\n info;\n security_hole(port:port, extra:report);\n}\nelse security_hole(port);\n", "naslFamily": "Windows", "cpe": ["cpe:/a:adobe:shockwave_player"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2020-03-18T02:46:32", "differentElements": ["description", "modified"], "edition": 2}, {"bulletin": {"id": "SHOCKWAVE_PLAYER_APSB12-02.NASL", "hash": "503b250dcf2a7814e231a0f9598e1dfc286346fb57a016ff5cebbb7005e1ea76", "type": "nessus", "bulletinFamily": "scanner", "title": "Shockwave Player <= 11.6.3.633 Multiple Code Execution Vulnerabilities (APSB12-02)", "description": "The remote Windows host contains a version of Adobe's Shockwave\nPlayer that is 11.6.3.633 or earlier. As such, it is potentially\naffected by multiple code execution vulnerabilities. \n\n - Multiple memory corruption issues exist related to the\n Shockwave 3D Asset that could lead to code execution.\n (CVE-2012-0757, CVE-2012-0760, CVE-2012-0761,\n CVE-2012-0762, CVE-2012-0763, CVE-2012-0764,\n CVE-2012-0766)\n\n - An unspecified heap-based buffer overflow exists that\n could lead to code execution. (CVE-2012-0758)\n\n - An unspecified memory corruption vulnerability exists\n that could lead to code execution. (CVE-2012-0759)\n\nA remote attacker could exploit these issues by tricking a user into\nviewing a malicious Shockwave file, resulting in arbitrary code\nexecution.", "published": "2012-02-14T00:00:00", "modified": "2020-10-02T00:00:00", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/57941", "reporter": "This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.", "references": ["http://www.adobe.com/support/security/bulletins/apsb12-02.html"], "cvelist": ["CVE-2012-0763", "CVE-2012-0758", "CVE-2012-0757", "CVE-2012-0764", "CVE-2012-0760", "CVE-2012-0759", "CVE-2012-0762", "CVE-2012-0761", "CVE-2012-0766"], "immutableFields": [], "lastseen": "2020-10-01T02:32:59", "history": [], "viewCount": 0, "enchantments": {"dependencies": {"modified": "2020-10-01T02:32:59", "references": [{"idList": ["CVE-2012-0763", "CVE-2012-0758", "CVE-2012-0757", "CVE-2012-0764", "CVE-2012-0760", "CVE-2012-0759", "CVE-2012-0762", "CVE-2012-0761", "CVE-2012-0766"], "type": "cve"}, {"idList": ["OPENSUSE-SU-2013:0131-1", "OPENSUSE-SU-2014:1100-1", "OPENSUSE-SU-2013:0149-1"], "type": "suse"}, {"idList": ["OPENVAS:1361412562310802398", "OPENVAS:802805", "OPENVAS:802803", "OPENVAS:1361412562310802399", "OPENVAS:1361412562310802803", "OPENVAS:802399", "OPENVAS:802804", "OPENVAS:1361412562310802804", "OPENVAS:1361412562310802805", "OPENVAS:802398"], "type": "openvas"}, {"idList": ["SECURITYVULNS:DOC:27687", "SECURITYVULNS:DOC:27689", "SECURITYVULNS:VULN:12208", "SECURITYVULNS:DOC:27690", "SECURITYVULNS:VULN:12207"], "type": "securityvulns"}, {"idList": ["OPENSUSE-2013-17.NASL", "MACOSX_SHOCKWAVE_PLAYER_APSB12-02.NASL"], "type": "nessus"}, {"idList": ["SSV:30122"], "type": "seebug"}], "rev": 2}, "score": {"modified": "2020-10-01T02:32:59", "rev": 2, "value": 10.0, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "57941", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(57941);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2018/07/27 18:38:15\");\n\n script_bugtraq_id(\n 51999,\n 52000,\n 52001,\n 52002,\n 52003,\n 52004,\n 52005,\n 52006,\n 52007\n );\n script_cve_id(\n \"CVE-2012-0757\",\n \"CVE-2012-0758\",\n \"CVE-2012-0759\",\n \"CVE-2012-0760\",\n \"CVE-2012-0761\",\n \"CVE-2012-0762\",\n \"CVE-2012-0763\",\n \"CVE-2012-0764\",\n \"CVE-2012-0766\"\n );\n\n script_name(english:\"Shockwave Player <= 11.6.3.633 Multiple Code Execution Vulnerabilities (APSB12-02)\");\n script_summary(english:\"Checks version of Shockwave Player\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host contains a web browser plugin that is\naffected by multiple vulnerabilities.\");\n\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host contains a version of Adobe's Shockwave\nPlayer that is 11.6.3.633 or earlier. As such, it is potentially\naffected by multiple code execution vulnerabilities. \n\n - Multiple memory corruption issues exist related to the\n Shockwave 3D Asset that could lead to code execution.\n (CVE-2012-0757, CVE-2012-0760, CVE-2012-0761,\n CVE-2012-0762, CVE-2012-0763, CVE-2012-0764,\n CVE-2012-0766)\n\n - An unspecified heap-based buffer overflow exists that\n could lead to code execution. (CVE-2012-0758)\n\n - An unspecified memory corruption vulnerability exists\n that could lead to code execution. (CVE-2012-0759)\n\nA remote attacker could exploit these issues by tricking a user into\nviewing a malicious Shockwave file, resulting in arbitrary code\nexecution.\");\n\n script_set_attribute(attribute:\"see_also\", value:\"http://www.adobe.com/support/security/bulletins/apsb12-02.html\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Adobe Shockwave 11.6.4.634 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/02/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/02/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:shockwave_player\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"shockwave_player_apsb09_08.nasl\");\n script_require_keys(\"SMB/shockwave_player\");\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nport = get_kb_item(\"SMB/transport\");\ninstalls = get_kb_list_or_exit(\"SMB/shockwave_player/*/path\");\n\ninfo = NULL;\npattern = \"SMB/shockwave_player/([^/]+)/([^/]+)/path\";\n\nforeach install (keys(installs))\n{\n match = eregmatch(string:install, pattern:pattern);\n if (!match) exit(1, \"Unexpected format of KB key '\" + install + \"'.\");\n\n file = installs[install];\n variant = match[1];\n version = match[2];\n\n # nb: APSB12-02 says version 11.6.3.633 and earlier are affected.\n if (ver_compare(ver:version, fix:\"11.6.3.633\") <= 0)\n {\n if (variant == \"Plugin\")\n info += '\\n - Browser Plugin (for Firefox / Netscape / Opera) :\\n';\n else if (variant == \"ActiveX\")\n info += '\\n - ActiveX control (for Internet Explorer) :\\n';\n info += ' ' + file + ', ' + version + '\\n';\n }\n}\n\nif (!info) exit(0, \"No vulnerable installs of Shockwave Player were found.\");\n\nif (report_verbosity > 0)\n{\n if (max_index(split(info)) > 2) s = \"s\";\n else s = \"\";\n\n report =\n '\\nNessus has identified the following vulnerable instance' + s + ' of Shockwave'+\n '\\nPlayer installed on the remote host :' +\n '\\n' +\n info;\n security_hole(port:port, extra:report);\n}\nelse security_hole(port);\n", "naslFamily": "Windows", "cpe": ["cpe:/a:adobe:shockwave_player"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2020-10-01T02:32:59", "differentElements": ["modified"], "edition": 3}, {"bulletin": {"id": "SHOCKWAVE_PLAYER_APSB12-02.NASL", "hash": "72b026c9a7650b58833eeb0e6d2eb15acbbd6f72da80adcee9e61fdcb496a70c", "type": "nessus", "bulletinFamily": "scanner", "title": "Shockwave Player <= 11.6.3.633 Multiple Code Execution Vulnerabilities (APSB12-02)", "description": "The remote Windows host contains a version of Adobe's Shockwave\nPlayer that is 11.6.3.633 or earlier. As such, it is potentially\naffected by multiple code execution vulnerabilities. \n\n - Multiple memory corruption issues exist related to the\n Shockwave 3D Asset that could lead to code execution.\n (CVE-2012-0757, CVE-2012-0760, CVE-2012-0761,\n CVE-2012-0762, CVE-2012-0763, CVE-2012-0764,\n CVE-2012-0766)\n\n - An unspecified heap-based buffer overflow exists that\n could lead to code execution. (CVE-2012-0758)\n\n - An unspecified memory corruption vulnerability exists\n that could lead to code execution. (CVE-2012-0759)\n\nA remote attacker could exploit these issues by tricking a user into\nviewing a malicious Shockwave file, resulting in arbitrary code\nexecution.", "published": "2012-02-14T00:00:00", "modified": "2021-04-02T00:00:00", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/57941", "reporter": "This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.", "references": ["http://www.adobe.com/support/security/bulletins/apsb12-02.html"], "cvelist": ["CVE-2012-0763", "CVE-2012-0758", "CVE-2012-0757", "CVE-2012-0764", "CVE-2012-0760", "CVE-2012-0759", "CVE-2012-0762", "CVE-2012-0761", "CVE-2012-0766"], "immutableFields": [], "lastseen": "2021-04-01T06:03:11", "history": [], "viewCount": 0, "enchantments": {"dependencies": {"modified": "2021-04-01T06:03:11", "references": [{"idList": ["CVE-2012-0763", "CVE-2012-0758", "CVE-2012-0757", "CVE-2012-0764", "CVE-2012-0760", "CVE-2012-0759", "CVE-2012-0762", "CVE-2012-0761", "CVE-2012-0766"], "type": "cve"}, {"idList": ["OPENSUSE-SU-2013:0131-1", "OPENSUSE-SU-2014:1100-1", "OPENSUSE-SU-2013:0149-1"], "type": "suse"}, {"idList": ["OPENVAS:1361412562310802398", "OPENVAS:802805", "OPENVAS:802803", "OPENVAS:1361412562310802399", "OPENVAS:1361412562310802803", "OPENVAS:802399", "OPENVAS:802804", "OPENVAS:1361412562310802804", "OPENVAS:1361412562310802805", "OPENVAS:802398"], "type": "openvas"}, {"idList": ["SECURITYVULNS:DOC:27687", "SECURITYVULNS:DOC:27689", "SECURITYVULNS:VULN:12208", "SECURITYVULNS:DOC:27690", "SECURITYVULNS:VULN:12207"], "type": "securityvulns"}, {"idList": ["OPENSUSE-2013-17.NASL", "MACOSX_SHOCKWAVE_PLAYER_APSB12-02.NASL"], "type": "nessus"}, {"idList": ["SSV:30122"], "type": "seebug"}], "rev": 2}, "score": {"modified": "2021-04-01T06:03:11", "rev": 2, "value": 10.0, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "57941", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(57941);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2018/07/27 18:38:15\");\n\n script_bugtraq_id(\n 51999,\n 52000,\n 52001,\n 52002,\n 52003,\n 52004,\n 52005,\n 52006,\n 52007\n );\n script_cve_id(\n \"CVE-2012-0757\",\n \"CVE-2012-0758\",\n \"CVE-2012-0759\",\n \"CVE-2012-0760\",\n \"CVE-2012-0761\",\n \"CVE-2012-0762\",\n \"CVE-2012-0763\",\n \"CVE-2012-0764\",\n \"CVE-2012-0766\"\n );\n\n script_name(english:\"Shockwave Player <= 11.6.3.633 Multiple Code Execution Vulnerabilities (APSB12-02)\");\n script_summary(english:\"Checks version of Shockwave Player\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host contains a web browser plugin that is\naffected by multiple vulnerabilities.\");\n\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host contains a version of Adobe's Shockwave\nPlayer that is 11.6.3.633 or earlier. As such, it is potentially\naffected by multiple code execution vulnerabilities. \n\n - Multiple memory corruption issues exist related to the\n Shockwave 3D Asset that could lead to code execution.\n (CVE-2012-0757, CVE-2012-0760, CVE-2012-0761,\n CVE-2012-0762, CVE-2012-0763, CVE-2012-0764,\n CVE-2012-0766)\n\n - An unspecified heap-based buffer overflow exists that\n could lead to code execution. (CVE-2012-0758)\n\n - An unspecified memory corruption vulnerability exists\n that could lead to code execution. (CVE-2012-0759)\n\nA remote attacker could exploit these issues by tricking a user into\nviewing a malicious Shockwave file, resulting in arbitrary code\nexecution.\");\n\n script_set_attribute(attribute:\"see_also\", value:\"http://www.adobe.com/support/security/bulletins/apsb12-02.html\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Adobe Shockwave 11.6.4.634 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/02/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/02/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:shockwave_player\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"shockwave_player_apsb09_08.nasl\");\n script_require_keys(\"SMB/shockwave_player\");\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nport = get_kb_item(\"SMB/transport\");\ninstalls = get_kb_list_or_exit(\"SMB/shockwave_player/*/path\");\n\ninfo = NULL;\npattern = \"SMB/shockwave_player/([^/]+)/([^/]+)/path\";\n\nforeach install (keys(installs))\n{\n match = eregmatch(string:install, pattern:pattern);\n if (!match) exit(1, \"Unexpected format of KB key '\" + install + \"'.\");\n\n file = installs[install];\n variant = match[1];\n version = match[2];\n\n # nb: APSB12-02 says version 11.6.3.633 and earlier are affected.\n if (ver_compare(ver:version, fix:\"11.6.3.633\") <= 0)\n {\n if (variant == \"Plugin\")\n info += '\\n - Browser Plugin (for Firefox / Netscape / Opera) :\\n';\n else if (variant == \"ActiveX\")\n info += '\\n - ActiveX control (for Internet Explorer) :\\n';\n info += ' ' + file + ', ' + version + '\\n';\n }\n}\n\nif (!info) exit(0, \"No vulnerable installs of Shockwave Player were found.\");\n\nif (report_verbosity > 0)\n{\n if (max_index(split(info)) > 2) s = \"s\";\n else s = \"\";\n\n report =\n '\\nNessus has identified the following vulnerable instance' + s + ' of Shockwave'+\n '\\nPlayer installed on the remote host :' +\n '\\n' +\n info;\n security_hole(port:port, extra:report);\n}\nelse security_hole(port);\n", "naslFamily": "Windows", "cpe": ["cpe:/a:adobe:shockwave_player"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2021-04-01T06:03:11", "differentElements": ["cvss2", "modified"], "edition": 4}, {"bulletin": {"id": "SHOCKWAVE_PLAYER_APSB12-02.NASL", "hash": "ebc6f441d03303912ba2486cadfd688109660584fee4905f15079806b019fb02", "type": "nessus", "bulletinFamily": "scanner", "title": "Shockwave Player <= 11.6.3.633 Multiple Code Execution Vulnerabilities (APSB12-02)", "description": "The remote Windows host contains a version of Adobe's Shockwave\nPlayer that is 11.6.3.633 or earlier. As such, it is potentially\naffected by multiple code execution vulnerabilities. \n\n - Multiple memory corruption issues exist related to the\n Shockwave 3D Asset that could lead to code execution.\n (CVE-2012-0757, CVE-2012-0760, CVE-2012-0761,\n CVE-2012-0762, CVE-2012-0763, CVE-2012-0764,\n CVE-2012-0766)\n\n - An unspecified heap-based buffer overflow exists that\n could lead to code execution. (CVE-2012-0758)\n\n - An unspecified memory corruption vulnerability exists\n that could lead to code execution. (CVE-2012-0759)\n\nA remote attacker could exploit these issues by tricking a user into\nviewing a malicious Shockwave file, resulting in arbitrary code\nexecution.", "published": "2012-02-14T00:00:00", "modified": "2021-07-02T00:00:00", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/57941", "reporter": "This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.", "references": ["http://www.adobe.com/support/security/bulletins/apsb12-02.html"], "cvelist": ["CVE-2012-0763", "CVE-2012-0758", "CVE-2012-0757", "CVE-2012-0764", "CVE-2012-0760", "CVE-2012-0759", "CVE-2012-0762", "CVE-2012-0761", "CVE-2012-0766"], "immutableFields": [], "lastseen": "2021-07-29T03:32:19", "history": [], "viewCount": 0, "enchantments": {"dependencies": {"modified": "2021-07-29T03:32:19", "references": [{"idList": ["CVE-2012-0763", "CVE-2012-0758", "CVE-2012-0757", "CVE-2012-0764", "CVE-2012-0760", "CVE-2012-0759", "CVE-2012-0762", "CVE-2012-0761", "CVE-2012-0766"], "type": "cve"}, {"idList": ["OPENSUSE-SU-2013:0131-1", "OPENSUSE-SU-2014:1100-1", "OPENSUSE-SU-2013:0149-1"], "type": "suse"}, {"idList": ["OPENVAS:1361412562310802398", "OPENVAS:802805", "OPENVAS:802803", "OPENVAS:1361412562310802399", "OPENVAS:1361412562310802803", "OPENVAS:802399", "OPENVAS:802804", "OPENVAS:1361412562310802804", "OPENVAS:1361412562310802805", "OPENVAS:802398"], "type": "openvas"}, {"idList": ["SECURITYVULNS:DOC:27687", "SECURITYVULNS:DOC:27689", "SECURITYVULNS:VULN:12208", "SECURITYVULNS:DOC:27690", "SECURITYVULNS:VULN:12207"], "type": "securityvulns"}, {"idList": ["OPENSUSE-2013-17.NASL", "MACOSX_SHOCKWAVE_PLAYER_APSB12-02.NASL"], "type": "nessus"}, {"idList": ["SSV:30122"], "type": "seebug"}], "rev": 2}, "score": {"modified": "2021-07-29T03:32:19", "rev": 2, "value": 10.0, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "57941", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(57941);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2018/07/27 18:38:15\");\n\n script_bugtraq_id(\n 51999,\n 52000,\n 52001,\n 52002,\n 52003,\n 52004,\n 52005,\n 52006,\n 52007\n );\n script_cve_id(\n \"CVE-2012-0757\",\n \"CVE-2012-0758\",\n \"CVE-2012-0759\",\n \"CVE-2012-0760\",\n \"CVE-2012-0761\",\n \"CVE-2012-0762\",\n \"CVE-2012-0763\",\n \"CVE-2012-0764\",\n \"CVE-2012-0766\"\n );\n\n script_name(english:\"Shockwave Player <= 11.6.3.633 Multiple Code Execution Vulnerabilities (APSB12-02)\");\n script_summary(english:\"Checks version of Shockwave Player\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host contains a web browser plugin that is\naffected by multiple vulnerabilities.\");\n\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host contains a version of Adobe's Shockwave\nPlayer that is 11.6.3.633 or earlier. As such, it is potentially\naffected by multiple code execution vulnerabilities. \n\n - Multiple memory corruption issues exist related to the\n Shockwave 3D Asset that could lead to code execution.\n (CVE-2012-0757, CVE-2012-0760, CVE-2012-0761,\n CVE-2012-0762, CVE-2012-0763, CVE-2012-0764,\n CVE-2012-0766)\n\n - An unspecified heap-based buffer overflow exists that\n could lead to code execution. (CVE-2012-0758)\n\n - An unspecified memory corruption vulnerability exists\n that could lead to code execution. (CVE-2012-0759)\n\nA remote attacker could exploit these issues by tricking a user into\nviewing a malicious Shockwave file, resulting in arbitrary code\nexecution.\");\n\n script_set_attribute(attribute:\"see_also\", value:\"http://www.adobe.com/support/security/bulletins/apsb12-02.html\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Adobe Shockwave 11.6.4.634 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/02/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/02/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:shockwave_player\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"shockwave_player_apsb09_08.nasl\");\n script_require_keys(\"SMB/shockwave_player\");\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nport = get_kb_item(\"SMB/transport\");\ninstalls = get_kb_list_or_exit(\"SMB/shockwave_player/*/path\");\n\ninfo = NULL;\npattern = \"SMB/shockwave_player/([^/]+)/([^/]+)/path\";\n\nforeach install (keys(installs))\n{\n match = eregmatch(string:install, pattern:pattern);\n if (!match) exit(1, \"Unexpected format of KB key '\" + install + \"'.\");\n\n file = installs[install];\n variant = match[1];\n version = match[2];\n\n # nb: APSB12-02 says version 11.6.3.633 and earlier are affected.\n if (ver_compare(ver:version, fix:\"11.6.3.633\") <= 0)\n {\n if (variant == \"Plugin\")\n info += '\\n - Browser Plugin (for Firefox / Netscape / Opera) :\\n';\n else if (variant == \"ActiveX\")\n info += '\\n - ActiveX control (for Internet Explorer) :\\n';\n info += ' ' + file + ', ' + version + '\\n';\n }\n}\n\nif (!info) exit(0, \"No vulnerable installs of Shockwave Player were found.\");\n\nif (report_verbosity > 0)\n{\n if (max_index(split(info)) > 2) s = \"s\";\n else s = \"\";\n\n report =\n '\\nNessus has identified the following vulnerable instance' + s + ' of Shockwave'+\n '\\nPlayer installed on the remote host :' +\n '\\n' +\n info;\n security_hole(port:port, extra:report);\n}\nelse security_hole(port);\n", "naslFamily": "Windows", "cpe": ["cpe:/a:adobe:shockwave_player"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2021-07-29T03:32:19", "differentElements": ["modified"], "edition": 5}, {"bulletin": {"id": "SHOCKWAVE_PLAYER_APSB12-02.NASL", "hash": "8cadddc70e768dee3836ee046f237dc5", "type": "nessus", "bulletinFamily": "scanner", "title": "Shockwave Player <= 11.6.3.633 Multiple Code Execution Vulnerabilities (APSB12-02)", "description": "The remote Windows host contains a version of Adobe's Shockwave\nPlayer that is 11.6.3.633 or earlier. As such, it is potentially\naffected by multiple code execution vulnerabilities. \n\n - Multiple memory corruption issues exist related to the\n Shockwave 3D Asset that could lead to code execution.\n (CVE-2012-0757, CVE-2012-0760, CVE-2012-0761,\n CVE-2012-0762, CVE-2012-0763, CVE-2012-0764,\n CVE-2012-0766)\n\n - An unspecified heap-based buffer overflow exists that\n could lead to code execution. (CVE-2012-0758)\n\n - An unspecified memory corruption vulnerability exists\n that could lead to code execution. (CVE-2012-0759)\n\nA remote attacker could exploit these issues by tricking a user into\nviewing a malicious Shockwave file, resulting in arbitrary code\nexecution.", "published": "2012-02-14T00:00:00", "modified": "2021-08-02T00:00:00", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/57941", "reporter": "This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.", "references": ["http://www.adobe.com/support/security/bulletins/apsb12-02.html"], "cvelist": ["CVE-2012-0763", "CVE-2012-0758", "CVE-2012-0757", "CVE-2012-0764", "CVE-2012-0760", "CVE-2012-0759", "CVE-2012-0762", "CVE-2012-0761", "CVE-2012-0766"], "immutableFields": [], "lastseen": "2021-08-01T11:51:38", "history": [], "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:12207", "SECURITYVULNS:VULN:12208", "SECURITYVULNS:DOC:27689", "SECURITYVULNS:DOC:27687", "SECURITYVULNS:DOC:27690"]}, {"type": "nessus", "idList": ["MACOSX_SHOCKWAVE_PLAYER_APSB12-02.NASL", "OPENSUSE-2013-17.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:802399", "OPENVAS:1361412562310802398", "OPENVAS:802398", "OPENVAS:1361412562310802399", "OPENVAS:802803", "OPENVAS:1361412562310802803", "OPENVAS:802805", "OPENVAS:802804", "OPENVAS:1361412562310802804", "OPENVAS:1361412562310802805"]}, {"type": "seebug", "idList": ["SSV:30122"]}, {"type": "cve", "idList": ["CVE-2012-0764", "CVE-2012-0763", "CVE-2012-0766", "CVE-2012-0762", "CVE-2012-0758", "CVE-2012-0761", "CVE-2012-0757", "CVE-2012-0759", "CVE-2012-0760"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2013:0131-1", "OPENSUSE-SU-2013:0149-1", "OPENSUSE-SU-2014:1100-1"]}], "modified": "2021-08-01T11:51:38", "rev": 2}, "score": {"value": 10.0, "vector": "NONE", "modified": "2021-08-01T11:51:38", "rev": 2}}, "objectVersion": "1.6", "pluginID": "57941", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(57941);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2018/07/27 18:38:15\");\n\n script_bugtraq_id(\n 51999,\n 52000,\n 52001,\n 52002,\n 52003,\n 52004,\n 52005,\n 52006,\n 52007\n );\n script_cve_id(\n \"CVE-2012-0757\",\n \"CVE-2012-0758\",\n \"CVE-2012-0759\",\n \"CVE-2012-0760\",\n \"CVE-2012-0761\",\n \"CVE-2012-0762\",\n \"CVE-2012-0763\",\n \"CVE-2012-0764\",\n \"CVE-2012-0766\"\n );\n\n script_name(english:\"Shockwave Player <= 11.6.3.633 Multiple Code Execution Vulnerabilities (APSB12-02)\");\n script_summary(english:\"Checks version of Shockwave Player\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host contains a web browser plugin that is\naffected by multiple vulnerabilities.\");\n\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host contains a version of Adobe's Shockwave\nPlayer that is 11.6.3.633 or earlier. As such, it is potentially\naffected by multiple code execution vulnerabilities. \n\n - Multiple memory corruption issues exist related to the\n Shockwave 3D Asset that could lead to code execution.\n (CVE-2012-0757, CVE-2012-0760, CVE-2012-0761,\n CVE-2012-0762, CVE-2012-0763, CVE-2012-0764,\n CVE-2012-0766)\n\n - An unspecified heap-based buffer overflow exists that\n could lead to code execution. (CVE-2012-0758)\n\n - An unspecified memory corruption vulnerability exists\n that could lead to code execution. (CVE-2012-0759)\n\nA remote attacker could exploit these issues by tricking a user into\nviewing a malicious Shockwave file, resulting in arbitrary code\nexecution.\");\n\n script_set_attribute(attribute:\"see_also\", value:\"http://www.adobe.com/support/security/bulletins/apsb12-02.html\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Adobe Shockwave 11.6.4.634 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/02/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/02/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:shockwave_player\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"shockwave_player_apsb09_08.nasl\");\n script_require_keys(\"SMB/shockwave_player\");\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nport = get_kb_item(\"SMB/transport\");\ninstalls = get_kb_list_or_exit(\"SMB/shockwave_player/*/path\");\n\ninfo = NULL;\npattern = \"SMB/shockwave_player/([^/]+)/([^/]+)/path\";\n\nforeach install (keys(installs))\n{\n match = eregmatch(string:install, pattern:pattern);\n if (!match) exit(1, \"Unexpected format of KB key '\" + install + \"'.\");\n\n file = installs[install];\n variant = match[1];\n version = match[2];\n\n # nb: APSB12-02 says version 11.6.3.633 and earlier are affected.\n if (ver_compare(ver:version, fix:\"11.6.3.633\") <= 0)\n {\n if (variant == \"Plugin\")\n info += '\\n - Browser Plugin (for Firefox / Netscape / Opera) :\\n';\n else if (variant == \"ActiveX\")\n info += '\\n - ActiveX control (for Internet Explorer) :\\n';\n info += ' ' + file + ', ' + version + '\\n';\n }\n}\n\nif (!info) exit(0, \"No vulnerable installs of Shockwave Player were found.\");\n\nif (report_verbosity > 0)\n{\n if (max_index(split(info)) > 2) s = \"s\";\n else s = \"\";\n\n report =\n '\\nNessus has identified the following vulnerable instance' + s + ' of Shockwave'+\n '\\nPlayer installed on the remote host :' +\n '\\n' +\n info;\n security_hole(port:port, extra:report);\n}\nelse security_hole(port);\n", "naslFamily": "Windows", "cpe": ["cpe:/a:adobe:shockwave_player"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2021-08-01T11:51:38", "differentElements": ["cvss2", "cvss3", "description", "exploitEase", "modified", "patchPublicationDate", "references", "solution", "vpr", "vulnerabilityPublicationDate"], "edition": 6}, {"bulletin": {"id": "SHOCKWAVE_PLAYER_APSB12-02.NASL", "hash": "ee3357ad0313e1f95764046d653d22d7", "type": "nessus", "bulletinFamily": "scanner", "title": "Shockwave Player <= 11.6.3.633 Multiple Code Execution Vulnerabilities (APSB12-02)", "description": "The remote Windows host contains a version of Adobe's Shockwave Player that is 11.6.3.633 or earlier. As such, it is potentially affected by multiple code execution vulnerabilities. \n\n - Multiple memory corruption issues exist related to the Shockwave 3D Asset that could lead to code execution.\n (CVE-2012-0757, CVE-2012-0760, CVE-2012-0761, CVE-2012-0762, CVE-2012-0763, CVE-2012-0764, CVE-2012-0766)\n\n - An unspecified heap-based buffer overflow exists that could lead to code execution. (CVE-2012-0758)\n\n - An unspecified memory corruption vulnerability exists that could lead to code execution. (CVE-2012-0759)\n\nA remote attacker could exploit these issues by tricking a user into viewing a malicious Shockwave file, resulting in arbitrary code execution.", "published": "2012-02-14T00:00:00", "modified": "2018-07-27T00:00:00", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {"score": null, "vector": null}, "href": "https://www.tenable.com/plugins/nessus/57941", "reporter": "This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0762", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0759", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0757", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0760", "http://www.adobe.com/support/security/bulletins/apsb12-02.html", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0761", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0766", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0763", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0758", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0764"], "cvelist": ["CVE-2012-0757", "CVE-2012-0758", "CVE-2012-0759", "CVE-2012-0760", "CVE-2012-0761", "CVE-2012-0762", "CVE-2012-0763", "CVE-2012-0764", "CVE-2012-0766"], "immutableFields": [], "lastseen": "2021-08-11T14:26:13", "history": [], "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:27690", "SECURITYVULNS:DOC:27687", "SECURITYVULNS:DOC:27689", "SECURITYVULNS:VULN:12208", "SECURITYVULNS:VULN:12207"]}, {"type": "nessus", "idList": ["MACOSX_SHOCKWAVE_PLAYER_APSB12-02.NASL", "OPENSUSE-2013-17.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310802804", "OPENVAS:802803", "OPENVAS:1361412562310802399", "OPENVAS:802398", "OPENVAS:1361412562310802805", "OPENVAS:802804", "OPENVAS:802805", "OPENVAS:802399", "OPENVAS:1361412562310802398", "OPENVAS:1361412562310802803"]}, {"type": "seebug", "idList": ["SSV:30122"]}, {"type": "cve", "idList": ["CVE-2012-0760", "CVE-2012-0766", "CVE-2012-0762", "CVE-2012-0759", "CVE-2012-0763", "CVE-2012-0757", "CVE-2012-0758", "CVE-2012-0764", "CVE-2012-0761"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2013:0149-1", "OPENSUSE-SU-2013:0131-1", "OPENSUSE-SU-2014:1100-1"]}], "modified": "2021-08-11T14:26:13", "rev": 2}, "score": {"value": 10.0, "vector": "NONE", "modified": "2021-08-11T14:26:13", "rev": 2}}, "objectVersion": "1.6", "pluginID": "57941", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(57941);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2018/07/27 18:38:15\");\n\n script_bugtraq_id(\n 51999,\n 52000,\n 52001,\n 52002,\n 52003,\n 52004,\n 52005,\n 52006,\n 52007\n );\n script_cve_id(\n \"CVE-2012-0757\",\n \"CVE-2012-0758\",\n \"CVE-2012-0759\",\n \"CVE-2012-0760\",\n \"CVE-2012-0761\",\n \"CVE-2012-0762\",\n \"CVE-2012-0763\",\n \"CVE-2012-0764\",\n \"CVE-2012-0766\"\n );\n\n script_name(english:\"Shockwave Player <= 11.6.3.633 Multiple Code Execution Vulnerabilities (APSB12-02)\");\n script_summary(english:\"Checks version of Shockwave Player\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host contains a web browser plugin that is\naffected by multiple vulnerabilities.\");\n\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host contains a version of Adobe's Shockwave\nPlayer that is 11.6.3.633 or earlier. As such, it is potentially\naffected by multiple code execution vulnerabilities. \n\n - Multiple memory corruption issues exist related to the\n Shockwave 3D Asset that could lead to code execution.\n (CVE-2012-0757, CVE-2012-0760, CVE-2012-0761,\n CVE-2012-0762, CVE-2012-0763, CVE-2012-0764,\n CVE-2012-0766)\n\n - An unspecified heap-based buffer overflow exists that\n could lead to code execution. (CVE-2012-0758)\n\n - An unspecified memory corruption vulnerability exists\n that could lead to code execution. (CVE-2012-0759)\n\nA remote attacker could exploit these issues by tricking a user into\nviewing a malicious Shockwave file, resulting in arbitrary code\nexecution.\");\n\n script_set_attribute(attribute:\"see_also\", value:\"http://www.adobe.com/support/security/bulletins/apsb12-02.html\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Adobe Shockwave 11.6.4.634 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/02/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/02/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:shockwave_player\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"shockwave_player_apsb09_08.nasl\");\n script_require_keys(\"SMB/shockwave_player\");\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nport = get_kb_item(\"SMB/transport\");\ninstalls = get_kb_list_or_exit(\"SMB/shockwave_player/*/path\");\n\ninfo = NULL;\npattern = \"SMB/shockwave_player/([^/]+)/([^/]+)/path\";\n\nforeach install (keys(installs))\n{\n match = eregmatch(string:install, pattern:pattern);\n if (!match) exit(1, \"Unexpected format of KB key '\" + install + \"'.\");\n\n file = installs[install];\n variant = match[1];\n version = match[2];\n\n # nb: APSB12-02 says version 11.6.3.633 and earlier are affected.\n if (ver_compare(ver:version, fix:\"11.6.3.633\") <= 0)\n {\n if (variant == \"Plugin\")\n info += '\\n - Browser Plugin (for Firefox / Netscape / Opera) :\\n';\n else if (variant == \"ActiveX\")\n info += '\\n - ActiveX control (for Internet Explorer) :\\n';\n info += ' ' + file + ', ' + version + '\\n';\n }\n}\n\nif (!info) exit(0, \"No vulnerable installs of Shockwave Player were found.\");\n\nif (report_verbosity > 0)\n{\n if (max_index(split(info)) > 2) s = \"s\";\n else s = \"\";\n\n report =\n '\\nNessus has identified the following vulnerable instance' + s + ' of Shockwave'+\n '\\nPlayer installed on the remote host :' +\n '\\n' +\n info;\n security_hole(port:port, extra:report);\n}\nelse security_hole(port);\n", "naslFamily": "Windows", "cpe": ["cpe:/a:adobe:shockwave_player"], "solution": "Upgrade to Adobe Shockwave 11.6.4.634 or later.", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {"risk factor": "Medium", "score": "5.9"}, "exploitAvailable": false, "exploitEase": "No known exploits are available", "patchPublicationDate": "2012-02-14T00:00:00", "vulnerabilityPublicationDate": "2012-02-14T00:00:00", "exploitableWith": []}, "lastseen": "2021-08-11T14:26:13", "differentElements": ["nessusSeverity"], "edition": 7}], "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:12208", "SECURITYVULNS:VULN:12207", "SECURITYVULNS:DOC:27687", "SECURITYVULNS:DOC:27690", "SECURITYVULNS:DOC:27689"]}, {"type": "nessus", "idList": ["MACOSX_SHOCKWAVE_PLAYER_APSB12-02.NASL", "OPENSUSE-2013-17.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:802804", "OPENVAS:802398", "OPENVAS:802803", "OPENVAS:1361412562310802398", "OPENVAS:1361412562310802803", "OPENVAS:1361412562310802804", "OPENVAS:1361412562310802399", "OPENVAS:1361412562310802805", "OPENVAS:802805", "OPENVAS:802399"]}, {"type": "seebug", "idList": ["SSV:30122"]}, {"type": "cve", "idList": ["CVE-2012-0766", "CVE-2012-0759", "CVE-2012-0762", "CVE-2012-0763", "CVE-2012-0758", "CVE-2012-0761", "CVE-2012-0757", "CVE-2012-0760", "CVE-2012-0764"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2014:1100-1", "OPENSUSE-SU-2013:0131-1", "OPENSUSE-SU-2013:0149-1"]}], "modified": "2021-08-19T12:59:01", "rev": 2}, "score": {"value": 10.0, "vector": "NONE", "modified": "2021-08-19T12:59:01", "rev": 2}}, "objectVersion": "1.6", "pluginID": "57941", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(57941);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2018/07/27 18:38:15\");\n\n script_bugtraq_id(\n 51999,\n 52000,\n 52001,\n 52002,\n 52003,\n 52004,\n 52005,\n 52006,\n 52007\n );\n script_cve_id(\n \"CVE-2012-0757\",\n \"CVE-2012-0758\",\n \"CVE-2012-0759\",\n \"CVE-2012-0760\",\n \"CVE-2012-0761\",\n \"CVE-2012-0762\",\n \"CVE-2012-0763\",\n \"CVE-2012-0764\",\n \"CVE-2012-0766\"\n );\n\n script_name(english:\"Shockwave Player <= 11.6.3.633 Multiple Code Execution Vulnerabilities (APSB12-02)\");\n script_summary(english:\"Checks version of Shockwave Player\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host contains a web browser plugin that is\naffected by multiple vulnerabilities.\");\n\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host contains a version of Adobe's Shockwave\nPlayer that is 11.6.3.633 or earlier. As such, it is potentially\naffected by multiple code execution vulnerabilities. \n\n - Multiple memory corruption issues exist related to the\n Shockwave 3D Asset that could lead to code execution.\n (CVE-2012-0757, CVE-2012-0760, CVE-2012-0761,\n CVE-2012-0762, CVE-2012-0763, CVE-2012-0764,\n CVE-2012-0766)\n\n - An unspecified heap-based buffer overflow exists that\n could lead to code execution. (CVE-2012-0758)\n\n - An unspecified memory corruption vulnerability exists\n that could lead to code execution. (CVE-2012-0759)\n\nA remote attacker could exploit these issues by tricking a user into\nviewing a malicious Shockwave file, resulting in arbitrary code\nexecution.\");\n\n script_set_attribute(attribute:\"see_also\", value:\"http://www.adobe.com/support/security/bulletins/apsb12-02.html\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Adobe Shockwave 11.6.4.634 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/02/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/02/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:shockwave_player\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"shockwave_player_apsb09_08.nasl\");\n script_require_keys(\"SMB/shockwave_player\");\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nport = get_kb_item(\"SMB/transport\");\ninstalls = get_kb_list_or_exit(\"SMB/shockwave_player/*/path\");\n\ninfo = NULL;\npattern = \"SMB/shockwave_player/([^/]+)/([^/]+)/path\";\n\nforeach install (keys(installs))\n{\n match = eregmatch(string:install, pattern:pattern);\n if (!match) exit(1, \"Unexpected format of KB key '\" + install + \"'.\");\n\n file = installs[install];\n variant = match[1];\n version = match[2];\n\n # nb: APSB12-02 says version 11.6.3.633 and earlier are affected.\n if (ver_compare(ver:version, fix:\"11.6.3.633\") <= 0)\n {\n if (variant == \"Plugin\")\n info += '\\n - Browser Plugin (for Firefox / Netscape / Opera) :\\n';\n else if (variant == \"ActiveX\")\n info += '\\n - ActiveX control (for Internet Explorer) :\\n';\n info += ' ' + file + ', ' + version + '\\n';\n }\n}\n\nif (!info) exit(0, \"No vulnerable installs of Shockwave Player were found.\");\n\nif (report_verbosity > 0)\n{\n if (max_index(split(info)) > 2) s = \"s\";\n else s = \"\";\n\n report =\n '\\nNessus has identified the following vulnerable instance' + s + ' of Shockwave'+\n '\\nPlayer installed on the remote host :' +\n '\\n' +\n info;\n security_hole(port:port, extra:report);\n}\nelse security_hole(port);\n", "naslFamily": "Windows", "cpe": ["cpe:/a:adobe:shockwave_player"], "solution": "Upgrade to Adobe Shockwave 11.6.4.634 or later.", "nessusSeverity": "High", "cvssScoreSource": "", "vpr": {"risk factor": "Medium", "score": "5.9"}, "exploitAvailable": false, "exploitEase": "No known exploits are available", "patchPublicationDate": "2012-02-14T00:00:00", "vulnerabilityPublicationDate": "2012-02-14T00:00:00", "exploitableWith": [], "_object_type": "robots.models.nessus.NessusBulletin", "_object_types": ["robots.models.base.Bulletin", "robots.models.nessus.NessusBulletin"]}, {"id": "MACOSX_SHOCKWAVE_PLAYER_APSB12-02.NASL", "hash": "1d9ca6b87994b588d21126ba4a2ccfb4", "type": "nessus", "bulletinFamily": "scanner", "title": "Adobe Shockwave Player <= 11.6.3.633 Multiple Code Execution Vulnerabilities (APSB12-02) (Mac OS X)", "description": "The remote Mac OS X host contains a version of Adobe Shockwave Player that is 11.6.3.633 or earlier. It is, therefore, affected by multiple code execution vulnerabilities.\n\n - Multiple memory corruption issues exist related to the Shockwave 3D Asset that allow code execution.\n (CVE-2012-0757, CVE-2012-0760, CVE-2012-0761, CVE-2012-0762, CVE-2012-0763, CVE-2012-0764, CVE-2012-0766)\n\n - An unspecified heap-based buffer overflow exists that allows code execution. (CVE-2012-0758)\n\n - An unspecified memory corruption vulnerability exists that allows to code execution. (CVE-2012-0759)\n\nA remote attacker can exploit these issues by tricking a user into viewing a malicious Shockwave file, resulting in arbitrary code execution.", "published": "2014-12-22T00:00:00", "modified": "2019-11-25T00:00:00", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {"score": null, "vector": null}, "href": "https://www.tenable.com/plugins/nessus/80179", "reporter": "This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0760", "http://www.adobe.com/support/security/bulletins/apsb12-02.html", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0757", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0764", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0758", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0759", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0761", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0763", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0766", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0762"], "cvelist": ["CVE-2012-0757", "CVE-2012-0758", "CVE-2012-0759", "CVE-2012-0760", "CVE-2012-0761", "CVE-2012-0762", "CVE-2012-0763", "CVE-2012-0764", "CVE-2012-0766"], "immutableFields": [], "lastseen": "2021-08-19T12:47:35", "history": [{"bulletin": {"id": "MACOSX_SHOCKWAVE_PLAYER_APSB12-02.NASL", "hash": "667458f25ac2769956f11af379de09ecfdb901d11f3219fd508f27b9d08dac02", "type": "nessus", "bulletinFamily": "scanner", "title": "Adobe Shockwave Player <= 11.6.3.633 Multiple Code Execution Vulnerabilities (APSB12-02) (Mac OS X)", "description": "The remote Mac OS X host contains a version of Adobe Shockwave Player that is 11.6.3.633 or earlier. It is, therefore, affected by multiple code execution vulnerabilities.\n\n - Multiple memory corruption issues exist related to the Shockwave 3D Asset that allow code execution.\n (CVE-2012-0757, CVE-2012-0760, CVE-2012-0761, CVE-2012-0762, CVE-2012-0763, CVE-2012-0764, CVE-2012-0766)\n\n - An unspecified heap-based buffer overflow exists that allows code execution. (CVE-2012-0758)\n\n - An unspecified memory corruption vulnerability exists that allows to code execution. (CVE-2012-0759)\n\nA remote attacker can exploit these issues by tricking a user into viewing a malicious Shockwave file, resulting in arbitrary code execution.", "published": "2014-12-22T00:00:00", "modified": "2018-07-14T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=80179", "reporter": "Tenable", "references": ["http://www.adobe.com/support/security/bulletins/apsb12-02.html"], "cvelist": ["CVE-2012-0763", "CVE-2012-0758", "CVE-2012-0757", "CVE-2012-0764", "CVE-2012-0760", "CVE-2012-0759", "CVE-2012-0762", "CVE-2012-0761", "CVE-2012-0766"], "immutableFields": [], "lastseen": "2018-09-01T23:54:20", "history": [], "viewCount": 0, "enchantments": {"score": {"value": 9.3, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "80179", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(80179);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2018/07/14 1:59:36\");\n\n script_cve_id(\n \"CVE-2012-0757\",\n \"CVE-2012-0758\",\n \"CVE-2012-0759\",\n \"CVE-2012-0760\",\n \"CVE-2012-0761\",\n \"CVE-2012-0762\",\n \"CVE-2012-0763\",\n \"CVE-2012-0764\",\n \"CVE-2012-0766\"\n );\n script_bugtraq_id(\n 51999,\n 52000,\n 52001,\n 52002,\n 52003,\n 52004,\n 52005,\n 52006,\n 52007\n );\n\n script_name(english:\"Adobe Shockwave Player <= 11.6.3.633 Multiple Code Execution Vulnerabilities (APSB12-02) (Mac OS X)\");\n script_summary(english:\"Checks the version of Shockwave Player.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Mac OS X host contains a web browser plugin that is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Mac OS X host contains a version of Adobe Shockwave Player\nthat is 11.6.3.633 or earlier. It is, therefore, affected by multiple\ncode execution vulnerabilities.\n\n - Multiple memory corruption issues exist related to the\n Shockwave 3D Asset that allow code execution.\n (CVE-2012-0757, CVE-2012-0760, CVE-2012-0761,\n CVE-2012-0762, CVE-2012-0763, CVE-2012-0764,\n CVE-2012-0766)\n\n - An unspecified heap-based buffer overflow exists that\n allows code execution. (CVE-2012-0758)\n\n - An unspecified memory corruption vulnerability exists\n that allows to code execution. (CVE-2012-0759)\n\nA remote attacker can exploit these issues by tricking a user into\nviewing a malicious Shockwave file, resulting in arbitrary code\nexecution.\");\n\n script_set_attribute(attribute:\"see_also\", value:\"http://www.adobe.com/support/security/bulletins/apsb12-02.html\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Adobe Shockwave 11.6.4.634 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/02/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/12/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:shockwave_player\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"shockwave_player_detect_macosx.nbin\");\n script_require_keys(\"installed_sw/Shockwave Player\", \"Host/MacOSX/Version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"install_func.inc\");\n\nos = get_kb_item(\"Host/MacOSX/Version\");\nif (!os) audit(AUDIT_OS_NOT, \"Mac OS X\");\n\napp = 'Shockwave Player';\n\nget_install_count(app_name:app, exit_if_zero:TRUE);\n\ninstall = get_single_install(app_name:app, exit_if_unknown_ver:TRUE);\n\nver = install['version'];\npath = install['path'];\n\nif (ver_compare(ver:ver, fix:'11.6.3.633', strict:FALSE) <= 0)\n{\n if (report_verbosity > 0)\n {\n report =\n '\\n Path : ' + path +\n '\\n Installed version : ' + ver +\n '\\n Fixed versions : 11.6.4.634' +\n '\\n';\n security_hole(port:0, extra:report);\n }\n else security_hole(port:0);\n}\nelse audit(AUDIT_INST_PATH_NOT_VULN, app, ver, path);\n", "naslFamily": "MacOS X Local Security Checks", "cpe": ["cpe:/a:adobe:shockwave_player"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2018-09-01T23:54:20", "differentElements": ["cvss", "description", "href", "modified", "reporter", "sourceData"], "edition": 1}, {"bulletin": {"id": "MACOSX_SHOCKWAVE_PLAYER_APSB12-02.NASL", "hash": "a0c69c08b9aa261f543b2b813722c723e05f291fb889f3d4a6c8479c370f6416", "type": "nessus", "bulletinFamily": "scanner", "title": "Adobe Shockwave Player <= 11.6.3.633 Multiple Code Execution Vulnerabilities (APSB12-02) (Mac OS X)", "description": "The remote Mac OS X host contains a version of Adobe Shockwave Player\nthat is 11.6.3.633 or earlier. It is, therefore, affected by multiple\ncode execution vulnerabilities.\n\n - Multiple memory corruption issues exist related to the\n Shockwave 3D Asset that allow code execution.\n (CVE-2012-0757, CVE-2012-0760, CVE-2012-0761,\n CVE-2012-0762, CVE-2012-0763, CVE-2012-0764,\n CVE-2012-0766)\n\n - An unspecified heap-based buffer overflow exists that\n allows code execution. (CVE-2012-0758)\n\n - An unspecified memory corruption vulnerability exists\n that allows to code execution. (CVE-2012-0759)\n\nA remote attacker can exploit these issues by tricking a user into\nviewing a malicious Shockwave file, resulting in arbitrary code\nexecution.", "published": "2014-12-22T00:00:00", "modified": "2020-08-02T00:00:00", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/80179", "reporter": "This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://www.adobe.com/support/security/bulletins/apsb12-02.html"], "cvelist": ["CVE-2012-0763", "CVE-2012-0758", "CVE-2012-0757", "CVE-2012-0764", "CVE-2012-0760", "CVE-2012-0759", "CVE-2012-0762", "CVE-2012-0761", "CVE-2012-0766"], "immutableFields": [], "lastseen": "2020-08-01T03:22:03", "history": [], "viewCount": 1, "enchantments": {"dependencies": {"modified": "2020-08-01T03:22:03", "references": [{"idList": ["CVE-2012-0763", "CVE-2012-0758", "CVE-2012-0757", "CVE-2012-0764", "CVE-2012-0760", "CVE-2012-0759", "CVE-2012-0762", "CVE-2012-0761", "CVE-2012-0766"], "type": "cve"}, {"idList": ["OPENSUSE-SU-2013:0131-1", "OPENSUSE-SU-2014:1100-1", "OPENSUSE-SU-2013:0149-1"], "type": "suse"}, {"idList": ["OPENVAS:1361412562310802398", "OPENVAS:802805", "OPENVAS:802803", "OPENVAS:1361412562310802399", "OPENVAS:1361412562310802803", "OPENVAS:802399", "OPENVAS:802804", "OPENVAS:1361412562310802804", "OPENVAS:1361412562310802805", "OPENVAS:802398"], "type": "openvas"}, {"idList": ["SECURITYVULNS:DOC:27687", "SECURITYVULNS:DOC:27689", "SECURITYVULNS:VULN:12208", "SECURITYVULNS:DOC:27690", "SECURITYVULNS:VULN:12207"], "type": "securityvulns"}, {"idList": ["OPENSUSE-2013-17.NASL", "SHOCKWAVE_PLAYER_APSB12-02.NASL"], "type": "nessus"}, {"idList": ["SSV:30122"], "type": "seebug"}], "rev": 2}, "score": {"modified": "2020-08-01T03:22:03", "rev": 2, "value": 10.4, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "80179", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(80179);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2019/11/25\");\n\n script_cve_id(\n \"CVE-2012-0757\",\n \"CVE-2012-0758\",\n \"CVE-2012-0759\",\n \"CVE-2012-0760\",\n \"CVE-2012-0761\",\n \"CVE-2012-0762\",\n \"CVE-2012-0763\",\n \"CVE-2012-0764\",\n \"CVE-2012-0766\"\n );\n script_bugtraq_id(\n 51999,\n 52000,\n 52001,\n 52002,\n 52003,\n 52004,\n 52005,\n 52006,\n 52007\n );\n\n script_name(english:\"Adobe Shockwave Player <= 11.6.3.633 Multiple Code Execution Vulnerabilities (APSB12-02) (Mac OS X)\");\n script_summary(english:\"Checks the version of Shockwave Player.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Mac OS X host contains a web browser plugin that is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Mac OS X host contains a version of Adobe Shockwave Player\nthat is 11.6.3.633 or earlier. It is, therefore, affected by multiple\ncode execution vulnerabilities.\n\n - Multiple memory corruption issues exist related to the\n Shockwave 3D Asset that allow code execution.\n (CVE-2012-0757, CVE-2012-0760, CVE-2012-0761,\n CVE-2012-0762, CVE-2012-0763, CVE-2012-0764,\n CVE-2012-0766)\n\n - An unspecified heap-based buffer overflow exists that\n allows code execution. (CVE-2012-0758)\n\n - An unspecified memory corruption vulnerability exists\n that allows to code execution. (CVE-2012-0759)\n\nA remote attacker can exploit these issues by tricking a user into\nviewing a malicious Shockwave file, resulting in arbitrary code\nexecution.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.adobe.com/support/security/bulletins/apsb12-02.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Adobe Shockwave 11.6.4.634 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2012-0766\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/02/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/12/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:shockwave_player\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"shockwave_player_detect_macosx.nbin\");\n script_require_keys(\"installed_sw/Shockwave Player\", \"Host/MacOSX/Version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"install_func.inc\");\n\nos = get_kb_item(\"Host/MacOSX/Version\");\nif (!os) audit(AUDIT_OS_NOT, \"Mac OS X\");\n\napp = 'Shockwave Player';\n\nget_install_count(app_name:app, exit_if_zero:TRUE);\n\ninstall = get_single_install(app_name:app, exit_if_unknown_ver:TRUE);\n\nver = install['version'];\npath = install['path'];\n\nif (ver_compare(ver:ver, fix:'11.6.3.633', strict:FALSE) <= 0)\n{\n if (report_verbosity > 0)\n {\n report =\n '\\n Path : ' + path +\n '\\n Installed version : ' + ver +\n '\\n Fixed versions : 11.6.4.634' +\n '\\n';\n security_hole(port:0, extra:report);\n }\n else security_hole(port:0);\n}\nelse audit(AUDIT_INST_PATH_NOT_VULN, app, ver, path);\n", "naslFamily": "MacOS X Local Security Checks", "cpe": ["cpe:/a:adobe:shockwave_player"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2020-08-01T03:22:03", "differentElements": ["modified"], "edition": 2}, {"bulletin": {"id": "MACOSX_SHOCKWAVE_PLAYER_APSB12-02.NASL", "hash": "e6c73e4f5ed62f0920ccaa5f3d8b020bc2e39e0239837981cf59d186fbce41e9", "type": "nessus", "bulletinFamily": "scanner", "title": "Adobe Shockwave Player <= 11.6.3.633 Multiple Code Execution Vulnerabilities (APSB12-02) (Mac OS X)", "description": "The remote Mac OS X host contains a version of Adobe Shockwave Player\nthat is 11.6.3.633 or earlier. It is, therefore, affected by multiple\ncode execution vulnerabilities.\n\n - Multiple memory corruption issues exist related to the\n Shockwave 3D Asset that allow code execution.\n (CVE-2012-0757, CVE-2012-0760, CVE-2012-0761,\n CVE-2012-0762, CVE-2012-0763, CVE-2012-0764,\n CVE-2012-0766)\n\n - An unspecified heap-based buffer overflow exists that\n allows code execution. (CVE-2012-0758)\n\n - An unspecified memory corruption vulnerability exists\n that allows to code execution. (CVE-2012-0759)\n\nA remote attacker can exploit these issues by tricking a user into\nviewing a malicious Shockwave file, resulting in arbitrary code\nexecution.", "published": "2014-12-22T00:00:00", "modified": "2020-09-02T00:00:00", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/80179", "reporter": "This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://www.adobe.com/support/security/bulletins/apsb12-02.html"], "cvelist": ["CVE-2012-0763", "CVE-2012-0758", "CVE-2012-0757", "CVE-2012-0764", "CVE-2012-0760", "CVE-2012-0759", "CVE-2012-0762", "CVE-2012-0761", "CVE-2012-0766"], "immutableFields": [], "lastseen": "2020-09-04T03:29:03", "history": [], "viewCount": 1, "enchantments": {"dependencies": {"modified": "2020-09-04T03:29:03", "references": [{"idList": ["CVE-2012-0763", "CVE-2012-0758", "CVE-2012-0757", "CVE-2012-0764", "CVE-2012-0760", "CVE-2012-0759", "CVE-2012-0762", "CVE-2012-0761", "CVE-2012-0766"], "type": "cve"}, {"idList": ["OPENSUSE-SU-2013:0131-1", "OPENSUSE-SU-2014:1100-1", "OPENSUSE-SU-2013:0149-1"], "type": "suse"}, {"idList": ["OPENVAS:1361412562310802398", "OPENVAS:802805", "OPENVAS:802803", "OPENVAS:1361412562310802399", "OPENVAS:1361412562310802803", "OPENVAS:802399", "OPENVAS:802804", "OPENVAS:1361412562310802804", "OPENVAS:1361412562310802805", "OPENVAS:802398"], "type": "openvas"}, {"idList": ["SECURITYVULNS:DOC:27687", "SECURITYVULNS:DOC:27689", "SECURITYVULNS:VULN:12208", "SECURITYVULNS:DOC:27690", "SECURITYVULNS:VULN:12207"], "type": "securityvulns"}, {"idList": ["OPENSUSE-2013-17.NASL", "SHOCKWAVE_PLAYER_APSB12-02.NASL"], "type": "nessus"}, {"idList": ["SSV:30122"], "type": "seebug"}], "rev": 2}, "score": {"modified": "2020-09-04T03:29:03", "rev": 2, "value": 10.4, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "80179", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(80179);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2019/11/25\");\n\n script_cve_id(\n \"CVE-2012-0757\",\n \"CVE-2012-0758\",\n \"CVE-2012-0759\",\n \"CVE-2012-0760\",\n \"CVE-2012-0761\",\n \"CVE-2012-0762\",\n \"CVE-2012-0763\",\n \"CVE-2012-0764\",\n \"CVE-2012-0766\"\n );\n script_bugtraq_id(\n 51999,\n 52000,\n 52001,\n 52002,\n 52003,\n 52004,\n 52005,\n 52006,\n 52007\n );\n\n script_name(english:\"Adobe Shockwave Player <= 11.6.3.633 Multiple Code Execution Vulnerabilities (APSB12-02) (Mac OS X)\");\n script_summary(english:\"Checks the version of Shockwave Player.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Mac OS X host contains a web browser plugin that is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Mac OS X host contains a version of Adobe Shockwave Player\nthat is 11.6.3.633 or earlier. It is, therefore, affected by multiple\ncode execution vulnerabilities.\n\n - Multiple memory corruption issues exist related to the\n Shockwave 3D Asset that allow code execution.\n (CVE-2012-0757, CVE-2012-0760, CVE-2012-0761,\n CVE-2012-0762, CVE-2012-0763, CVE-2012-0764,\n CVE-2012-0766)\n\n - An unspecified heap-based buffer overflow exists that\n allows code execution. (CVE-2012-0758)\n\n - An unspecified memory corruption vulnerability exists\n that allows to code execution. (CVE-2012-0759)\n\nA remote attacker can exploit these issues by tricking a user into\nviewing a malicious Shockwave file, resulting in arbitrary code\nexecution.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.adobe.com/support/security/bulletins/apsb12-02.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Adobe Shockwave 11.6.4.634 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2012-0766\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/02/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/12/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:shockwave_player\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"shockwave_player_detect_macosx.nbin\");\n script_require_keys(\"installed_sw/Shockwave Player\", \"Host/MacOSX/Version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"install_func.inc\");\n\nos = get_kb_item(\"Host/MacOSX/Version\");\nif (!os) audit(AUDIT_OS_NOT, \"Mac OS X\");\n\napp = 'Shockwave Player';\n\nget_install_count(app_name:app, exit_if_zero:TRUE);\n\ninstall = get_single_install(app_name:app, exit_if_unknown_ver:TRUE);\n\nver = install['version'];\npath = install['path'];\n\nif (ver_compare(ver:ver, fix:'11.6.3.633', strict:FALSE) <= 0)\n{\n if (report_verbosity > 0)\n {\n report =\n '\\n Path : ' + path +\n '\\n Installed version : ' + ver +\n '\\n Fixed versions : 11.6.4.634' +\n '\\n';\n security_hole(port:0, extra:report);\n }\n else security_hole(port:0);\n}\nelse audit(AUDIT_INST_PATH_NOT_VULN, app, ver, path);\n", "naslFamily": "MacOS X Local Security Checks", "cpe": ["cpe:/a:adobe:shockwave_player"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2020-09-04T03:29:03", "differentElements": ["cvss2", "modified"], "edition": 3}, {"bulletin": {"id": "MACOSX_SHOCKWAVE_PLAYER_APSB12-02.NASL", "hash": "424e97a150014a4b5fbec8427e5023c70bba79de3ccdae11970996844f9c249e", "type": "nessus", "bulletinFamily": "scanner", "title": "Adobe Shockwave Player <= 11.6.3.633 Multiple Code Execution Vulnerabilities (APSB12-02) (Mac OS X)", "description": "The remote Mac OS X host contains a version of Adobe Shockwave Player\nthat is 11.6.3.633 or earlier. It is, therefore, affected by multiple\ncode execution vulnerabilities.\n\n - Multiple memory corruption issues exist related to the\n Shockwave 3D Asset that allow code execution.\n (CVE-2012-0757, CVE-2012-0760, CVE-2012-0761,\n CVE-2012-0762, CVE-2012-0763, CVE-2012-0764,\n CVE-2012-0766)\n\n - An unspecified heap-based buffer overflow exists that\n allows code execution. (CVE-2012-0758)\n\n - An unspecified memory corruption vulnerability exists\n that allows to code execution. (CVE-2012-0759)\n\nA remote attacker can exploit these issues by tricking a user into\nviewing a malicious Shockwave file, resulting in arbitrary code\nexecution.", "published": "2014-12-22T00:00:00", "modified": "2021-07-02T00:00:00", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/80179", "reporter": "This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://www.adobe.com/support/security/bulletins/apsb12-02.html"], "cvelist": ["CVE-2012-0763", "CVE-2012-0758", "CVE-2012-0757", "CVE-2012-0764", "CVE-2012-0760", "CVE-2012-0759", "CVE-2012-0762", "CVE-2012-0761", "CVE-2012-0766"], "immutableFields": [], "lastseen": "2021-07-29T01:16:48", "history": [], "viewCount": 1, "enchantments": {"dependencies": {"modified": "2021-07-29T01:16:48", "references": [{"idList": ["CVE-2012-0763", "CVE-2012-0758", "CVE-2012-0757", "CVE-2012-0764", "CVE-2012-0760", "CVE-2012-0759", "CVE-2012-0762", "CVE-2012-0761", "CVE-2012-0766"], "type": "cve"}, {"idList": ["OPENSUSE-SU-2013:0131-1", "OPENSUSE-SU-2014:1100-1", "OPENSUSE-SU-2013:0149-1"], "type": "suse"}, {"idList": ["OPENVAS:1361412562310802398", "OPENVAS:802805", "OPENVAS:802803", "OPENVAS:1361412562310802399", "OPENVAS:1361412562310802803", "OPENVAS:802399", "OPENVAS:802804", "OPENVAS:1361412562310802804", "OPENVAS:1361412562310802805", "OPENVAS:802398"], "type": "openvas"}, {"idList": ["SECURITYVULNS:DOC:27687", "SECURITYVULNS:DOC:27689", "SECURITYVULNS:VULN:12208", "SECURITYVULNS:DOC:27690", "SECURITYVULNS:VULN:12207"], "type": "securityvulns"}, {"idList": ["OPENSUSE-2013-17.NASL", "SHOCKWAVE_PLAYER_APSB12-02.NASL"], "type": "nessus"}, {"idList": ["SSV:30122"], "type": "seebug"}], "rev": 2}, "score": {"modified": "2021-07-29T01:16:48", "rev": 2, "value": 10.4, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "80179", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(80179);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2019/11/25\");\n\n script_cve_id(\n \"CVE-2012-0757\",\n \"CVE-2012-0758\",\n \"CVE-2012-0759\",\n \"CVE-2012-0760\",\n \"CVE-2012-0761\",\n \"CVE-2012-0762\",\n \"CVE-2012-0763\",\n \"CVE-2012-0764\",\n \"CVE-2012-0766\"\n );\n script_bugtraq_id(\n 51999,\n 52000,\n 52001,\n 52002,\n 52003,\n 52004,\n 52005,\n 52006,\n 52007\n );\n\n script_name(english:\"Adobe Shockwave Player <= 11.6.3.633 Multiple Code Execution Vulnerabilities (APSB12-02) (Mac OS X)\");\n script_summary(english:\"Checks the version of Shockwave Player.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Mac OS X host contains a web browser plugin that is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Mac OS X host contains a version of Adobe Shockwave Player\nthat is 11.6.3.633 or earlier. It is, therefore, affected by multiple\ncode execution vulnerabilities.\n\n - Multiple memory corruption issues exist related to the\n Shockwave 3D Asset that allow code execution.\n (CVE-2012-0757, CVE-2012-0760, CVE-2012-0761,\n CVE-2012-0762, CVE-2012-0763, CVE-2012-0764,\n CVE-2012-0766)\n\n - An unspecified heap-based buffer overflow exists that\n allows code execution. (CVE-2012-0758)\n\n - An unspecified memory corruption vulnerability exists\n that allows to code execution. (CVE-2012-0759)\n\nA remote attacker can exploit these issues by tricking a user into\nviewing a malicious Shockwave file, resulting in arbitrary code\nexecution.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.adobe.com/support/security/bulletins/apsb12-02.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Adobe Shockwave 11.6.4.634 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2012-0766\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/02/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/12/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:shockwave_player\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"shockwave_player_detect_macosx.nbin\");\n script_require_keys(\"installed_sw/Shockwave Player\", \"Host/MacOSX/Version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"install_func.inc\");\n\nos = get_kb_item(\"Host/MacOSX/Version\");\nif (!os) audit(AUDIT_OS_NOT, \"Mac OS X\");\n\napp = 'Shockwave Player';\n\nget_install_count(app_name:app, exit_if_zero:TRUE);\n\ninstall = get_single_install(app_name:app, exit_if_unknown_ver:TRUE);\n\nver = install['version'];\npath = install['path'];\n\nif (ver_compare(ver:ver, fix:'11.6.3.633', strict:FALSE) <= 0)\n{\n if (report_verbosity > 0)\n {\n report =\n '\\n Path : ' + path +\n '\\n Installed version : ' + ver +\n '\\n Fixed versions : 11.6.4.634' +\n '\\n';\n security_hole(port:0, extra:report);\n }\n else security_hole(port:0);\n}\nelse audit(AUDIT_INST_PATH_NOT_VULN, app, ver, path);\n", "naslFamily": "MacOS X Local Security Checks", "cpe": ["cpe:/a:adobe:shockwave_player"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2021-07-29T01:16:48", "differentElements": ["modified"], "edition": 4}, {"bulletin": {"id": "MACOSX_SHOCKWAVE_PLAYER_APSB12-02.NASL", "hash": "f44abdb9944de4b24a143443798270d8", "type": "nessus", "bulletinFamily": "scanner", "title": "Adobe Shockwave Player <= 11.6.3.633 Multiple Code Execution Vulnerabilities (APSB12-02) (Mac OS X)", "description": "The remote Mac OS X host contains a version of Adobe Shockwave Player\nthat is 11.6.3.633 or earlier. It is, therefore, affected by multiple\ncode execution vulnerabilities.\n\n - Multiple memory corruption issues exist related to the\n Shockwave 3D Asset that allow code execution.\n (CVE-2012-0757, CVE-2012-0760, CVE-2012-0761,\n CVE-2012-0762, CVE-2012-0763, CVE-2012-0764,\n CVE-2012-0766)\n\n - An unspecified heap-based buffer overflow exists that\n allows code execution. (CVE-2012-0758)\n\n - An unspecified memory corruption vulnerability exists\n that allows to code execution. (CVE-2012-0759)\n\nA remote attacker can exploit these issues by tricking a user into\nviewing a malicious Shockwave file, resulting in arbitrary code\nexecution.", "published": "2014-12-22T00:00:00", "modified": "2021-08-02T00:00:00", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/80179", "reporter": "This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://www.adobe.com/support/security/bulletins/apsb12-02.html"], "cvelist": ["CVE-2012-0763", "CVE-2012-0758", "CVE-2012-0757", "CVE-2012-0764", "CVE-2012-0760", "CVE-2012-0759", "CVE-2012-0762", "CVE-2012-0761", "CVE-2012-0766"], "immutableFields": [], "lastseen": "2021-08-01T09:27:42", "history": [], "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "nessus", "idList": ["OPENSUSE-2013-17.NASL", "SHOCKWAVE_PLAYER_APSB12-02.NASL"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:12208", "SECURITYVULNS:DOC:27687", "SECURITYVULNS:VULN:12207", "SECURITYVULNS:DOC:27690", "SECURITYVULNS:DOC:27689"]}, {"type": "openvas", "idList": ["OPENVAS:802398", "OPENVAS:1361412562310802399", "OPENVAS:802804", "OPENVAS:802399", "OPENVAS:1361412562310802398", "OPENVAS:1361412562310802804", "OPENVAS:1361412562310802803", "OPENVAS:802805", "OPENVAS:802803", "OPENVAS:1361412562310802805"]}, {"type": "seebug", "idList": ["SSV:30122"]}, {"type": "cve", "idList": ["CVE-2012-0758", "CVE-2012-0757", "CVE-2012-0760", "CVE-2012-0761", "CVE-2012-0759", "CVE-2012-0766", "CVE-2012-0763", "CVE-2012-0764", "CVE-2012-0762"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2014:1100-1", "OPENSUSE-SU-2013:0149-1", "OPENSUSE-SU-2013:0131-1"]}], "modified": "2021-08-01T09:27:42", "rev": 2}, "score": {"value": 10.4, "vector": "NONE", "modified": "2021-08-01T09:27:42", "rev": 2}}, "objectVersion": "1.6", "pluginID": "80179", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(80179);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2019/11/25\");\n\n script_cve_id(\n \"CVE-2012-0757\",\n \"CVE-2012-0758\",\n \"CVE-2012-0759\",\n \"CVE-2012-0760\",\n \"CVE-2012-0761\",\n \"CVE-2012-0762\",\n \"CVE-2012-0763\",\n \"CVE-2012-0764\",\n \"CVE-2012-0766\"\n );\n script_bugtraq_id(\n 51999,\n 52000,\n 52001,\n 52002,\n 52003,\n 52004,\n 52005,\n 52006,\n 52007\n );\n\n script_name(english:\"Adobe Shockwave Player <= 11.6.3.633 Multiple Code Execution Vulnerabilities (APSB12-02) (Mac OS X)\");\n script_summary(english:\"Checks the version of Shockwave Player.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Mac OS X host contains a web browser plugin that is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Mac OS X host contains a version of Adobe Shockwave Player\nthat is 11.6.3.633 or earlier. It is, therefore, affected by multiple\ncode execution vulnerabilities.\n\n - Multiple memory corruption issues exist related to the\n Shockwave 3D Asset that allow code execution.\n (CVE-2012-0757, CVE-2012-0760, CVE-2012-0761,\n CVE-2012-0762, CVE-2012-0763, CVE-2012-0764,\n CVE-2012-0766)\n\n - An unspecified heap-based buffer overflow exists that\n allows code execution. (CVE-2012-0758)\n\n - An unspecified memory corruption vulnerability exists\n that allows to code execution. (CVE-2012-0759)\n\nA remote attacker can exploit these issues by tricking a user into\nviewing a malicious Shockwave file, resulting in arbitrary code\nexecution.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.adobe.com/support/security/bulletins/apsb12-02.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Adobe Shockwave 11.6.4.634 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2012-0766\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/02/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/12/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:shockwave_player\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"shockwave_player_detect_macosx.nbin\");\n script_require_keys(\"installed_sw/Shockwave Player\", \"Host/MacOSX/Version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"install_func.inc\");\n\nos = get_kb_item(\"Host/MacOSX/Version\");\nif (!os) audit(AUDIT_OS_NOT, \"Mac OS X\");\n\napp = 'Shockwave Player';\n\nget_install_count(app_name:app, exit_if_zero:TRUE);\n\ninstall = get_single_install(app_name:app, exit_if_unknown_ver:TRUE);\n\nver = install['version'];\npath = install['path'];\n\nif (ver_compare(ver:ver, fix:'11.6.3.633', strict:FALSE) <= 0)\n{\n if (report_verbosity > 0)\n {\n report =\n '\\n Path : ' + path +\n '\\n Installed version : ' + ver +\n '\\n Fixed versions : 11.6.4.634' +\n '\\n';\n security_hole(port:0, extra:report);\n }\n else security_hole(port:0);\n}\nelse audit(AUDIT_INST_PATH_NOT_VULN, app, ver, path);\n", "naslFamily": "MacOS X Local Security Checks", "cpe": ["cpe:/a:adobe:shockwave_player"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2021-08-01T09:27:42", "differentElements": ["cvss2", "cvss3", "cvssScoreSource", "description", "exploitEase", "modified", "patchPublicationDate", "references", "solution", "vpr", "vulnerabilityPublicationDate"], "edition": 5}, {"bulletin": {"id": "MACOSX_SHOCKWAVE_PLAYER_APSB12-02.NASL", "hash": "c768aaaccf80ed41f3af8b74353a4096", "type": "nessus", "bulletinFamily": "scanner", "title": "Adobe Shockwave Player <= 11.6.3.633 Multiple Code Execution Vulnerabilities (APSB12-02) (Mac OS X)", "description": "The remote Mac OS X host contains a version of Adobe Shockwave Player that is 11.6.3.633 or earlier. It is, therefore, affected by multiple code execution vulnerabilities.\n\n - Multiple memory corruption issues exist related to the Shockwave 3D Asset that allow code execution.\n (CVE-2012-0757, CVE-2012-0760, CVE-2012-0761, CVE-2012-0762, CVE-2012-0763, CVE-2012-0764, CVE-2012-0766)\n\n - An unspecified heap-based buffer overflow exists that allows code execution. (CVE-2012-0758)\n\n - An unspecified memory corruption vulnerability exists that allows to code execution. (CVE-2012-0759)\n\nA remote attacker can exploit these issues by tricking a user into viewing a malicious Shockwave file, resulting in arbitrary code execution.", "published": "2014-12-22T00:00:00", "modified": "2019-11-25T00:00:00", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {"score": null, "vector": null}, "href": "https://www.tenable.com/plugins/nessus/80179", "reporter": "This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0762", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0759", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0757", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0760", "http://www.adobe.com/support/security/bulletins/apsb12-02.html", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0761", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0766", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0763", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0758", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0764"], "cvelist": ["CVE-2012-0757", "CVE-2012-0758", "CVE-2012-0759", "CVE-2012-0760", "CVE-2012-0761", "CVE-2012-0762", "CVE-2012-0763", "CVE-2012-0764", "CVE-2012-0766"], "immutableFields": [], "lastseen": "2021-08-11T14:11:43", "history": [], "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:27687", "SECURITYVULNS:VULN:12208", "SECURITYVULNS:DOC:27690", "SECURITYVULNS:VULN:12207", "SECURITYVULNS:DOC:27689"]}, {"type": "nessus", "idList": ["OPENSUSE-2013-17.NASL", "SHOCKWAVE_PLAYER_APSB12-02.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:802804", "OPENVAS:1361412562310802804", "OPENVAS:802399", "OPENVAS:802398", "OPENVAS:1361412562310802805", "OPENVAS:1361412562310802398", "OPENVAS:802803", "OPENVAS:802805", "OPENVAS:1361412562310802803", "OPENVAS:1361412562310802399"]}, {"type": "seebug", "idList": ["SSV:30122"]}, {"type": "cve", "idList": ["CVE-2012-0761", "CVE-2012-0758", "CVE-2012-0763", "CVE-2012-0760", "CVE-2012-0766", "CVE-2012-0757", "CVE-2012-0759", "CVE-2012-0762", "CVE-2012-0764"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2013:0131-1", "OPENSUSE-SU-2013:0149-1", "OPENSUSE-SU-2014:1100-1"]}], "modified": "2021-08-11T14:11:43", "rev": 2}, "score": {"value": 10.4, "vector": "NONE", "modified": "2021-08-11T14:11:43", "rev": 2}}, "objectVersion": "1.6", "pluginID": "80179", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(80179);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2019/11/25\");\n\n script_cve_id(\n \"CVE-2012-0757\",\n \"CVE-2012-0758\",\n \"CVE-2012-0759\",\n \"CVE-2012-0760\",\n \"CVE-2012-0761\",\n \"CVE-2012-0762\",\n \"CVE-2012-0763\",\n \"CVE-2012-0764\",\n \"CVE-2012-0766\"\n );\n script_bugtraq_id(\n 51999,\n 52000,\n 52001,\n 52002,\n 52003,\n 52004,\n 52005,\n 52006,\n 52007\n );\n\n script_name(english:\"Adobe Shockwave Player <= 11.6.3.633 Multiple Code Execution Vulnerabilities (APSB12-02) (Mac OS X)\");\n script_summary(english:\"Checks the version of Shockwave Player.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Mac OS X host contains a web browser plugin that is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Mac OS X host contains a version of Adobe Shockwave Player\nthat is 11.6.3.633 or earlier. It is, therefore, affected by multiple\ncode execution vulnerabilities.\n\n - Multiple memory corruption issues exist related to the\n Shockwave 3D Asset that allow code execution.\n (CVE-2012-0757, CVE-2012-0760, CVE-2012-0761,\n CVE-2012-0762, CVE-2012-0763, CVE-2012-0764,\n CVE-2012-0766)\n\n - An unspecified heap-based buffer overflow exists that\n allows code execution. (CVE-2012-0758)\n\n - An unspecified memory corruption vulnerability exists\n that allows to code execution. (CVE-2012-0759)\n\nA remote attacker can exploit these issues by tricking a user into\nviewing a malicious Shockwave file, resulting in arbitrary code\nexecution.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.adobe.com/support/security/bulletins/apsb12-02.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Adobe Shockwave 11.6.4.634 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2012-0766\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/02/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/12/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:shockwave_player\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"shockwave_player_detect_macosx.nbin\");\n script_require_keys(\"installed_sw/Shockwave Player\", \"Host/MacOSX/Version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"install_func.inc\");\n\nos = get_kb_item(\"Host/MacOSX/Version\");\nif (!os) audit(AUDIT_OS_NOT, \"Mac OS X\");\n\napp = 'Shockwave Player';\n\nget_install_count(app_name:app, exit_if_zero:TRUE);\n\ninstall = get_single_install(app_name:app, exit_if_unknown_ver:TRUE);\n\nver = install['version'];\npath = install['path'];\n\nif (ver_compare(ver:ver, fix:'11.6.3.633', strict:FALSE) <= 0)\n{\n if (report_verbosity > 0)\n {\n report =\n '\\n Path : ' + path +\n '\\n Installed version : ' + ver +\n '\\n Fixed versions : 11.6.4.634' +\n '\\n';\n security_hole(port:0, extra:report);\n }\n else security_hole(port:0);\n}\nelse audit(AUDIT_INST_PATH_NOT_VULN, app, ver, path);\n", "naslFamily": "MacOS X Local Security Checks", "cpe": ["cpe:/a:adobe:shockwave_player"], "solution": "Upgrade to Adobe Shockwave 11.6.4.634 or later.", "nessusSeverity": "", "cvssScoreSource": "CVE-2012-0766", "vpr": {"risk factor": "Medium", "score": "5.9"}, "exploitAvailable": false, "exploitEase": "No known exploits are available", "patchPublicationDate": "2012-02-14T00:00:00", "vulnerabilityPublicationDate": "2012-02-14T00:00:00", "exploitableWith": []}, "lastseen": "2021-08-11T14:11:43", "differentElements": ["nessusSeverity"], "edition": 6}], "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:12207", "SECURITYVULNS:DOC:27690", "SECURITYVULNS:DOC:27689", "SECURITYVULNS:VULN:12208", "SECURITYVULNS:DOC:27687"]}, {"type": "nessus", "idList": ["SHOCKWAVE_PLAYER_APSB12-02.NASL", "OPENSUSE-2013-17.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:802398", "OPENVAS:1361412562310802804", "OPENVAS:802803", "OPENVAS:1361412562310802805", "OPENVAS:802399", "OPENVAS:1361412562310802399", "OPENVAS:802805", "OPENVAS:1361412562310802398", "OPENVAS:802804", "OPENVAS:1361412562310802803"]}, {"type": "seebug", "idList": ["SSV:30122"]}, {"type": "cve", "idList": ["CVE-2012-0761", "CVE-2012-0760", "CVE-2012-0766", "CVE-2012-0758", "CVE-2012-0757", "CVE-2012-0764", "CVE-2012-0762", "CVE-2012-0763", "CVE-2012-0759"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2013:0131-1", "OPENSUSE-SU-2014:1100-1", "OPENSUSE-SU-2013:0149-1"]}], "modified": "2021-08-19T12:47:35", "rev": 2}, "score": {"value": 10.4, "vector": "NONE", "modified": "2021-08-19T12:47:35", "rev": 2}}, "objectVersion": "1.6", "pluginID": "80179", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(80179);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2019/11/25\");\n\n script_cve_id(\n \"CVE-2012-0757\",\n \"CVE-2012-0758\",\n \"CVE-2012-0759\",\n \"CVE-2012-0760\",\n \"CVE-2012-0761\",\n \"CVE-2012-0762\",\n \"CVE-2012-0763\",\n \"CVE-2012-0764\",\n \"CVE-2012-0766\"\n );\n script_bugtraq_id(\n 51999,\n 52000,\n 52001,\n 52002,\n 52003,\n 52004,\n 52005,\n 52006,\n 52007\n );\n\n script_name(english:\"Adobe Shockwave Player <= 11.6.3.633 Multiple Code Execution Vulnerabilities (APSB12-02) (Mac OS X)\");\n script_summary(english:\"Checks the version of Shockwave Player.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Mac OS X host contains a web browser plugin that is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Mac OS X host contains a version of Adobe Shockwave Player\nthat is 11.6.3.633 or earlier. It is, therefore, affected by multiple\ncode execution vulnerabilities.\n\n - Multiple memory corruption issues exist related to the\n Shockwave 3D Asset that allow code execution.\n (CVE-2012-0757, CVE-2012-0760, CVE-2012-0761,\n CVE-2012-0762, CVE-2012-0763, CVE-2012-0764,\n CVE-2012-0766)\n\n - An unspecified heap-based buffer overflow exists that\n allows code execution. (CVE-2012-0758)\n\n - An unspecified memory corruption vulnerability exists\n that allows to code execution. (CVE-2012-0759)\n\nA remote attacker can exploit these issues by tricking a user into\nviewing a malicious Shockwave file, resulting in arbitrary code\nexecution.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.adobe.com/support/security/bulletins/apsb12-02.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Adobe Shockwave 11.6.4.634 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2012-0766\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/02/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/12/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:shockwave_player\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"shockwave_player_detect_macosx.nbin\");\n script_require_keys(\"installed_sw/Shockwave Player\", \"Host/MacOSX/Version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"install_func.inc\");\n\nos = get_kb_item(\"Host/MacOSX/Version\");\nif (!os) audit(AUDIT_OS_NOT, \"Mac OS X\");\n\napp = 'Shockwave Player';\n\nget_install_count(app_name:app, exit_if_zero:TRUE);\n\ninstall = get_single_install(app_name:app, exit_if_unknown_ver:TRUE);\n\nver = install['version'];\npath = install['path'];\n\nif (ver_compare(ver:ver, fix:'11.6.3.633', strict:FALSE) <= 0)\n{\n if (report_verbosity > 0)\n {\n report =\n '\\n Path : ' + path +\n '\\n Installed version : ' + ver +\n '\\n Fixed versions : 11.6.4.634' +\n '\\n';\n security_hole(port:0, extra:report);\n }\n else security_hole(port:0);\n}\nelse audit(AUDIT_INST_PATH_NOT_VULN, app, ver, path);\n", "naslFamily": "MacOS X Local Security Checks", "cpe": ["cpe:/a:adobe:shockwave_player"], "solution": "Upgrade to Adobe Shockwave 11.6.4.634 or later.", "nessusSeverity": "Critical", "cvssScoreSource": "CVE-2012-0766", "vpr": {"risk factor": "Medium", "score": "5.9"}, "exploitAvailable": false, "exploitEase": "No known exploits are available", "patchPublicationDate": "2012-02-14T00:00:00", "vulnerabilityPublicationDate": "2012-02-14T00:00:00", "exploitableWith": [], "_object_type": "robots.models.nessus.NessusBulletin", "_object_types": ["robots.models.base.Bulletin", "robots.models.nessus.NessusBulletin"]}, {"id": "OPENSUSE-2013-17.NASL", "hash": "157607bc7a7c0d9e6bfb060ec382613e", "type": "nessus", "bulletinFamily": "scanner", "title": "openSUSE Security Update : firefox / seamonkey / thunderbird (openSUSE-SU-2013:0149-1)", "description": "The Mozilla January 8th 2013 security release contains updates :\n\nMozilla Firefox was updated to version 18.0. Mozilla SeaMonkey was updated to version 2.15. Mozilla Thunderbird was updated to version 17.0.2. Mozilla XULRunner was updated to version 17.0.2.\n\n - MFSA 2013-01/CVE-2013-0749/CVE-2013-0769/CVE-2013-0770 Miscellaneous memory safety hazards\n\n - MFSA 2013-02/CVE-2013-0760/CVE-2013-0762/CVE-2013-0766/CVE-20 13-0767 CVE-2013-0761/CVE-2013-0763/CVE-2013-0771/CVE-2012-5829 Use-after-free and buffer overflow issues found using Address Sanitizer\n\n - MFSA 2013-03/CVE-2013-0768 (bmo#815795) Buffer Overflow in Canvas\n\n - MFSA 2013-04/CVE-2012-0759 (bmo#802026) URL spoofing in addressbar during page loads\n\n - MFSA 2013-05/CVE-2013-0744 (bmo#814713) Use-after-free when displaying table with many columns and column groups\n\n - MFSA 2013-06/CVE-2013-0751 (bmo#790454) Touch events are shared across iframes\n\n - MFSA 2013-07/CVE-2013-0764 (bmo#804237) Crash due to handling of SSL on threads\n\n - MFSA 2013-08/CVE-2013-0745 (bmo#794158) AutoWrapperChanger fails to keep objects alive during garbage collection\n\n - MFSA 2013-09/CVE-2013-0746 (bmo#816842) Compartment mismatch with quickstubs returned values\n\n - MFSA 2013-10/CVE-2013-0747 (bmo#733305) Event manipulation in plugin handler to bypass same-origin policy\n\n - MFSA 2013-11/CVE-2013-0748 (bmo#806031) Address space layout leaked in XBL objects\n\n - MFSA 2013-12/CVE-2013-0750 (bmo#805121) Buffer overflow in JavaScript string concatenation\n\n - MFSA 2013-13/CVE-2013-0752 (bmo#805024) Memory corruption in XBL with XML bindings containing SVG\n\n - MFSA 2013-14/CVE-2013-0757 (bmo#813901) Chrome Object Wrapper (COW) bypass through changing prototype\n\n - MFSA 2013-15/CVE-2013-0758 (bmo#813906) Privilege escalation through plugin objects\n\n - MFSA 2013-16/CVE-2013-0753 (bmo#814001) Use-after-free in serializeToStream\n\n - MFSA 2013-17/CVE-2013-0754 (bmo#814026) Use-after-free in ListenerManager\n\n - MFSA 2013-18/CVE-2013-0755 (bmo#814027) Use-after-free in Vibrate\n\n - MFSA 2013-19/CVE-2013-0756 (bmo#814029) Use-after-free in JavaScript Proxy objects\n\nMozilla NSPR was updated to 4.9.4, containing some small bugfixes and new features.\n\nMozilla NSS was updated to 3.14.1 containing various new features, security fix and bugfixes :\n\n - MFSA 2013-20/CVE-2013-0743 (bmo#825022, bnc#796628) revoke mis-issued intermediate certificates from TURKTRUST\n\nCryptographic changes done :\n\n - Support for TLS 1.1 (RFC 4346)\n\n - Experimental support for DTLS 1.0 (RFC 4347) and DTLS-SRTP (RFC 5764)\n\n - Support for AES-CTR, AES-CTS, and AES-GCM\n\n - Support for Keying Material Exporters for TLS (RFC 5705)\n\n - Support for certificate signatures using the MD5 hash algorithm is now disabled by default\n\n - The NSS license has changed to MPL 2.0. Previous releases were released under a MPL 1.1/GPL 2.0/LGPL 2.1 tri-license. For more information about MPL 2.0, please see http://www.mozilla.org/MPL/2.0/FAQ.html. For an additional explanation on GPL/LGPL compatibility, see security/nss/COPYING in the source code.\n\n - Export and DES cipher suites are disabled by default.\n Non-ECC AES and Triple DES cipher suites are enabled by default\n\nPlease see http://www.mozilla.org/security/announce/ for more information.", "published": "2014-06-13T00:00:00", "modified": "2021-01-19T00:00:00", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {"score": null, "vector": null}, "href": "https://www.tenable.com/plugins/nessus/74918", "reporter": "This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0745", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0763", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0766", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0749", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0759", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0764", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0756", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0770", "https://lists.opensuse.org/opensuse-updates/2013-01/msg00040.html", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0748", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0747", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0754", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0752", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0746", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0757", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0744", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0769", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0767", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0760", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0759", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0755", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0751", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0750", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0768", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0771", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0761", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5829", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0758", "https://bugzilla.novell.com/show_bug.cgi?id=796628", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0753", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0762", "https://www.mozilla.org/en-US/MPL/2.0/FAQ.html.", "https://www.mozilla.org/en-US/security/advisories/"], "cvelist": ["CVE-2012-0759", "CVE-2012-5829", "CVE-2013-0744", "CVE-2013-0745", "CVE-2013-0746", "CVE-2013-0747", "CVE-2013-0748", "CVE-2013-0749", "CVE-2013-0750", "CVE-2013-0751", "CVE-2013-0752", "CVE-2013-0753", "CVE-2013-0754", "CVE-2013-0755", "CVE-2013-0756", "CVE-2013-0757", "CVE-2013-0758", "CVE-2013-0759", "CVE-2013-0760", "CVE-2013-0761", "CVE-2013-0762", "CVE-2013-0763", "CVE-2013-0764", "CVE-2013-0766", "CVE-2013-0767", "CVE-2013-0768", "CVE-2013-0769", "CVE-2013-0770", "CVE-2013-0771"], "immutableFields": [], "lastseen": "2021-10-14T02:40:24", "history": [{"bulletin": {"id": "OPENSUSE-2013-17.NASL", "hash": "ff66c87d652abe6543afcec044faff6266c78df970eac2af5a8cd5e654519e21", "type": "nessus", "bulletinFamily": "scanner", "title": "openSUSE Security Update : firefox / seamonkey / thunderbird (openSUSE-SU-2013:0149-1)", "description": "The Mozilla January 8th 2013 security release contains updates :\n\nMozilla Firefox was updated to version 18.0. Mozilla SeaMonkey was updated to version 2.15. Mozilla Thunderbird was updated to version 17.0.2. Mozilla XULRunner was updated to version 17.0.2.\n\n - MFSA 2013-01/CVE-2013-0749/CVE-2013-0769/CVE-2013-0770 Miscellaneous memory safety hazards\n\n - MFSA 2013-02/CVE-2013-0760/CVE-2013-0762/CVE-2013-0766/CVE-20 13-0767 CVE-2013-0761/CVE-2013-0763/CVE-2013-0771/CVE-2012-5829 Use-after-free and buffer overflow issues found using Address Sanitizer\n\n - MFSA 2013-03/CVE-2013-0768 (bmo#815795) Buffer Overflow in Canvas\n\n - MFSA 2013-04/CVE-2012-0759 (bmo#802026) URL spoofing in addressbar during page loads\n\n - MFSA 2013-05/CVE-2013-0744 (bmo#814713) Use-after-free when displaying table with many columns and column groups\n\n - MFSA 2013-06/CVE-2013-0751 (bmo#790454) Touch events are shared across iframes\n\n - MFSA 2013-07/CVE-2013-0764 (bmo#804237) Crash due to handling of SSL on threads\n\n - MFSA 2013-08/CVE-2013-0745 (bmo#794158) AutoWrapperChanger fails to keep objects alive during garbage collection\n\n - MFSA 2013-09/CVE-2013-0746 (bmo#816842) Compartment mismatch with quickstubs returned values\n\n - MFSA 2013-10/CVE-2013-0747 (bmo#733305) Event manipulation in plugin handler to bypass same-origin policy\n\n - MFSA 2013-11/CVE-2013-0748 (bmo#806031) Address space layout leaked in XBL objects\n\n - MFSA 2013-12/CVE-2013-0750 (bmo#805121) Buffer overflow in JavaScript string concatenation\n\n - MFSA 2013-13/CVE-2013-0752 (bmo#805024) Memory corruption in XBL with XML bindings containing SVG\n\n - MFSA 2013-14/CVE-2013-0757 (bmo#813901) Chrome Object Wrapper (COW) bypass through changing prototype\n\n - MFSA 2013-15/CVE-2013-0758 (bmo#813906) Privilege escalation through plugin objects\n\n - MFSA 2013-16/CVE-2013-0753 (bmo#814001) Use-after-free in serializeToStream\n\n - MFSA 2013-17/CVE-2013-0754 (bmo#814026) Use-after-free in ListenerManager\n\n - MFSA 2013-18/CVE-2013-0755 (bmo#814027) Use-after-free in Vibrate\n\n - MFSA 2013-19/CVE-2013-0756 (bmo#814029) Use-after-free in JavaScript Proxy objects\n\nMozilla NSPR was updated to 4.9.4, containing some small bugfixes and new features.\n\nMozilla NSS was updated to 3.14.1 containing various new features, security fix and bugfixes :\n\n - MFSA 2013-20/CVE-2013-0743 (bmo#825022, bnc#796628) revoke mis-issued intermediate certificates from TURKTRUST\n\nCryptographic changes done :\n\n - Support for TLS 1.1 (RFC 4346)\n\n - Experimental support for DTLS 1.0 (RFC 4347) and DTLS-SRTP (RFC 5764)\n\n - Support for AES-CTR, AES-CTS, and AES-GCM\n\n - Support for Keying Material Exporters for TLS (RFC 5705)\n\n - Support for certificate signatures using the MD5 hash algorithm is now disabled by default\n\n - The NSS license has changed to MPL 2.0. Previous releases were released under a MPL 1.1/GPL 2.0/LGPL 2.1 tri-license. For more information about MPL 2.0, please see http://www.mozilla.org/MPL/2.0/FAQ.html. For an additional explanation on GPL/LGPL compatibility, see security/nss/COPYING in the source code.\n\n - Export and DES cipher suites are disabled by default.\n Non-ECC AES and Triple DES cipher suites are enabled by default\n\nPlease see http://www.mozilla.org/security/announce/ for more information.", "published": "2014-06-13T00:00:00", "modified": "2014-09-03T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=74918", "reporter": "Tenable", "references": ["http://lists.opensuse.org/opensuse-updates/2013-01/msg00040.html", "https://bugzilla.novell.com/show_bug.cgi?id=796628", "http://www.mozilla.org/security/announce/", "http://www.mozilla.org/MPL/2.0/FAQ.html."], "cvelist": ["CVE-2013-0763", "CVE-2013-0746", "CVE-2012-5829", "CVE-2013-0766", "CVE-2013-0747", "CVE-2013-0751", "CVE-2013-0744", "CVE-2013-0748", "CVE-2013-0768", "CVE-2013-0755", "CVE-2013-0752", "CVE-2013-0754", "CVE-2013-0769", "CVE-2013-0771", "CVE-2013-0757", "CVE-2013-0749", "CVE-2013-0761", "CVE-2012-0759", "CVE-2013-0745", "CVE-2013-0756", "CVE-2013-0760", "CVE-2013-0767", "CVE-2013-0762", "CVE-2013-0753", "CVE-2013-0750", "CVE-2013-0759", "CVE-2013-0770", "CVE-2013-0758", "CVE-2013-0764"], "immutableFields": [], "lastseen": "2018-09-02T00:06:53", "history": [], "viewCount": 0, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "74918", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2013-17.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(74918);\n script_version(\"$Revision: 1.3 $\");\n script_cvs_date(\"$Date: 2014/09/03 15:02:31 $\");\n\n script_cve_id(\"CVE-2012-0759\", \"CVE-2012-5829\", \"CVE-2013-0744\", \"CVE-2013-0745\", \"CVE-2013-0746\", \"CVE-2013-0747\", \"CVE-2013-0748\", \"CVE-2013-0749\", \"CVE-2013-0750\", \"CVE-2013-0751\", \"CVE-2013-0752\", \"CVE-2013-0753\", \"CVE-2013-0754\", \"CVE-2013-0755\", \"CVE-2013-0756\", \"CVE-2013-0757\", \"CVE-2013-0758\", \"CVE-2013-0759\", \"CVE-2013-0760\", \"CVE-2013-0761\", \"CVE-2013-0762\", \"CVE-2013-0763\", \"CVE-2013-0764\", \"CVE-2013-0766\", \"CVE-2013-0767\", \"CVE-2013-0768\", \"CVE-2013-0769\", \"CVE-2013-0770\", \"CVE-2013-0771\");\n\n script_name(english:\"openSUSE Security Update : firefox / seamonkey / thunderbird (openSUSE-SU-2013:0149-1)\");\n script_summary(english:\"Check for the openSUSE-2013-17 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Mozilla January 8th 2013 security release contains updates :\n\nMozilla Firefox was updated to version 18.0. Mozilla SeaMonkey was\nupdated to version 2.15. Mozilla Thunderbird was updated to version\n17.0.2. Mozilla XULRunner was updated to version 17.0.2.\n\n - MFSA 2013-01/CVE-2013-0749/CVE-2013-0769/CVE-2013-0770\n Miscellaneous memory safety hazards\n\n - MFSA\n 2013-02/CVE-2013-0760/CVE-2013-0762/CVE-2013-0766/CVE-20\n 13-0767\n CVE-2013-0761/CVE-2013-0763/CVE-2013-0771/CVE-2012-5829\n Use-after-free and buffer overflow issues found using\n Address Sanitizer\n\n - MFSA 2013-03/CVE-2013-0768 (bmo#815795) Buffer Overflow\n in Canvas\n\n - MFSA 2013-04/CVE-2012-0759 (bmo#802026) URL spoofing in\n addressbar during page loads\n\n - MFSA 2013-05/CVE-2013-0744 (bmo#814713) Use-after-free\n when displaying table with many columns and column\n groups\n\n - MFSA 2013-06/CVE-2013-0751 (bmo#790454) Touch events are\n shared across iframes\n\n - MFSA 2013-07/CVE-2013-0764 (bmo#804237) Crash due to\n handling of SSL on threads\n\n - MFSA 2013-08/CVE-2013-0745 (bmo#794158)\n AutoWrapperChanger fails to keep objects alive during\n garbage collection\n\n - MFSA 2013-09/CVE-2013-0746 (bmo#816842) Compartment\n mismatch with quickstubs returned values\n\n - MFSA 2013-10/CVE-2013-0747 (bmo#733305) Event\n manipulation in plugin handler to bypass same-origin\n policy\n\n - MFSA 2013-11/CVE-2013-0748 (bmo#806031) Address space\n layout leaked in XBL objects\n\n - MFSA 2013-12/CVE-2013-0750 (bmo#805121) Buffer overflow\n in JavaScript string concatenation\n\n - MFSA 2013-13/CVE-2013-0752 (bmo#805024) Memory\n corruption in XBL with XML bindings containing SVG\n\n - MFSA 2013-14/CVE-2013-0757 (bmo#813901) Chrome Object\n Wrapper (COW) bypass through changing prototype\n\n - MFSA 2013-15/CVE-2013-0758 (bmo#813906) Privilege\n escalation through plugin objects\n\n - MFSA 2013-16/CVE-2013-0753 (bmo#814001) Use-after-free\n in serializeToStream\n\n - MFSA 2013-17/CVE-2013-0754 (bmo#814026) Use-after-free\n in ListenerManager\n\n - MFSA 2013-18/CVE-2013-0755 (bmo#814027) Use-after-free\n in Vibrate\n\n - MFSA 2013-19/CVE-2013-0756 (bmo#814029) Use-after-free\n in JavaScript Proxy objects\n\nMozilla NSPR was updated to 4.9.4, containing some small bugfixes and\nnew features.\n\nMozilla NSS was updated to 3.14.1 containing various new features,\nsecurity fix and bugfixes :\n\n - MFSA 2013-20/CVE-2013-0743 (bmo#825022, bnc#796628)\n revoke mis-issued intermediate certificates from\n TURKTRUST\n\nCryptographic changes done :\n\n - Support for TLS 1.1 (RFC 4346)\n\n - Experimental support for DTLS 1.0 (RFC 4347) and\n DTLS-SRTP (RFC 5764)\n\n - Support for AES-CTR, AES-CTS, and AES-GCM\n\n - Support for Keying Material Exporters for TLS (RFC 5705)\n\n - Support for certificate signatures using the MD5 hash\n algorithm is now disabled by default\n\n - The NSS license has changed to MPL 2.0. Previous\n releases were released under a MPL 1.1/GPL 2.0/LGPL 2.1\n tri-license. For more information about MPL 2.0, please\n see http://www.mozilla.org/MPL/2.0/FAQ.html. For an\n additional explanation on GPL/LGPL compatibility, see\n security/nss/COPYING in the source code.\n\n - Export and DES cipher suites are disabled by default.\n Non-ECC AES and Triple DES cipher suites are enabled by\n default\n\nPlease see http://www.mozilla.org/security/announce/ for more\ninformation.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://lists.opensuse.org/opensuse-updates/2013-01/msg00040.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/MPL/2.0/FAQ.html.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=796628\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected firefox / seamonkey / thunderbird packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Firefox 17.0.1 Flash Privileged Code Injection');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-branding-upstream\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-buildsymbols\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-buildsymbols\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:enigmail\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:enigmail-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreebl3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreebl3-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreebl3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreebl3-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsoftokn3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsoftokn3-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsoftokn3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsoftokn3-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-js\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-js-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-js-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-js-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nspr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nspr-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nspr-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nspr-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nspr-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nspr-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-certs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-certs-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-certs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-certs-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-dom-inspector\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-irc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-venkman\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xulrunner\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xulrunner-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xulrunner-buildsymbols\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xulrunner-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xulrunner-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xulrunner-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xulrunner-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xulrunner-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/01/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.1|SUSE12\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.1 / 12.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaFirefox-18.0-2.58.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaFirefox-branding-upstream-18.0-2.58.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaFirefox-buildsymbols-18.0-2.58.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaFirefox-debuginfo-18.0-2.58.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaFirefox-debugsource-18.0-2.58.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaFirefox-devel-18.0-2.58.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaFirefox-translations-common-18.0-2.58.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaFirefox-translations-other-18.0-2.58.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaThunderbird-17.0.2-33.47.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaThunderbird-buildsymbols-17.0.2-33.47.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaThunderbird-debuginfo-17.0.2-33.47.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaThunderbird-debugsource-17.0.2-33.47.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaThunderbird-devel-17.0.2-33.47.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaThunderbird-devel-debuginfo-17.0.2-33.47.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaThunderbird-translations-common-17.0.2-33.47.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaThunderbird-translations-other-17.0.2-33.47.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"enigmail-1.5.0+17.0.2-33.47.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"enigmail-debuginfo-1.5.0+17.0.2-33.47.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libfreebl3-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libfreebl3-debuginfo-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libsoftokn3-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libsoftokn3-debuginfo-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-js-17.0.2-2.53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-js-debuginfo-17.0.2-2.53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nspr-4.9.4-3.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nspr-debuginfo-4.9.4-3.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nspr-debugsource-4.9.4-3.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nspr-devel-4.9.4-3.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nss-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nss-certs-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nss-certs-debuginfo-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nss-debuginfo-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nss-debugsource-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nss-devel-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nss-sysinit-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nss-sysinit-debuginfo-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nss-tools-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nss-tools-debuginfo-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"seamonkey-2.15-2.49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"seamonkey-debuginfo-2.15-2.49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"seamonkey-debugsource-2.15-2.49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"seamonkey-dom-inspector-2.15-2.49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"seamonkey-irc-2.15-2.49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"seamonkey-translations-common-2.15-2.49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"seamonkey-translations-other-2.15-2.49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"seamonkey-venkman-2.15-2.49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"xulrunner-17.0.2-2.53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"xulrunner-buildsymbols-17.0.2-2.53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"xulrunner-debuginfo-17.0.2-2.53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"xulrunner-debugsource-17.0.2-2.53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"xulrunner-devel-17.0.2-2.53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"xulrunner-devel-debuginfo-17.0.2-2.53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"libfreebl3-32bit-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"libfreebl3-debuginfo-32bit-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"libsoftokn3-32bit-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"libsoftokn3-debuginfo-32bit-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"mozilla-js-32bit-17.0.2-2.53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"mozilla-js-debuginfo-32bit-17.0.2-2.53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"mozilla-nspr-32bit-4.9.4-3.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"mozilla-nspr-debuginfo-32bit-4.9.4-3.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"mozilla-nss-32bit-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"mozilla-nss-certs-32bit-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"mozilla-nss-certs-debuginfo-32bit-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"mozilla-nss-debuginfo-32bit-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"mozilla-nss-sysinit-32bit-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"mozilla-nss-sysinit-debuginfo-32bit-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"xulrunner-32bit-17.0.2-2.53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"xulrunner-debuginfo-32bit-17.0.2-2.53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaFirefox-18.0-2.29.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaFirefox-branding-upstream-18.0-2.29.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaFirefox-buildsymbols-18.0-2.29.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaFirefox-debuginfo-18.0-2.29.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaFirefox-debugsource-18.0-2.29.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaFirefox-devel-18.0-2.29.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaFirefox-translations-common-18.0-2.29.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaFirefox-translations-other-18.0-2.29.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaThunderbird-17.0.2-49.27.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaThunderbird-buildsymbols-17.0.2-49.27.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaThunderbird-debuginfo-17.0.2-49.27.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaThunderbird-debugsource-17.0.2-49.27.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaThunderbird-devel-17.0.2-49.27.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaThunderbird-devel-debuginfo-17.0.2-49.27.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaThunderbird-translations-common-17.0.2-49.27.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaThunderbird-translations-other-17.0.2-49.27.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"enigmail-1.5.0+17.0.2-49.27.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"enigmail-debuginfo-1.5.0+17.0.2-49.27.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"libfreebl3-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"libfreebl3-debuginfo-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"libsoftokn3-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"libsoftokn3-debuginfo-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-js-17.0.2-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-js-debuginfo-17.0.2-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-nspr-4.9.4-1.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-nspr-debuginfo-4.9.4-1.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-nspr-debugsource-4.9.4-1.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-nspr-devel-4.9.4-1.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-nss-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-nss-certs-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-nss-certs-debuginfo-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-nss-debuginfo-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-nss-debugsource-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-nss-devel-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-nss-sysinit-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-nss-sysinit-debuginfo-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-nss-tools-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-nss-tools-debuginfo-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"seamonkey-2.15-2.30.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"seamonkey-debuginfo-2.15-2.30.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"seamonkey-debugsource-2.15-2.30.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"seamonkey-dom-inspector-2.15-2.30.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"seamonkey-irc-2.15-2.30.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"seamonkey-translations-common-2.15-2.30.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"seamonkey-translations-other-2.15-2.30.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"seamonkey-venkman-2.15-2.30.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"xulrunner-17.0.2-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"xulrunner-buildsymbols-17.0.2-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"xulrunner-debuginfo-17.0.2-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"xulrunner-debugsource-17.0.2-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"xulrunner-devel-17.0.2-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"xulrunner-devel-debuginfo-17.0.2-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"libfreebl3-32bit-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"libfreebl3-debuginfo-32bit-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"libsoftokn3-32bit-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"libsoftokn3-debuginfo-32bit-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"mozilla-js-32bit-17.0.2-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"mozilla-js-debuginfo-32bit-17.0.2-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"mozilla-nspr-32bit-4.9.4-1.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"mozilla-nspr-debuginfo-32bit-4.9.4-1.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"mozilla-nss-32bit-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"mozilla-nss-certs-32bit-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"mozilla-nss-certs-debuginfo-32bit-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"mozilla-nss-debuginfo-32bit-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"mozilla-nss-sysinit-32bit-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"mozilla-nss-sysinit-debuginfo-32bit-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"xulrunner-32bit-17.0.2-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"xulrunner-debuginfo-32bit-17.0.2-2.26.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MozillaFirefox / MozillaFirefox-branding-upstream / etc\");\n}\n", "naslFamily": "SuSE Local Security Checks", "cpe": ["p-cpe:/a:novell:opensuse:MozillaFirefox-translations-common", "p-cpe:/a:novell:opensuse:mozilla-js", "p-cpe:/a:novell:opensuse:MozillaFirefox-buildsymbols", "p-cpe:/a:novell:opensuse:libfreebl3-debuginfo", "p-cpe:/a:novell:opensuse:mozilla-nss-tools-debuginfo", "p-cpe:/a:novell:opensuse:mozilla-nspr-debuginfo", "p-cpe:/a:novell:opensuse:libfreebl3", "p-cpe:/a:novell:opensuse:seamonkey-debugsource", "p-cpe:/a:novell:opensuse:libsoftokn3-32bit", "p-cpe:/a:novell:opensuse:mozilla-nss-certs", "p-cpe:/a:novell:opensuse:mozilla-nss-32bit", "p-cpe:/a:novell:opensuse:MozillaFirefox-debuginfo", "cpe:/o:novell:opensuse:12.1", "p-cpe:/a:novell:opensuse:libsoftokn3-debuginfo-32bit", "p-cpe:/a:novell:opensuse:MozillaThunderbird-debuginfo", "p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-other", "p-cpe:/a:novell:opensuse:MozillaThunderbird-debugsource", "p-cpe:/a:novell:opensuse:xulrunner-devel", "p-cpe:/a:novell:opensuse:MozillaFirefox-devel", "p-cpe:/a:novell:opensuse:mozilla-nss-debugsource", "p-cpe:/a:novell:opensuse:mozilla-nspr", "p-cpe:/a:novell:opensuse:MozillaThunderbird", "p-cpe:/a:novell:opensuse:seamonkey-debuginfo", "p-cpe:/a:novell:opensuse:MozillaThunderbird-buildsymbols", "p-cpe:/a:novell:opensuse:MozillaThunderbird-devel", "p-cpe:/a:novell:opensuse:seamonkey-dom-inspector", "p-cpe:/a:novell:opensuse:mozilla-nss-tools", "p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libsoftokn3", "p-cpe:/a:novell:opensuse:mozilla-nspr-32bit", "p-cpe:/a:novell:opensuse:MozillaThunderbird-devel-debuginfo", "p-cpe:/a:novell:opensuse:xulrunner-debuginfo", "p-cpe:/a:novell:opensuse:mozilla-nss", "p-cpe:/a:novell:opensuse:seamonkey-translations-other", "p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-debuginfo", "p-cpe:/a:novell:opensuse:mozilla-js-debuginfo-32bit", "p-cpe:/a:novell:opensuse:mozilla-nss-certs-debuginfo", "p-cpe:/a:novell:opensuse:mozilla-nss-certs-32bit", "p-cpe:/a:novell:opensuse:mozilla-nspr-debuginfo-32bit", "p-cpe:/a:novell:opensuse:seamonkey-venkman", "p-cpe:/a:novell:opensuse:mozilla-nss-debuginfo", "p-cpe:/a:novell:opensuse:MozillaFirefox-branding-upstream", "p-cpe:/a:novell:opensuse:xulrunner-32bit", "p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-32bit", "p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-common", "p-cpe:/a:novell:opensuse:mozilla-nss-certs-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libsoftokn3-debuginfo", "p-cpe:/a:novell:opensuse:xulrunner-debuginfo-32bit", "p-cpe:/a:novell:opensuse:xulrunner-debugsource", "p-cpe:/a:novell:opensuse:mozilla-js-32bit", "p-cpe:/a:novell:opensuse:seamonkey-translations-common", "p-cpe:/a:novell:opensuse:mozilla-nspr-devel", "p-cpe:/a:novell:opensuse:mozilla-js-debuginfo", "p-cpe:/a:novell:opensuse:xulrunner", "p-cpe:/a:novell:opensuse:mozilla-nss-debuginfo-32bit", "p-cpe:/a:novell:opensuse:seamonkey-irc", "p-cpe:/a:novell:opensuse:enigmail", "p-cpe:/a:novell:opensuse:mozilla-nss-sysinit", "p-cpe:/a:novell:opensuse:MozillaFirefox-translations-other", "p-cpe:/a:novell:opensuse:MozillaFirefox-debugsource", "p-cpe:/a:novell:opensuse:libfreebl3-debuginfo-32bit", "p-cpe:/a:novell:opensuse:MozillaFirefox", "p-cpe:/a:novell:opensuse:libfreebl3-32bit", "p-cpe:/a:novell:opensuse:mozilla-nss-devel", "p-cpe:/a:novell:opensuse:xulrunner-devel-debuginfo", "p-cpe:/a:novell:opensuse:xulrunner-buildsymbols", "p-cpe:/a:novell:opensuse:mozilla-nspr-debugsource", "p-cpe:/a:novell:opensuse:seamonkey", "cpe:/o:novell:opensuse:12.2", "p-cpe:/a:novell:opensuse:enigmail-debuginfo"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2018-09-02T00:06:53", "differentElements": ["modified", "references", "sourceData"], "edition": 1}, {"bulletin": {"id": "OPENSUSE-2013-17.NASL", "hash": "4456248c1df45fb391bcfdf4a4472fa5bb3126bf975531a2377e53c03b0f2d27", "type": "nessus", "bulletinFamily": "scanner", "title": "openSUSE Security Update : firefox / seamonkey / thunderbird (openSUSE-SU-2013:0149-1)", "description": "The Mozilla January 8th 2013 security release contains updates :\n\nMozilla Firefox was updated to version 18.0. Mozilla SeaMonkey was updated to version 2.15. Mozilla Thunderbird was updated to version 17.0.2. Mozilla XULRunner was updated to version 17.0.2.\n\n - MFSA 2013-01/CVE-2013-0749/CVE-2013-0769/CVE-2013-0770 Miscellaneous memory safety hazards\n\n - MFSA 2013-02/CVE-2013-0760/CVE-2013-0762/CVE-2013-0766/CVE-20 13-0767 CVE-2013-0761/CVE-2013-0763/CVE-2013-0771/CVE-2012-5829 Use-after-free and buffer overflow issues found using Address Sanitizer\n\n - MFSA 2013-03/CVE-2013-0768 (bmo#815795) Buffer Overflow in Canvas\n\n - MFSA 2013-04/CVE-2012-0759 (bmo#802026) URL spoofing in addressbar during page loads\n\n - MFSA 2013-05/CVE-2013-0744 (bmo#814713) Use-after-free when displaying table with many columns and column groups\n\n - MFSA 2013-06/CVE-2013-0751 (bmo#790454) Touch events are shared across iframes\n\n - MFSA 2013-07/CVE-2013-0764 (bmo#804237) Crash due to handling of SSL on threads\n\n - MFSA 2013-08/CVE-2013-0745 (bmo#794158) AutoWrapperChanger fails to keep objects alive during garbage collection\n\n - MFSA 2013-09/CVE-2013-0746 (bmo#816842) Compartment mismatch with quickstubs returned values\n\n - MFSA 2013-10/CVE-2013-0747 (bmo#733305) Event manipulation in plugin handler to bypass same-origin policy\n\n - MFSA 2013-11/CVE-2013-0748 (bmo#806031) Address space layout leaked in XBL objects\n\n - MFSA 2013-12/CVE-2013-0750 (bmo#805121) Buffer overflow in JavaScript string concatenation\n\n - MFSA 2013-13/CVE-2013-0752 (bmo#805024) Memory corruption in XBL with XML bindings containing SVG\n\n - MFSA 2013-14/CVE-2013-0757 (bmo#813901) Chrome Object Wrapper (COW) bypass through changing prototype\n\n - MFSA 2013-15/CVE-2013-0758 (bmo#813906) Privilege escalation through plugin objects\n\n - MFSA 2013-16/CVE-2013-0753 (bmo#814001) Use-after-free in serializeToStream\n\n - MFSA 2013-17/CVE-2013-0754 (bmo#814026) Use-after-free in ListenerManager\n\n - MFSA 2013-18/CVE-2013-0755 (bmo#814027) Use-after-free in Vibrate\n\n - MFSA 2013-19/CVE-2013-0756 (bmo#814029) Use-after-free in JavaScript Proxy objects\n\nMozilla NSPR was updated to 4.9.4, containing some small bugfixes and new features.\n\nMozilla NSS was updated to 3.14.1 containing various new features, security fix and bugfixes :\n\n - MFSA 2013-20/CVE-2013-0743 (bmo#825022, bnc#796628) revoke mis-issued intermediate certificates from TURKTRUST\n\nCryptographic changes done :\n\n - Support for TLS 1.1 (RFC 4346)\n\n - Experimental support for DTLS 1.0 (RFC 4347) and DTLS-SRTP (RFC 5764)\n\n - Support for AES-CTR, AES-CTS, and AES-GCM\n\n - Support for Keying Material Exporters for TLS (RFC 5705)\n\n - Support for certificate signatures using the MD5 hash algorithm is now disabled by default\n\n - The NSS license has changed to MPL 2.0. Previous releases were released under a MPL 1.1/GPL 2.0/LGPL 2.1 tri-license. For more information about MPL 2.0, please see http://www.mozilla.org/MPL/2.0/FAQ.html. For an additional explanation on GPL/LGPL compatibility, see security/nss/COPYING in the source code.\n\n - Export and DES cipher suites are disabled by default.\n Non-ECC AES and Triple DES cipher suites are enabled by default\n\nPlease see http://www.mozilla.org/security/announce/ for more information.", "published": "2014-06-13T00:00:00", "modified": "2018-11-10T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=74918", "reporter": "Tenable", "references": ["https://bugzilla.novell.com/show_bug.cgi?id=796628", "http://www.mozilla.org/security/announce/", "https://lists.opensuse.org/opensuse-updates/2013-01/msg00040.html", "http://www.mozilla.org/MPL/2.0/FAQ.html."], "cvelist": ["CVE-2013-0763", "CVE-2013-0746", "CVE-2012-5829", "CVE-2013-0766", "CVE-2013-0747", "CVE-2013-0751", "CVE-2013-0744", "CVE-2013-0748", "CVE-2013-0768", "CVE-2013-0755", "CVE-2013-0752", "CVE-2013-0754", "CVE-2013-0769", "CVE-2013-0771", "CVE-2013-0757", "CVE-2013-0749", "CVE-2013-0761", "CVE-2012-0759", "CVE-2013-0745", "CVE-2013-0756", "CVE-2013-0760", "CVE-2013-0767", "CVE-2013-0762", "CVE-2013-0753", "CVE-2013-0750", "CVE-2013-0759", "CVE-2013-0770", "CVE-2013-0758", "CVE-2013-0764"], "immutableFields": [], "lastseen": "2018-11-13T17:09:09", "history": [], "viewCount": 0, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "74918", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2013-17.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(74918);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2018/11/10 11:50:01\");\n\n script_cve_id(\"CVE-2012-0759\", \"CVE-2012-5829\", \"CVE-2013-0744\", \"CVE-2013-0745\", \"CVE-2013-0746\", \"CVE-2013-0747\", \"CVE-2013-0748\", \"CVE-2013-0749\", \"CVE-2013-0750\", \"CVE-2013-0751\", \"CVE-2013-0752\", \"CVE-2013-0753\", \"CVE-2013-0754\", \"CVE-2013-0755\", \"CVE-2013-0756\", \"CVE-2013-0757\", \"CVE-2013-0758\", \"CVE-2013-0759\", \"CVE-2013-0760\", \"CVE-2013-0761\", \"CVE-2013-0762\", \"CVE-2013-0763\", \"CVE-2013-0764\", \"CVE-2013-0766\", \"CVE-2013-0767\", \"CVE-2013-0768\", \"CVE-2013-0769\", \"CVE-2013-0770\", \"CVE-2013-0771\");\n\n script_name(english:\"openSUSE Security Update : firefox / seamonkey / thunderbird (openSUSE-SU-2013:0149-1)\");\n script_summary(english:\"Check for the openSUSE-2013-17 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Mozilla January 8th 2013 security release contains updates :\n\nMozilla Firefox was updated to version 18.0. Mozilla SeaMonkey was\nupdated to version 2.15. Mozilla Thunderbird was updated to version\n17.0.2. Mozilla XULRunner was updated to version 17.0.2.\n\n - MFSA 2013-01/CVE-2013-0749/CVE-2013-0769/CVE-2013-0770\n Miscellaneous memory safety hazards\n\n - MFSA\n 2013-02/CVE-2013-0760/CVE-2013-0762/CVE-2013-0766/CVE-20\n 13-0767\n CVE-2013-0761/CVE-2013-0763/CVE-2013-0771/CVE-2012-5829\n Use-after-free and buffer overflow issues found using\n Address Sanitizer\n\n - MFSA 2013-03/CVE-2013-0768 (bmo#815795) Buffer Overflow\n in Canvas\n\n - MFSA 2013-04/CVE-2012-0759 (bmo#802026) URL spoofing in\n addressbar during page loads\n\n - MFSA 2013-05/CVE-2013-0744 (bmo#814713) Use-after-free\n when displaying table with many columns and column\n groups\n\n - MFSA 2013-06/CVE-2013-0751 (bmo#790454) Touch events are\n shared across iframes\n\n - MFSA 2013-07/CVE-2013-0764 (bmo#804237) Crash due to\n handling of SSL on threads\n\n - MFSA 2013-08/CVE-2013-0745 (bmo#794158)\n AutoWrapperChanger fails to keep objects alive during\n garbage collection\n\n - MFSA 2013-09/CVE-2013-0746 (bmo#816842) Compartment\n mismatch with quickstubs returned values\n\n - MFSA 2013-10/CVE-2013-0747 (bmo#733305) Event\n manipulation in plugin handler to bypass same-origin\n policy\n\n - MFSA 2013-11/CVE-2013-0748 (bmo#806031) Address space\n layout leaked in XBL objects\n\n - MFSA 2013-12/CVE-2013-0750 (bmo#805121) Buffer overflow\n in JavaScript string concatenation\n\n - MFSA 2013-13/CVE-2013-0752 (bmo#805024) Memory\n corruption in XBL with XML bindings containing SVG\n\n - MFSA 2013-14/CVE-2013-0757 (bmo#813901) Chrome Object\n Wrapper (COW) bypass through changing prototype\n\n - MFSA 2013-15/CVE-2013-0758 (bmo#813906) Privilege\n escalation through plugin objects\n\n - MFSA 2013-16/CVE-2013-0753 (bmo#814001) Use-after-free\n in serializeToStream\n\n - MFSA 2013-17/CVE-2013-0754 (bmo#814026) Use-after-free\n in ListenerManager\n\n - MFSA 2013-18/CVE-2013-0755 (bmo#814027) Use-after-free\n in Vibrate\n\n - MFSA 2013-19/CVE-2013-0756 (bmo#814029) Use-after-free\n in JavaScript Proxy objects\n\nMozilla NSPR was updated to 4.9.4, containing some small bugfixes and\nnew features.\n\nMozilla NSS was updated to 3.14.1 containing various new features,\nsecurity fix and bugfixes :\n\n - MFSA 2013-20/CVE-2013-0743 (bmo#825022, bnc#796628)\n revoke mis-issued intermediate certificates from\n TURKTRUST\n\nCryptographic changes done :\n\n - Support for TLS 1.1 (RFC 4346)\n\n - Experimental support for DTLS 1.0 (RFC 4347) and\n DTLS-SRTP (RFC 5764)\n\n - Support for AES-CTR, AES-CTS, and AES-GCM\n\n - Support for Keying Material Exporters for TLS (RFC 5705)\n\n - Support for certificate signatures using the MD5 hash\n algorithm is now disabled by default\n\n - The NSS license has changed to MPL 2.0. Previous\n releases were released under a MPL 1.1/GPL 2.0/LGPL 2.1\n tri-license. For more information about MPL 2.0, please\n see http://www.mozilla.org/MPL/2.0/FAQ.html. For an\n additional explanation on GPL/LGPL compatibility, see\n security/nss/COPYING in the source code.\n\n - Export and DES cipher suites are disabled by default.\n Non-ECC AES and Triple DES cipher suites are enabled by\n default\n\nPlease see http://www.mozilla.org/security/announce/ for more\ninformation.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/MPL/2.0/FAQ.html.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=796628\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2013-01/msg00040.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected firefox / seamonkey / thunderbird packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Firefox 17.0.1 Flash Privileged Code Injection');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-branding-upstream\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-buildsymbols\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-buildsymbols\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:enigmail\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:enigmail-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreebl3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreebl3-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreebl3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreebl3-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsoftokn3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsoftokn3-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsoftokn3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsoftokn3-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-js\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-js-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-js-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-js-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nspr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nspr-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nspr-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nspr-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nspr-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nspr-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-certs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-certs-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-certs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-certs-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-dom-inspector\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-irc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-venkman\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xulrunner\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xulrunner-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xulrunner-buildsymbols\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xulrunner-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xulrunner-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xulrunner-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xulrunner-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xulrunner-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/01/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.1|SUSE12\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.1 / 12.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaFirefox-18.0-2.58.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaFirefox-branding-upstream-18.0-2.58.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaFirefox-buildsymbols-18.0-2.58.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaFirefox-debuginfo-18.0-2.58.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaFirefox-debugsource-18.0-2.58.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaFirefox-devel-18.0-2.58.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaFirefox-translations-common-18.0-2.58.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaFirefox-translations-other-18.0-2.58.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaThunderbird-17.0.2-33.47.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaThunderbird-buildsymbols-17.0.2-33.47.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaThunderbird-debuginfo-17.0.2-33.47.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaThunderbird-debugsource-17.0.2-33.47.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaThunderbird-devel-17.0.2-33.47.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaThunderbird-devel-debuginfo-17.0.2-33.47.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaThunderbird-translations-common-17.0.2-33.47.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaThunderbird-translations-other-17.0.2-33.47.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"enigmail-1.5.0+17.0.2-33.47.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"enigmail-debuginfo-1.5.0+17.0.2-33.47.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libfreebl3-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libfreebl3-debuginfo-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libsoftokn3-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libsoftokn3-debuginfo-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-js-17.0.2-2.53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-js-debuginfo-17.0.2-2.53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nspr-4.9.4-3.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nspr-debuginfo-4.9.4-3.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nspr-debugsource-4.9.4-3.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nspr-devel-4.9.4-3.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nss-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nss-certs-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nss-certs-debuginfo-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nss-debuginfo-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nss-debugsource-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nss-devel-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nss-sysinit-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nss-sysinit-debuginfo-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nss-tools-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nss-tools-debuginfo-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"seamonkey-2.15-2.49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"seamonkey-debuginfo-2.15-2.49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"seamonkey-debugsource-2.15-2.49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"seamonkey-dom-inspector-2.15-2.49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"seamonkey-irc-2.15-2.49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"seamonkey-translations-common-2.15-2.49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"seamonkey-translations-other-2.15-2.49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"seamonkey-venkman-2.15-2.49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"xulrunner-17.0.2-2.53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"xulrunner-buildsymbols-17.0.2-2.53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"xulrunner-debuginfo-17.0.2-2.53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"xulrunner-debugsource-17.0.2-2.53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"xulrunner-devel-17.0.2-2.53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"xulrunner-devel-debuginfo-17.0.2-2.53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"libfreebl3-32bit-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"libfreebl3-debuginfo-32bit-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"libsoftokn3-32bit-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"libsoftokn3-debuginfo-32bit-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"mozilla-js-32bit-17.0.2-2.53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"mozilla-js-debuginfo-32bit-17.0.2-2.53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"mozilla-nspr-32bit-4.9.4-3.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"mozilla-nspr-debuginfo-32bit-4.9.4-3.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"mozilla-nss-32bit-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"mozilla-nss-certs-32bit-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"mozilla-nss-certs-debuginfo-32bit-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"mozilla-nss-debuginfo-32bit-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"mozilla-nss-sysinit-32bit-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"mozilla-nss-sysinit-debuginfo-32bit-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"xulrunner-32bit-17.0.2-2.53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"xulrunner-debuginfo-32bit-17.0.2-2.53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaFirefox-18.0-2.29.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaFirefox-branding-upstream-18.0-2.29.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaFirefox-buildsymbols-18.0-2.29.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaFirefox-debuginfo-18.0-2.29.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaFirefox-debugsource-18.0-2.29.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaFirefox-devel-18.0-2.29.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaFirefox-translations-common-18.0-2.29.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaFirefox-translations-other-18.0-2.29.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaThunderbird-17.0.2-49.27.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaThunderbird-buildsymbols-17.0.2-49.27.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaThunderbird-debuginfo-17.0.2-49.27.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaThunderbird-debugsource-17.0.2-49.27.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaThunderbird-devel-17.0.2-49.27.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaThunderbird-devel-debuginfo-17.0.2-49.27.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaThunderbird-translations-common-17.0.2-49.27.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaThunderbird-translations-other-17.0.2-49.27.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"enigmail-1.5.0+17.0.2-49.27.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"enigmail-debuginfo-1.5.0+17.0.2-49.27.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"libfreebl3-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"libfreebl3-debuginfo-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"libsoftokn3-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"libsoftokn3-debuginfo-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-js-17.0.2-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-js-debuginfo-17.0.2-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-nspr-4.9.4-1.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-nspr-debuginfo-4.9.4-1.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-nspr-debugsource-4.9.4-1.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-nspr-devel-4.9.4-1.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-nss-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-nss-certs-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-nss-certs-debuginfo-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-nss-debuginfo-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-nss-debugsource-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-nss-devel-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-nss-sysinit-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-nss-sysinit-debuginfo-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-nss-tools-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-nss-tools-debuginfo-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"seamonkey-2.15-2.30.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"seamonkey-debuginfo-2.15-2.30.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"seamonkey-debugsource-2.15-2.30.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"seamonkey-dom-inspector-2.15-2.30.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"seamonkey-irc-2.15-2.30.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"seamonkey-translations-common-2.15-2.30.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"seamonkey-translations-other-2.15-2.30.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"seamonkey-venkman-2.15-2.30.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"xulrunner-17.0.2-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"xulrunner-buildsymbols-17.0.2-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"xulrunner-debuginfo-17.0.2-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"xulrunner-debugsource-17.0.2-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"xulrunner-devel-17.0.2-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"xulrunner-devel-debuginfo-17.0.2-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"libfreebl3-32bit-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"libfreebl3-debuginfo-32bit-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"libsoftokn3-32bit-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"libsoftokn3-debuginfo-32bit-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"mozilla-js-32bit-17.0.2-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"mozilla-js-debuginfo-32bit-17.0.2-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"mozilla-nspr-32bit-4.9.4-1.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"mozilla-nspr-debuginfo-32bit-4.9.4-1.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"mozilla-nss-32bit-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"mozilla-nss-certs-32bit-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"mozilla-nss-certs-debuginfo-32bit-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"mozilla-nss-debuginfo-32bit-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"mozilla-nss-sysinit-32bit-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"mozilla-nss-sysinit-debuginfo-32bit-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"xulrunner-32bit-17.0.2-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"xulrunner-debuginfo-32bit-17.0.2-2.26.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MozillaFirefox / MozillaFirefox-branding-upstream / etc\");\n}\n", "naslFamily": "SuSE Local Security Checks", "cpe": ["p-cpe:/a:novell:opensuse:MozillaFirefox-translations-common", "p-cpe:/a:novell:opensuse:mozilla-js", "p-cpe:/a:novell:opensuse:MozillaFirefox-buildsymbols", "p-cpe:/a:novell:opensuse:libfreebl3-debuginfo", "p-cpe:/a:novell:opensuse:mozilla-nss-tools-debuginfo", "p-cpe:/a:novell:opensuse:mozilla-nspr-debuginfo", "p-cpe:/a:novell:opensuse:libfreebl3", "p-cpe:/a:novell:opensuse:seamonkey-debugsource", "p-cpe:/a:novell:opensuse:libsoftokn3-32bit", "p-cpe:/a:novell:opensuse:mozilla-nss-certs", "p-cpe:/a:novell:opensuse:mozilla-nss-32bit", "p-cpe:/a:novell:opensuse:MozillaFirefox-debuginfo", "cpe:/o:novell:opensuse:12.1", "p-cpe:/a:novell:opensuse:libsoftokn3-debuginfo-32bit", "p-cpe:/a:novell:opensuse:MozillaThunderbird-debuginfo", "p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-other", "p-cpe:/a:novell:opensuse:MozillaThunderbird-debugsource", "p-cpe:/a:novell:opensuse:xulrunner-devel", "p-cpe:/a:novell:opensuse:MozillaFirefox-devel", "p-cpe:/a:novell:opensuse:mozilla-nss-debugsource", "p-cpe:/a:novell:opensuse:mozilla-nspr", "p-cpe:/a:novell:opensuse:MozillaThunderbird", "p-cpe:/a:novell:opensuse:seamonkey-debuginfo", "p-cpe:/a:novell:opensuse:MozillaThunderbird-buildsymbols", "p-cpe:/a:novell:opensuse:MozillaThunderbird-devel", "p-cpe:/a:novell:opensuse:seamonkey-dom-inspector", "p-cpe:/a:novell:opensuse:mozilla-nss-tools", "p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libsoftokn3", "p-cpe:/a:novell:opensuse:mozilla-nspr-32bit", "p-cpe:/a:novell:opensuse:MozillaThunderbird-devel-debuginfo", "p-cpe:/a:novell:opensuse:xulrunner-debuginfo", "p-cpe:/a:novell:opensuse:mozilla-nss", "p-cpe:/a:novell:opensuse:seamonkey-translations-other", "p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-debuginfo", "p-cpe:/a:novell:opensuse:mozilla-js-debuginfo-32bit", "p-cpe:/a:novell:opensuse:mozilla-nss-certs-debuginfo", "p-cpe:/a:novell:opensuse:mozilla-nss-certs-32bit", "p-cpe:/a:novell:opensuse:mozilla-nspr-debuginfo-32bit", "p-cpe:/a:novell:opensuse:seamonkey-venkman", "p-cpe:/a:novell:opensuse:mozilla-nss-debuginfo", "p-cpe:/a:novell:opensuse:MozillaFirefox-branding-upstream", "p-cpe:/a:novell:opensuse:xulrunner-32bit", "p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-32bit", "p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-common", "p-cpe:/a:novell:opensuse:mozilla-nss-certs-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libsoftokn3-debuginfo", "p-cpe:/a:novell:opensuse:xulrunner-debuginfo-32bit", "p-cpe:/a:novell:opensuse:xulrunner-debugsource", "p-cpe:/a:novell:opensuse:mozilla-js-32bit", "p-cpe:/a:novell:opensuse:seamonkey-translations-common", "p-cpe:/a:novell:opensuse:mozilla-nspr-devel", "p-cpe:/a:novell:opensuse:mozilla-js-debuginfo", "p-cpe:/a:novell:opensuse:xulrunner", "p-cpe:/a:novell:opensuse:mozilla-nss-debuginfo-32bit", "p-cpe:/a:novell:opensuse:seamonkey-irc", "p-cpe:/a:novell:opensuse:enigmail", "p-cpe:/a:novell:opensuse:mozilla-nss-sysinit", "p-cpe:/a:novell:opensuse:MozillaFirefox-translations-other", "p-cpe:/a:novell:opensuse:MozillaFirefox-debugsource", "p-cpe:/a:novell:opensuse:libfreebl3-debuginfo-32bit", "p-cpe:/a:novell:opensuse:MozillaFirefox", "p-cpe:/a:novell:opensuse:libfreebl3-32bit", "p-cpe:/a:novell:opensuse:mozilla-nss-devel", "p-cpe:/a:novell:opensuse:xulrunner-devel-debuginfo", "p-cpe:/a:novell:opensuse:xulrunner-buildsymbols", "p-cpe:/a:novell:opensuse:mozilla-nspr-debugsource", "p-cpe:/a:novell:opensuse:seamonkey", "cpe:/o:novell:opensuse:12.2", "p-cpe:/a:novell:opensuse:enigmail-debuginfo"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2018-11-13T17:09:09", "differentElements": ["modified", "references", "sourceData"], "edition": 2}, {"bulletin": {"id": "OPENSUSE-2013-17.NASL", "hash": "2c7bb5ef175549d869725e09b513d11d491cb9f2ef30d930784d779714f68e9a", "type": "nessus", "bulletinFamily": "scanner", "title": "openSUSE Security Update : firefox / seamonkey / thunderbird (openSUSE-SU-2013:0149-1)", "description": "The Mozilla January 8th 2013 security release contains updates :\n\nMozilla Firefox was updated to version 18.0. Mozilla SeaMonkey was updated to version 2.15. Mozilla Thunderbird was updated to version 17.0.2. Mozilla XULRunner was updated to version 17.0.2.\n\n - MFSA 2013-01/CVE-2013-0749/CVE-2013-0769/CVE-2013-0770 Miscellaneous memory safety hazards\n\n - MFSA 2013-02/CVE-2013-0760/CVE-2013-0762/CVE-2013-0766/CVE-20 13-0767 CVE-2013-0761/CVE-2013-0763/CVE-2013-0771/CVE-2012-5829 Use-after-free and buffer overflow issues found using Address Sanitizer\n\n - MFSA 2013-03/CVE-2013-0768 (bmo#815795) Buffer Overflow in Canvas\n\n - MFSA 2013-04/CVE-2012-0759 (bmo#802026) URL spoofing in addressbar during page loads\n\n - MFSA 2013-05/CVE-2013-0744 (bmo#814713) Use-after-free when displaying table with many columns and column groups\n\n - MFSA 2013-06/CVE-2013-0751 (bmo#790454) Touch events are shared across iframes\n\n - MFSA 2013-07/CVE-2013-0764 (bmo#804237) Crash due to handling of SSL on threads\n\n - MFSA 2013-08/CVE-2013-0745 (bmo#794158) AutoWrapperChanger fails to keep objects alive during garbage collection\n\n - MFSA 2013-09/CVE-2013-0746 (bmo#816842) Compartment mismatch with quickstubs returned values\n\n - MFSA 2013-10/CVE-2013-0747 (bmo#733305) Event manipulation in plugin handler to bypass same-origin policy\n\n - MFSA 2013-11/CVE-2013-0748 (bmo#806031) Address space layout leaked in XBL objects\n\n - MFSA 2013-12/CVE-2013-0750 (bmo#805121) Buffer overflow in JavaScript string concatenation\n\n - MFSA 2013-13/CVE-2013-0752 (bmo#805024) Memory corruption in XBL with XML bindings containing SVG\n\n - MFSA 2013-14/CVE-2013-0757 (bmo#813901) Chrome Object Wrapper (COW) bypass through changing prototype\n\n - MFSA 2013-15/CVE-2013-0758 (bmo#813906) Privilege escalation through plugin objects\n\n - MFSA 2013-16/CVE-2013-0753 (bmo#814001) Use-after-free in serializeToStream\n\n - MFSA 2013-17/CVE-2013-0754 (bmo#814026) Use-after-free in ListenerManager\n\n - MFSA 2013-18/CVE-2013-0755 (bmo#814027) Use-after-free in Vibrate\n\n - MFSA 2013-19/CVE-2013-0756 (bmo#814029) Use-after-free in JavaScript Proxy objects\n\nMozilla NSPR was updated to 4.9.4, containing some small bugfixes and new features.\n\nMozilla NSS was updated to 3.14.1 containing various new features, security fix and bugfixes :\n\n - MFSA 2013-20/CVE-2013-0743 (bmo#825022, bnc#796628) revoke mis-issued intermediate certificates from TURKTRUST\n\nCryptographic changes done :\n\n - Support for TLS 1.1 (RFC 4346)\n\n - Experimental support for DTLS 1.0 (RFC 4347) and DTLS-SRTP (RFC 5764)\n\n - Support for AES-CTR, AES-CTS, and AES-GCM\n\n - Support for Keying Material Exporters for TLS (RFC 5705)\n\n - Support for certificate signatures using the MD5 hash algorithm is now disabled by default\n\n - The NSS license has changed to MPL 2.0. Previous releases were released under a MPL 1.1/GPL 2.0/LGPL 2.1 tri-license. For more information about MPL 2.0, please see http://www.mozilla.org/MPL/2.0/FAQ.html. For an additional explanation on GPL/LGPL compatibility, see security/nss/COPYING in the source code.\n\n - Export and DES cipher suites are disabled by default.\n Non-ECC AES and Triple DES cipher suites are enabled by default\n\nPlease see http://www.mozilla.org/security/announce/ for more information.", "published": "2014-06-13T00:00:00", "modified": "2018-11-19T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=74918", "reporter": "Tenable", "references": ["https://www.mozilla.org/en-US/MPL/2.0/FAQ.html.", "https://bugzilla.novell.com/show_bug.cgi?id=796628", "https://www.mozilla.org/en-US/security/advisories/", "https://lists.opensuse.org/opensuse-updates/2013-01/msg00040.html"], "cvelist": ["CVE-2013-0763", "CVE-2013-0746", "CVE-2012-5829", "CVE-2013-0766", "CVE-2013-0747", "CVE-2013-0751", "CVE-2013-0744", "CVE-2013-0748", "CVE-2013-0768", "CVE-2013-0755", "CVE-2013-0752", "CVE-2013-0754", "CVE-2013-0769", "CVE-2013-0771", "CVE-2013-0757", "CVE-2013-0749", "CVE-2013-0761", "CVE-2012-0759", "CVE-2013-0745", "CVE-2013-0756", "CVE-2013-0760", "CVE-2013-0767", "CVE-2013-0762", "CVE-2013-0753", "CVE-2013-0750", "CVE-2013-0759", "CVE-2013-0770", "CVE-2013-0758", "CVE-2013-0764"], "immutableFields": [], "lastseen": "2019-02-21T01:21:29", "history": [], "viewCount": 0, "enchantments": {"dependencies": {"modified": "2019-02-21T01:21:29", "references": [{"idList": ["CVE-2013-0768", "CVE-2013-0769", "CVE-2013-0757", "CVE-2013-0749", "CVE-2013-0761", "CVE-2013-0756", "CVE-2013-0760", "CVE-2013-0767", "CVE-2013-0759", "CVE-2013-0770"], "type": "cve"}, {"idList": ["MFSA2013-02"], "type": "mozilla"}, {"idList": ["SECURITYVULNS:VULN:12816"], "type": "securityvulns"}, {"idList": ["ELSA-2013-0144", "ELSA-2013-0145"], "type": "oraclelinux"}, {"idList": ["RHSA-2013:0144", "RHSA-2013:0145"], "type": "redhat"}, {"idList": ["USN-1681-3", "USN-1681-4", "USN-1681-1", "USN-1681-2"], "type": "ubuntu"}, {"idList": ["SUSE-SU-2013:0048-1", "OPENSUSE-SU-2013:0131-1", "SUSE-SU-2013:0292-1", "OPENSUSE-SU-2013:0149-1", "SUSE-SU-2013:0049-1", "SUSE-SU-2013:0306-1"], "type": "suse"}, {"idList": ["OPENVAS:1361412562310841307", "OPENVAS:841289", "OPENVAS:850391", "OPENVAS:841272", "OPENVAS:1361412562310841289", "OPENVAS:841273", "OPENVAS:1361412562310841272", "OPENVAS:1361412562310841273", "OPENVAS:1361412562310850391", "OPENVAS:841307"], "type": "openvas"}, {"idList": ["CESA-2013:0145", "CESA-2013:0144"], "type": "centos"}, {"idList": ["A4ED6632-5AA9-11E2-8FCB-C8600054B392"], "type": "freebsd"}, {"idList": ["MOZILLA_FIREFOX_180.NASL", "MOZILLA_FIREFOX_10012.NASL", "UBUNTU_USN-1681-1.NASL", "SEAMONKEY_215.NASL", "SUSE_SU-2013-0306-1.NASL", "MACOSX_FIREFOX_18_0.NASL", "MOZILLA_THUNDERBIRD_1702.NASL", "UBUNTU_USN-1681-4.NASL", "UBUNTU_USN-1681-2.NASL", "UBUNTU_USN-1681-3.NASL"], "type": "nessus"}]}, "score": {"modified": "2019-02-21T01:21:29", "value": 10.1, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "74918", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2013-17.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(74918);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2018/11/19 11:02:42\");\n\n script_cve_id(\"CVE-2012-0759\", \"CVE-2012-5829\", \"CVE-2013-0744\", \"CVE-2013-0745\", \"CVE-2013-0746\", \"CVE-2013-0747\", \"CVE-2013-0748\", \"CVE-2013-0749\", \"CVE-2013-0750\", \"CVE-2013-0751\", \"CVE-2013-0752\", \"CVE-2013-0753\", \"CVE-2013-0754\", \"CVE-2013-0755\", \"CVE-2013-0756\", \"CVE-2013-0757\", \"CVE-2013-0758\", \"CVE-2013-0759\", \"CVE-2013-0760\", \"CVE-2013-0761\", \"CVE-2013-0762\", \"CVE-2013-0763\", \"CVE-2013-0764\", \"CVE-2013-0766\", \"CVE-2013-0767\", \"CVE-2013-0768\", \"CVE-2013-0769\", \"CVE-2013-0770\", \"CVE-2013-0771\");\n\n script_name(english:\"openSUSE Security Update : firefox / seamonkey / thunderbird (openSUSE-SU-2013:0149-1)\");\n script_summary(english:\"Check for the openSUSE-2013-17 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Mozilla January 8th 2013 security release contains updates :\n\nMozilla Firefox was updated to version 18.0. Mozilla SeaMonkey was\nupdated to version 2.15. Mozilla Thunderbird was updated to version\n17.0.2. Mozilla XULRunner was updated to version 17.0.2.\n\n - MFSA 2013-01/CVE-2013-0749/CVE-2013-0769/CVE-2013-0770\n Miscellaneous memory safety hazards\n\n - MFSA\n 2013-02/CVE-2013-0760/CVE-2013-0762/CVE-2013-0766/CVE-20\n 13-0767\n CVE-2013-0761/CVE-2013-0763/CVE-2013-0771/CVE-2012-5829\n Use-after-free and buffer overflow issues found using\n Address Sanitizer\n\n - MFSA 2013-03/CVE-2013-0768 (bmo#815795) Buffer Overflow\n in Canvas\n\n - MFSA 2013-04/CVE-2012-0759 (bmo#802026) URL spoofing in\n addressbar during page loads\n\n - MFSA 2013-05/CVE-2013-0744 (bmo#814713) Use-after-free\n when displaying table with many columns and column\n groups\n\n - MFSA 2013-06/CVE-2013-0751 (bmo#790454) Touch events are\n shared across iframes\n\n - MFSA 2013-07/CVE-2013-0764 (bmo#804237) Crash due to\n handling of SSL on threads\n\n - MFSA 2013-08/CVE-2013-0745 (bmo#794158)\n AutoWrapperChanger fails to keep objects alive during\n garbage collection\n\n - MFSA 2013-09/CVE-2013-0746 (bmo#816842) Compartment\n mismatch with quickstubs returned values\n\n - MFSA 2013-10/CVE-2013-0747 (bmo#733305) Event\n manipulation in plugin handler to bypass same-origin\n policy\n\n - MFSA 2013-11/CVE-2013-0748 (bmo#806031) Address space\n layout leaked in XBL objects\n\n - MFSA 2013-12/CVE-2013-0750 (bmo#805121) Buffer overflow\n in JavaScript string concatenation\n\n - MFSA 2013-13/CVE-2013-0752 (bmo#805024) Memory\n corruption in XBL with XML bindings containing SVG\n\n - MFSA 2013-14/CVE-2013-0757 (bmo#813901) Chrome Object\n Wrapper (COW) bypass through changing prototype\n\n - MFSA 2013-15/CVE-2013-0758 (bmo#813906) Privilege\n escalation through plugin objects\n\n - MFSA 2013-16/CVE-2013-0753 (bmo#814001) Use-after-free\n in serializeToStream\n\n - MFSA 2013-17/CVE-2013-0754 (bmo#814026) Use-after-free\n in ListenerManager\n\n - MFSA 2013-18/CVE-2013-0755 (bmo#814027) Use-after-free\n in Vibrate\n\n - MFSA 2013-19/CVE-2013-0756 (bmo#814029) Use-after-free\n in JavaScript Proxy objects\n\nMozilla NSPR was updated to 4.9.4, containing some small bugfixes and\nnew features.\n\nMozilla NSS was updated to 3.14.1 containing various new features,\nsecurity fix and bugfixes :\n\n - MFSA 2013-20/CVE-2013-0743 (bmo#825022, bnc#796628)\n revoke mis-issued intermediate certificates from\n TURKTRUST\n\nCryptographic changes done :\n\n - Support for TLS 1.1 (RFC 4346)\n\n - Experimental support for DTLS 1.0 (RFC 4347) and\n DTLS-SRTP (RFC 5764)\n\n - Support for AES-CTR, AES-CTS, and AES-GCM\n\n - Support for Keying Material Exporters for TLS (RFC 5705)\n\n - Support for certificate signatures using the MD5 hash\n algorithm is now disabled by default\n\n - The NSS license has changed to MPL 2.0. Previous\n releases were released under a MPL 1.1/GPL 2.0/LGPL 2.1\n tri-license. For more information about MPL 2.0, please\n see http://www.mozilla.org/MPL/2.0/FAQ.html. For an\n additional explanation on GPL/LGPL compatibility, see\n security/nss/COPYING in the source code.\n\n - Export and DES cipher suites are disabled by default.\n Non-ECC AES and Triple DES cipher suites are enabled by\n default\n\nPlease see http://www.mozilla.org/security/announce/ for more\ninformation.\"\n );\n # http://www.mozilla.org/MPL/2.0/FAQ.html.\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/MPL/2.0/FAQ.html.\"\n );\n # http://www.mozilla.org/security/announce/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=796628\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2013-01/msg00040.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected firefox / seamonkey / thunderbird packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Firefox 17.0.1 Flash Privileged Code Injection');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-branding-upstream\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-buildsymbols\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-buildsymbols\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:enigmail\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:enigmail-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreebl3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreebl3-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreebl3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreebl3-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsoftokn3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsoftokn3-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsoftokn3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsoftokn3-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-js\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-js-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-js-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-js-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nspr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nspr-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nspr-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nspr-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nspr-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nspr-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-certs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-certs-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-certs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-certs-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-dom-inspector\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-irc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-venkman\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xulrunner\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xulrunner-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xulrunner-buildsymbols\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xulrunner-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xulrunner-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xulrunner-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xulrunner-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xulrunner-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/01/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.1|SUSE12\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.1 / 12.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaFirefox-18.0-2.58.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaFirefox-branding-upstream-18.0-2.58.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaFirefox-buildsymbols-18.0-2.58.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaFirefox-debuginfo-18.0-2.58.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaFirefox-debugsource-18.0-2.58.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaFirefox-devel-18.0-2.58.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaFirefox-translations-common-18.0-2.58.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaFirefox-translations-other-18.0-2.58.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaThunderbird-17.0.2-33.47.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaThunderbird-buildsymbols-17.0.2-33.47.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaThunderbird-debuginfo-17.0.2-33.47.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaThunderbird-debugsource-17.0.2-33.47.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaThunderbird-devel-17.0.2-33.47.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaThunderbird-devel-debuginfo-17.0.2-33.47.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaThunderbird-translations-common-17.0.2-33.47.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaThunderbird-translations-other-17.0.2-33.47.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"enigmail-1.5.0+17.0.2-33.47.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"enigmail-debuginfo-1.5.0+17.0.2-33.47.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libfreebl3-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libfreebl3-debuginfo-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libsoftokn3-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libsoftokn3-debuginfo-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-js-17.0.2-2.53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-js-debuginfo-17.0.2-2.53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nspr-4.9.4-3.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nspr-debuginfo-4.9.4-3.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nspr-debugsource-4.9.4-3.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nspr-devel-4.9.4-3.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nss-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nss-certs-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nss-certs-debuginfo-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nss-debuginfo-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nss-debugsource-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nss-devel-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nss-sysinit-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nss-sysinit-debuginfo-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nss-tools-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nss-tools-debuginfo-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"seamonkey-2.15-2.49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"seamonkey-debuginfo-2.15-2.49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"seamonkey-debugsource-2.15-2.49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"seamonkey-dom-inspector-2.15-2.49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"seamonkey-irc-2.15-2.49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"seamonkey-translations-common-2.15-2.49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"seamonkey-translations-other-2.15-2.49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"seamonkey-venkman-2.15-2.49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"xulrunner-17.0.2-2.53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"xulrunner-buildsymbols-17.0.2-2.53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"xulrunner-debuginfo-17.0.2-2.53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"xulrunner-debugsource-17.0.2-2.53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"xulrunner-devel-17.0.2-2.53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"xulrunner-devel-debuginfo-17.0.2-2.53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"libfreebl3-32bit-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"libfreebl3-debuginfo-32bit-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"libsoftokn3-32bit-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"libsoftokn3-debuginfo-32bit-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"mozilla-js-32bit-17.0.2-2.53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"mozilla-js-debuginfo-32bit-17.0.2-2.53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"mozilla-nspr-32bit-4.9.4-3.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"mozilla-nspr-debuginfo-32bit-4.9.4-3.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"mozilla-nss-32bit-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"mozilla-nss-certs-32bit-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"mozilla-nss-certs-debuginfo-32bit-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"mozilla-nss-debuginfo-32bit-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"mozilla-nss-sysinit-32bit-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"mozilla-nss-sysinit-debuginfo-32bit-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"xulrunner-32bit-17.0.2-2.53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"xulrunner-debuginfo-32bit-17.0.2-2.53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaFirefox-18.0-2.29.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaFirefox-branding-upstream-18.0-2.29.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaFirefox-buildsymbols-18.0-2.29.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaFirefox-debuginfo-18.0-2.29.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaFirefox-debugsource-18.0-2.29.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaFirefox-devel-18.0-2.29.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaFirefox-translations-common-18.0-2.29.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaFirefox-translations-other-18.0-2.29.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaThunderbird-17.0.2-49.27.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaThunderbird-buildsymbols-17.0.2-49.27.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaThunderbird-debuginfo-17.0.2-49.27.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaThunderbird-debugsource-17.0.2-49.27.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaThunderbird-devel-17.0.2-49.27.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaThunderbird-devel-debuginfo-17.0.2-49.27.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaThunderbird-translations-common-17.0.2-49.27.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaThunderbird-translations-other-17.0.2-49.27.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"enigmail-1.5.0+17.0.2-49.27.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"enigmail-debuginfo-1.5.0+17.0.2-49.27.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"libfreebl3-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"libfreebl3-debuginfo-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"libsoftokn3-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"libsoftokn3-debuginfo-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-js-17.0.2-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-js-debuginfo-17.0.2-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-nspr-4.9.4-1.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-nspr-debuginfo-4.9.4-1.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-nspr-debugsource-4.9.4-1.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-nspr-devel-4.9.4-1.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-nss-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-nss-certs-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-nss-certs-debuginfo-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-nss-debuginfo-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-nss-debugsource-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-nss-devel-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-nss-sysinit-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-nss-sysinit-debuginfo-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-nss-tools-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-nss-tools-debuginfo-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"seamonkey-2.15-2.30.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"seamonkey-debuginfo-2.15-2.30.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"seamonkey-debugsource-2.15-2.30.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"seamonkey-dom-inspector-2.15-2.30.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"seamonkey-irc-2.15-2.30.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"seamonkey-translations-common-2.15-2.30.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"seamonkey-translations-other-2.15-2.30.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"seamonkey-venkman-2.15-2.30.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"xulrunner-17.0.2-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"xulrunner-buildsymbols-17.0.2-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"xulrunner-debuginfo-17.0.2-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"xulrunner-debugsource-17.0.2-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"xulrunner-devel-17.0.2-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"xulrunner-devel-debuginfo-17.0.2-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"libfreebl3-32bit-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"libfreebl3-debuginfo-32bit-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"libsoftokn3-32bit-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"libsoftokn3-debuginfo-32bit-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"mozilla-js-32bit-17.0.2-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"mozilla-js-debuginfo-32bit-17.0.2-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"mozilla-nspr-32bit-4.9.4-1.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"mozilla-nspr-debuginfo-32bit-4.9.4-1.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"mozilla-nss-32bit-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"mozilla-nss-certs-32bit-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"mozilla-nss-certs-debuginfo-32bit-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"mozilla-nss-debuginfo-32bit-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"mozilla-nss-sysinit-32bit-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"mozilla-nss-sysinit-debuginfo-32bit-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"xulrunner-32bit-17.0.2-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"xulrunner-debuginfo-32bit-17.0.2-2.26.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MozillaFirefox / MozillaFirefox-branding-upstream / etc\");\n}\n", "naslFamily": "SuSE Local Security Checks", "cpe": ["p-cpe:/a:novell:opensuse:MozillaFirefox-translations-common", "p-cpe:/a:novell:opensuse:mozilla-js", "p-cpe:/a:novell:opensuse:MozillaFirefox-buildsymbols", "p-cpe:/a:novell:opensuse:libfreebl3-debuginfo", "p-cpe:/a:novell:opensuse:mozilla-nss-tools-debuginfo", "p-cpe:/a:novell:opensuse:mozilla-nspr-debuginfo", "p-cpe:/a:novell:opensuse:libfreebl3", "p-cpe:/a:novell:opensuse:seamonkey-debugsource", "p-cpe:/a:novell:opensuse:libsoftokn3-32bit", "p-cpe:/a:novell:opensuse:mozilla-nss-certs", "p-cpe:/a:novell:opensuse:mozilla-nss-32bit", "p-cpe:/a:novell:opensuse:MozillaFirefox-debuginfo", "cpe:/o:novell:opensuse:12.1", "p-cpe:/a:novell:opensuse:libsoftokn3-debuginfo-32bit", "p-cpe:/a:novell:opensuse:MozillaThunderbird-debuginfo", "p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-other", "p-cpe:/a:novell:opensuse:MozillaThunderbird-debugsource", "p-cpe:/a:novell:opensuse:xulrunner-devel", "p-cpe:/a:novell:opensuse:MozillaFirefox-devel", "p-cpe:/a:novell:opensuse:mozilla-nss-debugsource", "p-cpe:/a:novell:opensuse:mozilla-nspr", "p-cpe:/a:novell:opensuse:MozillaThunderbird", "p-cpe:/a:novell:opensuse:seamonkey-debuginfo", "p-cpe:/a:novell:opensuse:MozillaThunderbird-buildsymbols", "p-cpe:/a:novell:opensuse:MozillaThunderbird-devel", "p-cpe:/a:novell:opensuse:seamonkey-dom-inspector", "p-cpe:/a:novell:opensuse:mozilla-nss-tools", "p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libsoftokn3", "p-cpe:/a:novell:opensuse:mozilla-nspr-32bit", "p-cpe:/a:novell:opensuse:MozillaThunderbird-devel-debuginfo", "p-cpe:/a:novell:opensuse:xulrunner-debuginfo", "p-cpe:/a:novell:opensuse:mozilla-nss", "p-cpe:/a:novell:opensuse:seamonkey-translations-other", "p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-debuginfo", "p-cpe:/a:novell:opensuse:mozilla-js-debuginfo-32bit", "p-cpe:/a:novell:opensuse:mozilla-nss-certs-debuginfo", "p-cpe:/a:novell:opensuse:mozilla-nss-certs-32bit", "p-cpe:/a:novell:opensuse:mozilla-nspr-debuginfo-32bit", "p-cpe:/a:novell:opensuse:seamonkey-venkman", "p-cpe:/a:novell:opensuse:mozilla-nss-debuginfo", "p-cpe:/a:novell:opensuse:MozillaFirefox-branding-upstream", "p-cpe:/a:novell:opensuse:xulrunner-32bit", "p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-32bit", "p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-common", "p-cpe:/a:novell:opensuse:mozilla-nss-certs-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libsoftokn3-debuginfo", "p-cpe:/a:novell:opensuse:xulrunner-debuginfo-32bit", "p-cpe:/a:novell:opensuse:xulrunner-debugsource", "p-cpe:/a:novell:opensuse:mozilla-js-32bit", "p-cpe:/a:novell:opensuse:seamonkey-translations-common", "p-cpe:/a:novell:opensuse:mozilla-nspr-devel", "p-cpe:/a:novell:opensuse:mozilla-js-debuginfo", "p-cpe:/a:novell:opensuse:xulrunner", "p-cpe:/a:novell:opensuse:mozilla-nss-debuginfo-32bit", "p-cpe:/a:novell:opensuse:seamonkey-irc", "p-cpe:/a:novell:opensuse:enigmail", "p-cpe:/a:novell:opensuse:mozilla-nss-sysinit", "p-cpe:/a:novell:opensuse:MozillaFirefox-translations-other", "p-cpe:/a:novell:opensuse:MozillaFirefox-debugsource", "p-cpe:/a:novell:opensuse:libfreebl3-debuginfo-32bit", "p-cpe:/a:novell:opensuse:MozillaFirefox", "p-cpe:/a:novell:opensuse:libfreebl3-32bit", "p-cpe:/a:novell:opensuse:mozilla-nss-devel", "p-cpe:/a:novell:opensuse:xulrunner-devel-debuginfo", "p-cpe:/a:novell:opensuse:xulrunner-buildsymbols", "p-cpe:/a:novell:opensuse:mozilla-nspr-debugsource", "p-cpe:/a:novell:opensuse:seamonkey", "cpe:/o:novell:opensuse:12.2", "p-cpe:/a:novell:opensuse:enigmail-debuginfo"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2019-02-21T01:21:29", "differentElements": ["cvelist", "cvss", "description", "href", "modified", "reporter"], "edition": 3}, {"bulletin": {"id": "OPENSUSE-2013-17.NASL", "hash": "f877cffa20e107e3bfef68ac840acb823416672863b8d745d9b0a09bc1d791b8", "type": "nessus", "bulletinFamily": "scanner", "title": "openSUSE Security Update : firefox / seamonkey / thunderbird (openSUSE-SU-2013:0149-1)", "description": "The Mozilla January 8th 2013 security release contains updates :\n\nMozilla Firefox was updated to version 18.0. Mozilla SeaMonkey was\nupdated to version 2.15. Mozilla Thunderbird was updated to version\n17.0.2. Mozilla XULRunner was updated to version 17.0.2.\n\n - MFSA 2013-01/CVE-2013-0749/CVE-2013-0769/CVE-2013-0770\n Miscellaneous memory safety hazards\n\n - MFSA\n 2013-02/CVE-2013-0760/CVE-2013-0762/CVE-2013-0766/CVE-20\n 13-0767\n CVE-2013-0761/CVE-2013-0763/CVE-2013-0771/CVE-2012-5829\n Use-after-free and buffer overflow issues found using\n Address Sanitizer\n\n - MFSA 2013-03/CVE-2013-0768 (bmo#815795) Buffer Overflow\n in Canvas\n\n - MFSA 2013-04/CVE-2012-0759 (bmo#802026) URL spoofing in\n addressbar during page loads\n\n - MFSA 2013-05/CVE-2013-0744 (bmo#814713) Use-after-free\n when displaying table with many columns and column\n groups\n\n - MFSA 2013-06/CVE-2013-0751 (bmo#790454) Touch events are\n shared across iframes\n\n - MFSA 2013-07/CVE-2013-0764 (bmo#804237) Crash due to\n handling of SSL on threads\n\n - MFSA 2013-08/CVE-2013-0745 (bmo#794158)\n AutoWrapperChanger fails to keep objects alive during\n garbage collection\n\n - MFSA 2013-09/CVE-2013-0746 (bmo#816842) Compartment\n mismatch with quickstubs returned values\n\n - MFSA 2013-10/CVE-2013-0747 (bmo#733305) Event\n manipulation in plugin handler to bypass same-origin\n policy\n\n - MFSA 2013-11/CVE-2013-0748 (bmo#806031) Address space\n layout leaked in XBL objects\n\n - MFSA 2013-12/CVE-2013-0750 (bmo#805121) Buffer overflow\n in JavaScript string concatenation\n\n - MFSA 2013-13/CVE-2013-0752 (bmo#805024) Memory\n corruption in XBL with XML bindings containing SVG\n\n - MFSA 2013-14/CVE-2013-0757 (bmo#813901) Chrome Object\n Wrapper (COW) bypass through changing prototype\n\n - MFSA 2013-15/CVE-2013-0758 (bmo#813906) Privilege\n escalation through plugin objects\n\n - MFSA 2013-16/CVE-2013-0753 (bmo#814001) Use-after-free\n in serializeToStream\n\n - MFSA 2013-17/CVE-2013-0754 (bmo#814026) Use-after-free\n in ListenerManager\n\n - MFSA 2013-18/CVE-2013-0755 (bmo#814027) Use-after-free\n in Vibrate\n\n - MFSA 2013-19/CVE-2013-0756 (bmo#814029) Use-after-free\n in JavaScript Proxy objects\n\nMozilla NSPR was updated to 4.9.4, containing some small bugfixes and\nnew features.\n\nMozilla NSS was updated to 3.14.1 containing various new features,\nsecurity fix and bugfixes :\n\n - MFSA 2013-20/CVE-2013-0743 (bmo#825022, bnc#796628)\n revoke mis-issued intermediate certificates from\n TURKTRUST\n\nCryptographic changes done :\n\n - Support for TLS 1.1 (RFC 4346)\n\n - Experimental support for DTLS 1.0 (RFC 4347) and\n DTLS-SRTP (RFC 5764)\n\n - Support for AES-CTR, AES-CTS, and AES-GCM\n\n - Support for Keying Material Exporters for TLS (RFC 5705)\n\n - Support for certificate signatures using the MD5 hash\n algorithm is now disabled by default\n\n - The NSS license has changed to MPL 2.0. Previous\n releases were released under a MPL 1.1/GPL 2.0/LGPL 2.1\n tri-license. For more information about MPL 2.0, please\n see http://www.mozilla.org/MPL/2.0/FAQ.html. For an\n additional explanation on GPL/LGPL compatibility, see\n security/nss/COPYING in the source code.\n\n - Export and DES cipher suites are disabled by default.\n Non-ECC AES and Triple DES cipher suites are enabled by\n default\n\nPlease see http://www.mozilla.org/security/announce/ for more\ninformation.", "published": "2014-06-13T00:00:00", "modified": "2020-06-02T00:00:00", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/74918", "reporter": "This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://www.mozilla.org/en-US/MPL/2.0/FAQ.html.", "https://bugzilla.novell.com/show_bug.cgi?id=796628", "https://www.mozilla.org/en-US/security/advisories/", "https://lists.opensuse.org/opensuse-updates/2013-01/msg00040.html"], "cvelist": ["CVE-2013-0743", "CVE-2013-0763", "CVE-2013-0746", "CVE-2012-5829", "CVE-2013-0766", "CVE-2013-0747", "CVE-2013-0751", "CVE-2013-0744", "CVE-2013-0748", "CVE-2013-0768", "CVE-2013-0755", "CVE-2013-0752", "CVE-2013-0754", "CVE-2013-0769", "CVE-2013-0771", "CVE-2013-0757", "CVE-2013-0749", "CVE-2013-0761", "CVE-2012-0759", "CVE-2013-0745", "CVE-2013-0756", "CVE-2013-0760", "CVE-2013-0767", "CVE-2013-0762", "CVE-2013-0753", "CVE-2013-0750", "CVE-2013-0759", "CVE-2013-0770", "CVE-2013-0758", "CVE-2013-0764"], "immutableFields": [], "lastseen": "2020-06-01T03:05:28", "history": [], "viewCount": 0, "enchantments": {"dependencies": {"modified": "2020-06-01T03:05:28", "references": [{"idList": ["MFSA2013-02"], "type": "mozilla"}, {"idList": ["SECURITYVULNS:VULN:12816"], "type": "securityvulns"}, {"idList": ["ELSA-2013-0144", "ELSA-2013-0145"], "type": "oraclelinux"}, {"idList": ["RHSA-2013:0144", "RHSA-2013:0145"], "type": "redhat"}, {"idList": ["USN-1681-3", "USN-1681-4", "USN-1681-1", "USN-1681-2"], "type": "ubuntu"}, {"idList": ["CVE-2013-0743", "CVE-2013-0766", "CVE-2013-0768", "CVE-2013-0769", "CVE-2013-0757", "CVE-2013-0761", "CVE-2013-0756", "CVE-2013-0767", "CVE-2013-0759", "CVE-2013-0770"], "type": "cve"}, {"idList": ["SUSE-SU-2013:0048-1", "OPENSUSE-SU-2013:0131-1", "SUSE-SU-2013:0292-1", "OPENSUSE-SU-2013:0149-1", "SUSE-SU-2013:0049-1", "SUSE-SU-2013:0306-1"], "type": "suse"}, {"idList": ["MOZILLA_FIREFOX_10012.NASL", "SUSE_SU-2013-0306-1.NASL", "MACOSX_FIREFOX_10_0_12.NASL", "SUSE_FIREFOX-201301-8426.NASL", "MACOSX_THUNDERBIRD_17_0_2.NASL", "FREEBSD_PKG_A4ED66325AA911E28FCBC8600054B392.NASL", "MACOSX_THUNDERBIRD_10_0_12.NASL", "MOZILLA_THUNDERBIRD_1702.NASL", "SUSE_11_FIREFOX-201301-130110.NASL", "MOZILLA_THUNDERBIRD_10012.NASL"], "type": "nessus"}, {"idList": ["OPENVAS:1361412562310841307", "OPENVAS:841289", "OPENVAS:850391", "OPENVAS:841272", "OPENVAS:1361412562310841289", "OPENVAS:841273", "OPENVAS:1361412562310841272", "OPENVAS:1361412562310841273", "OPENVAS:1361412562310850391", "OPENVAS:841307"], "type": "openvas"}, {"idList": ["CESA-2013:0145", "CESA-2013:0144"], "type": "centos"}, {"idList": ["A4ED6632-5AA9-11E2-8FCB-C8600054B392"], "type": "freebsd"}], "rev": 2}, "score": {"modified": "2020-06-01T03:05:28", "rev": 2, "value": 10.1, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "74918", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2013-17.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(74918);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2018/11/19 11:02:42\");\n\n script_cve_id(\"CVE-2012-0759\", \"CVE-2012-5829\", \"CVE-2013-0744\", \"CVE-2013-0745\", \"CVE-2013-0746\", \"CVE-2013-0747\", \"CVE-2013-0748\", \"CVE-2013-0749\", \"CVE-2013-0750\", \"CVE-2013-0751\", \"CVE-2013-0752\", \"CVE-2013-0753\", \"CVE-2013-0754\", \"CVE-2013-0755\", \"CVE-2013-0756\", \"CVE-2013-0757\", \"CVE-2013-0758\", \"CVE-2013-0759\", \"CVE-2013-0760\", \"CVE-2013-0761\", \"CVE-2013-0762\", \"CVE-2013-0763\", \"CVE-2013-0764\", \"CVE-2013-0766\", \"CVE-2013-0767\", \"CVE-2013-0768\", \"CVE-2013-0769\", \"CVE-2013-0770\", \"CVE-2013-0771\");\n\n script_name(english:\"openSUSE Security Update : firefox / seamonkey / thunderbird (openSUSE-SU-2013:0149-1)\");\n script_summary(english:\"Check for the openSUSE-2013-17 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Mozilla January 8th 2013 security release contains updates :\n\nMozilla Firefox was updated to version 18.0. Mozilla SeaMonkey was\nupdated to version 2.15. Mozilla Thunderbird was updated to version\n17.0.2. Mozilla XULRunner was updated to version 17.0.2.\n\n - MFSA 2013-01/CVE-2013-0749/CVE-2013-0769/CVE-2013-0770\n Miscellaneous memory safety hazards\n\n - MFSA\n 2013-02/CVE-2013-0760/CVE-2013-0762/CVE-2013-0766/CVE-20\n 13-0767\n CVE-2013-0761/CVE-2013-0763/CVE-2013-0771/CVE-2012-5829\n Use-after-free and buffer overflow issues found using\n Address Sanitizer\n\n - MFSA 2013-03/CVE-2013-0768 (bmo#815795) Buffer Overflow\n in Canvas\n\n - MFSA 2013-04/CVE-2012-0759 (bmo#802026) URL spoofing in\n addressbar during page loads\n\n - MFSA 2013-05/CVE-2013-0744 (bmo#814713) Use-after-free\n when displaying table with many columns and column\n groups\n\n - MFSA 2013-06/CVE-2013-0751 (bmo#790454) Touch events are\n shared across iframes\n\n - MFSA 2013-07/CVE-2013-0764 (bmo#804237) Crash due to\n handling of SSL on threads\n\n - MFSA 2013-08/CVE-2013-0745 (bmo#794158)\n AutoWrapperChanger fails to keep objects alive during\n garbage collection\n\n - MFSA 2013-09/CVE-2013-0746 (bmo#816842) Compartment\n mismatch with quickstubs returned values\n\n - MFSA 2013-10/CVE-2013-0747 (bmo#733305) Event\n manipulation in plugin handler to bypass same-origin\n policy\n\n - MFSA 2013-11/CVE-2013-0748 (bmo#806031) Address space\n layout leaked in XBL objects\n\n - MFSA 2013-12/CVE-2013-0750 (bmo#805121) Buffer overflow\n in JavaScript string concatenation\n\n - MFSA 2013-13/CVE-2013-0752 (bmo#805024) Memory\n corruption in XBL with XML bindings containing SVG\n\n - MFSA 2013-14/CVE-2013-0757 (bmo#813901) Chrome Object\n Wrapper (COW) bypass through changing prototype\n\n - MFSA 2013-15/CVE-2013-0758 (bmo#813906) Privilege\n escalation through plugin objects\n\n - MFSA 2013-16/CVE-2013-0753 (bmo#814001) Use-after-free\n in serializeToStream\n\n - MFSA 2013-17/CVE-2013-0754 (bmo#814026) Use-after-free\n in ListenerManager\n\n - MFSA 2013-18/CVE-2013-0755 (bmo#814027) Use-after-free\n in Vibrate\n\n - MFSA 2013-19/CVE-2013-0756 (bmo#814029) Use-after-free\n in JavaScript Proxy objects\n\nMozilla NSPR was updated to 4.9.4, containing some small bugfixes and\nnew features.\n\nMozilla NSS was updated to 3.14.1 containing various new features,\nsecurity fix and bugfixes :\n\n - MFSA 2013-20/CVE-2013-0743 (bmo#825022, bnc#796628)\n revoke mis-issued intermediate certificates from\n TURKTRUST\n\nCryptographic changes done :\n\n - Support for TLS 1.1 (RFC 4346)\n\n - Experimental support for DTLS 1.0 (RFC 4347) and\n DTLS-SRTP (RFC 5764)\n\n - Support for AES-CTR, AES-CTS, and AES-GCM\n\n - Support for Keying Material Exporters for TLS (RFC 5705)\n\n - Support for certificate signatures using the MD5 hash\n algorithm is now disabled by default\n\n - The NSS license has changed to MPL 2.0. Previous\n releases were released under a MPL 1.1/GPL 2.0/LGPL 2.1\n tri-license. For more information about MPL 2.0, please\n see http://www.mozilla.org/MPL/2.0/FAQ.html. For an\n additional explanation on GPL/LGPL compatibility, see\n security/nss/COPYING in the source code.\n\n - Export and DES cipher suites are disabled by default.\n Non-ECC AES and Triple DES cipher suites are enabled by\n default\n\nPlease see http://www.mozilla.org/security/announce/ for more\ninformation.\"\n );\n # http://www.mozilla.org/MPL/2.0/FAQ.html.\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/MPL/2.0/FAQ.html.\"\n );\n # http://www.mozilla.org/security/announce/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=796628\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2013-01/msg00040.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected firefox / seamonkey / thunderbird packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Firefox 17.0.1 Flash Privileged Code Injection');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-branding-upstream\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-buildsymbols\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-buildsymbols\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:enigmail\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:enigmail-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreebl3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreebl3-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreebl3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreebl3-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsoftokn3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsoftokn3-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsoftokn3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsoftokn3-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-js\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-js-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-js-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-js-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nspr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nspr-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nspr-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nspr-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nspr-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nspr-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-certs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-certs-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-certs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-certs-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-dom-inspector\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-irc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-venkman\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xulrunner\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xulrunner-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xulrunner-buildsymbols\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xulrunner-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xulrunner-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xulrunner-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xulrunner-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xulrunner-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/01/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.1|SUSE12\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.1 / 12.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaFirefox-18.0-2.58.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaFirefox-branding-upstream-18.0-2.58.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaFirefox-buildsymbols-18.0-2.58.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaFirefox-debuginfo-18.0-2.58.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaFirefox-debugsource-18.0-2.58.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaFirefox-devel-18.0-2.58.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaFirefox-translations-common-18.0-2.58.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaFirefox-translations-other-18.0-2.58.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaThunderbird-17.0.2-33.47.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaThunderbird-buildsymbols-17.0.2-33.47.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaThunderbird-debuginfo-17.0.2-33.47.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaThunderbird-debugsource-17.0.2-33.47.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaThunderbird-devel-17.0.2-33.47.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaThunderbird-devel-debuginfo-17.0.2-33.47.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaThunderbird-translations-common-17.0.2-33.47.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaThunderbird-translations-other-17.0.2-33.47.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"enigmail-1.5.0+17.0.2-33.47.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"enigmail-debuginfo-1.5.0+17.0.2-33.47.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libfreebl3-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libfreebl3-debuginfo-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libsoftokn3-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libsoftokn3-debuginfo-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-js-17.0.2-2.53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-js-debuginfo-17.0.2-2.53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nspr-4.9.4-3.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nspr-debuginfo-4.9.4-3.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nspr-debugsource-4.9.4-3.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nspr-devel-4.9.4-3.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nss-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nss-certs-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nss-certs-debuginfo-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nss-debuginfo-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nss-debugsource-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nss-devel-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nss-sysinit-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nss-sysinit-debuginfo-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nss-tools-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nss-tools-debuginfo-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"seamonkey-2.15-2.49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"seamonkey-debuginfo-2.15-2.49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"seamonkey-debugsource-2.15-2.49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"seamonkey-dom-inspector-2.15-2.49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"seamonkey-irc-2.15-2.49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"seamonkey-translations-common-2.15-2.49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"seamonkey-translations-other-2.15-2.49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"seamonkey-venkman-2.15-2.49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"xulrunner-17.0.2-2.53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"xulrunner-buildsymbols-17.0.2-2.53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"xulrunner-debuginfo-17.0.2-2.53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"xulrunner-debugsource-17.0.2-2.53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"xulrunner-devel-17.0.2-2.53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"xulrunner-devel-debuginfo-17.0.2-2.53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"libfreebl3-32bit-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"libfreebl3-debuginfo-32bit-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"libsoftokn3-32bit-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"libsoftokn3-debuginfo-32bit-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"mozilla-js-32bit-17.0.2-2.53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"mozilla-js-debuginfo-32bit-17.0.2-2.53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"mozilla-nspr-32bit-4.9.4-3.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"mozilla-nspr-debuginfo-32bit-4.9.4-3.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"mozilla-nss-32bit-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"mozilla-nss-certs-32bit-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"mozilla-nss-certs-debuginfo-32bit-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"mozilla-nss-debuginfo-32bit-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"mozilla-nss-sysinit-32bit-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"mozilla-nss-sysinit-debuginfo-32bit-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"xulrunner-32bit-17.0.2-2.53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"xulrunner-debuginfo-32bit-17.0.2-2.53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaFirefox-18.0-2.29.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaFirefox-branding-upstream-18.0-2.29.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaFirefox-buildsymbols-18.0-2.29.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaFirefox-debuginfo-18.0-2.29.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaFirefox-debugsource-18.0-2.29.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaFirefox-devel-18.0-2.29.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaFirefox-translations-common-18.0-2.29.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaFirefox-translations-other-18.0-2.29.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaThunderbird-17.0.2-49.27.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaThunderbird-buildsymbols-17.0.2-49.27.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaThunderbird-debuginfo-17.0.2-49.27.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaThunderbird-debugsource-17.0.2-49.27.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaThunderbird-devel-17.0.2-49.27.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaThunderbird-devel-debuginfo-17.0.2-49.27.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaThunderbird-translations-common-17.0.2-49.27.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaThunderbird-translations-other-17.0.2-49.27.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"enigmail-1.5.0+17.0.2-49.27.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"enigmail-debuginfo-1.5.0+17.0.2-49.27.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"libfreebl3-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"libfreebl3-debuginfo-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"libsoftokn3-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"libsoftokn3-debuginfo-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-js-17.0.2-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-js-debuginfo-17.0.2-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-nspr-4.9.4-1.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-nspr-debuginfo-4.9.4-1.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-nspr-debugsource-4.9.4-1.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-nspr-devel-4.9.4-1.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-nss-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-nss-certs-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-nss-certs-debuginfo-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-nss-debuginfo-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-nss-debugsource-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-nss-devel-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-nss-sysinit-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-nss-sysinit-debuginfo-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-nss-tools-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-nss-tools-debuginfo-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"seamonkey-2.15-2.30.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"seamonkey-debuginfo-2.15-2.30.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"seamonkey-debugsource-2.15-2.30.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"seamonkey-dom-inspector-2.15-2.30.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"seamonkey-irc-2.15-2.30.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"seamonkey-translations-common-2.15-2.30.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"seamonkey-translations-other-2.15-2.30.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"seamonkey-venkman-2.15-2.30.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"xulrunner-17.0.2-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"xulrunner-buildsymbols-17.0.2-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"xulrunner-debuginfo-17.0.2-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"xulrunner-debugsource-17.0.2-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"xulrunner-devel-17.0.2-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"xulrunner-devel-debuginfo-17.0.2-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"libfreebl3-32bit-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"libfreebl3-debuginfo-32bit-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"libsoftokn3-32bit-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"libsoftokn3-debuginfo-32bit-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"mozilla-js-32bit-17.0.2-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"mozilla-js-debuginfo-32bit-17.0.2-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"mozilla-nspr-32bit-4.9.4-1.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"mozilla-nspr-debuginfo-32bit-4.9.4-1.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"mozilla-nss-32bit-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"mozilla-nss-certs-32bit-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"mozilla-nss-certs-debuginfo-32bit-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"mozilla-nss-debuginfo-32bit-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"mozilla-nss-sysinit-32bit-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"mozilla-nss-sysinit-debuginfo-32bit-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"xulrunner-32bit-17.0.2-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"xulrunner-debuginfo-32bit-17.0.2-2.26.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MozillaFirefox / MozillaFirefox-branding-upstream / etc\");\n}\n", "naslFamily": "SuSE Local Security Checks", "cpe": ["p-cpe:/a:novell:opensuse:MozillaFirefox-translations-common", "p-cpe:/a:novell:opensuse:mozilla-js", "p-cpe:/a:novell:opensuse:MozillaFirefox-buildsymbols", "p-cpe:/a:novell:opensuse:libfreebl3-debuginfo", "p-cpe:/a:novell:opensuse:mozilla-nss-tools-debuginfo", "p-cpe:/a:novell:opensuse:mozilla-nspr-debuginfo", "p-cpe:/a:novell:opensuse:libfreebl3", "p-cpe:/a:novell:opensuse:seamonkey-debugsource", "p-cpe:/a:novell:opensuse:libsoftokn3-32bit", "p-cpe:/a:novell:opensuse:mozilla-nss-certs", "p-cpe:/a:novell:opensuse:mozilla-nss-32bit", "p-cpe:/a:novell:opensuse:MozillaFirefox-debuginfo", "cpe:/o:novell:opensuse:12.1", "p-cpe:/a:novell:opensuse:libsoftokn3-debuginfo-32bit", "p-cpe:/a:novell:opensuse:MozillaThunderbird-debuginfo", "p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-other", "p-cpe:/a:novell:opensuse:MozillaThunderbird-debugsource", "p-cpe:/a:novell:opensuse:xulrunner-devel", "p-cpe:/a:novell:opensuse:MozillaFirefox-devel", "p-cpe:/a:novell:opensuse:mozilla-nss-debugsource", "p-cpe:/a:novell:opensuse:mozilla-nspr", "p-cpe:/a:novell:opensuse:MozillaThunderbird", "p-cpe:/a:novell:opensuse:seamonkey-debuginfo", "p-cpe:/a:novell:opensuse:MozillaThunderbird-buildsymbols", "p-cpe:/a:novell:opensuse:MozillaThunderbird-devel", "p-cpe:/a:novell:opensuse:seamonkey-dom-inspector", "p-cpe:/a:novell:opensuse:mozilla-nss-tools", "p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libsoftokn3", "p-cpe:/a:novell:opensuse:mozilla-nspr-32bit", "p-cpe:/a:novell:opensuse:MozillaThunderbird-devel-debuginfo", "p-cpe:/a:novell:opensuse:xulrunner-debuginfo", "p-cpe:/a:novell:opensuse:mozilla-nss", "p-cpe:/a:novell:opensuse:seamonkey-translations-other", "p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-debuginfo", "p-cpe:/a:novell:opensuse:mozilla-js-debuginfo-32bit", "p-cpe:/a:novell:opensuse:mozilla-nss-certs-debuginfo", "p-cpe:/a:novell:opensuse:mozilla-nss-certs-32bit", "p-cpe:/a:novell:opensuse:mozilla-nspr-debuginfo-32bit", "p-cpe:/a:novell:opensuse:seamonkey-venkman", "p-cpe:/a:novell:opensuse:mozilla-nss-debuginfo", "p-cpe:/a:novell:opensuse:MozillaFirefox-branding-upstream", "p-cpe:/a:novell:opensuse:xulrunner-32bit", "p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-32bit", "p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-common", "p-cpe:/a:novell:opensuse:mozilla-nss-certs-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libsoftokn3-debuginfo", "p-cpe:/a:novell:opensuse:xulrunner-debuginfo-32bit", "p-cpe:/a:novell:opensuse:xulrunner-debugsource", "p-cpe:/a:novell:opensuse:mozilla-js-32bit", "p-cpe:/a:novell:opensuse:seamonkey-translations-common", "p-cpe:/a:novell:opensuse:mozilla-nspr-devel", "p-cpe:/a:novell:opensuse:mozilla-js-debuginfo", "p-cpe:/a:novell:opensuse:xulrunner", "p-cpe:/a:novell:opensuse:mozilla-nss-debuginfo-32bit", "p-cpe:/a:novell:opensuse:seamonkey-irc", "p-cpe:/a:novell:opensuse:enigmail", "p-cpe:/a:novell:opensuse:mozilla-nss-sysinit", "p-cpe:/a:novell:opensuse:MozillaFirefox-translations-other", "p-cpe:/a:novell:opensuse:MozillaFirefox-debugsource", "p-cpe:/a:novell:opensuse:libfreebl3-debuginfo-32bit", "p-cpe:/a:novell:opensuse:MozillaFirefox", "p-cpe:/a:novell:opensuse:libfreebl3-32bit", "p-cpe:/a:novell:opensuse:mozilla-nss-devel", "p-cpe:/a:novell:opensuse:xulrunner-devel-debuginfo", "p-cpe:/a:novell:opensuse:xulrunner-buildsymbols", "p-cpe:/a:novell:opensuse:mozilla-nspr-debugsource", "p-cpe:/a:novell:opensuse:seamonkey", "cpe:/o:novell:opensuse:12.2", "p-cpe:/a:novell:opensuse:enigmail-debuginfo"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2020-06-01T03:05:28", "differentElements": ["cvss2", "modified", "reporter", "sourceData"], "edition": 4}, {"bulletin": {"id": "OPENSUSE-2013-17.NASL", "hash": "c16dbe0d6bcc9951153c7aaea6183934", "type": "nessus", "bulletinFamily": "scanner", "title": "openSUSE Security Update : firefox / seamonkey / thunderbird (openSUSE-SU-2013:0149-1)", "description": "The Mozilla January 8th 2013 security release contains updates :\n\nMozilla Firefox was updated to version 18.0. Mozilla SeaMonkey was\nupdated to version 2.15. Mozilla Thunderbird was updated to version\n17.0.2. Mozilla XULRunner was updated to version 17.0.2.\n\n - MFSA 2013-01/CVE-2013-0749/CVE-2013-0769/CVE-2013-0770\n Miscellaneous memory safety hazards\n\n - MFSA\n 2013-02/CVE-2013-0760/CVE-2013-0762/CVE-2013-0766/CVE-20\n 13-0767\n CVE-2013-0761/CVE-2013-0763/CVE-2013-0771/CVE-2012-5829\n Use-after-free and buffer overflow issues found using\n Address Sanitizer\n\n - MFSA 2013-03/CVE-2013-0768 (bmo#815795) Buffer Overflow\n in Canvas\n\n - MFSA 2013-04/CVE-2012-0759 (bmo#802026) URL spoofing in\n addressbar during page loads\n\n - MFSA 2013-05/CVE-2013-0744 (bmo#814713) Use-after-free\n when displaying table with many columns and column\n groups\n\n - MFSA 2013-06/CVE-2013-0751 (bmo#790454) Touch events are\n shared across iframes\n\n - MFSA 2013-07/CVE-2013-0764 (bmo#804237) Crash due to\n handling of SSL on threads\n\n - MFSA 2013-08/CVE-2013-0745 (bmo#794158)\n AutoWrapperChanger fails to keep objects alive during\n garbage collection\n\n - MFSA 2013-09/CVE-2013-0746 (bmo#816842) Compartment\n mismatch with quickstubs returned values\n\n - MFSA 2013-10/CVE-2013-0747 (bmo#733305) Event\n manipulation in plugin handler to bypass same-origin\n policy\n\n - MFSA 2013-11/CVE-2013-0748 (bmo#806031) Address space\n layout leaked in XBL objects\n\n - MFSA 2013-12/CVE-2013-0750 (bmo#805121) Buffer overflow\n in JavaScript string concatenation\n\n - MFSA 2013-13/CVE-2013-0752 (bmo#805024) Memory\n corruption in XBL with XML bindings containing SVG\n\n - MFSA 2013-14/CVE-2013-0757 (bmo#813901) Chrome Object\n Wrapper (COW) bypass through changing prototype\n\n - MFSA 2013-15/CVE-2013-0758 (bmo#813906) Privilege\n escalation through plugin objects\n\n - MFSA 2013-16/CVE-2013-0753 (bmo#814001) Use-after-free\n in serializeToStream\n\n - MFSA 2013-17/CVE-2013-0754 (bmo#814026) Use-after-free\n in ListenerManager\n\n - MFSA 2013-18/CVE-2013-0755 (bmo#814027) Use-after-free\n in Vibrate\n\n - MFSA 2013-19/CVE-2013-0756 (bmo#814029) Use-after-free\n in JavaScript Proxy objects\n\nMozilla NSPR was updated to 4.9.4, containing some small bugfixes and\nnew features.\n\nMozilla NSS was updated to 3.14.1 containing various new features,\nsecurity fix and bugfixes :\n\n - MFSA 2013-20/CVE-2013-0743 (bmo#825022, bnc#796628)\n revoke mis-issued intermediate certificates from\n TURKTRUST\n\nCryptographic changes done :\n\n - Support for TLS 1.1 (RFC 4346)\n\n - Experimental support for DTLS 1.0 (RFC 4347) and\n DTLS-SRTP (RFC 5764)\n\n - Support for AES-CTR, AES-CTS, and AES-GCM\n\n - Support for Keying Material Exporters for TLS (RFC 5705)\n\n - Support for certificate signatures using the MD5 hash\n algorithm is now disabled by default\n\n - The NSS license has changed to MPL 2.0. Previous\n releases were released under a MPL 1.1/GPL 2.0/LGPL 2.1\n tri-license. For more information about MPL 2.0, please\n see http://www.mozilla.org/MPL/2.0/FAQ.html. For an\n additional explanation on GPL/LGPL compatibility, see\n security/nss/COPYING in the source code.\n\n - Export and DES cipher suites are disabled by default.\n Non-ECC AES and Triple DES cipher suites are enabled by\n default\n\nPlease see http://www.mozilla.org/security/announce/ for more\ninformation.", "published": "2014-06-13T00:00:00", "modified": "2014-06-13T00:00:00", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/74918", "reporter": "This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://www.mozilla.org/en-US/MPL/2.0/FAQ.html.", "https://bugzilla.novell.com/show_bug.cgi?id=796628", "https://www.mozilla.org/en-US/security/advisories/", "https://lists.opensuse.org/opensuse-updates/2013-01/msg00040.html"], "cvelist": ["CVE-2013-0743", "CVE-2013-0763", "CVE-2013-0746", "CVE-2012-5829", "CVE-2013-0766", "CVE-2013-0747", "CVE-2013-0751", "CVE-2013-0744", "CVE-2013-0748", "CVE-2013-0768", "CVE-2013-0755", "CVE-2013-0752", "CVE-2013-0754", "CVE-2013-0769", "CVE-2013-0771", "CVE-2013-0757", "CVE-2013-0749", "CVE-2013-0761", "CVE-2012-0759", "CVE-2013-0745", "CVE-2013-0756", "CVE-2013-0760", "CVE-2013-0767", "CVE-2013-0762", "CVE-2013-0753", "CVE-2013-0750", "CVE-2013-0759", "CVE-2013-0770", "CVE-2013-0758", "CVE-2013-0764"], "immutableFields": [], "lastseen": "2021-01-20T12:26:15", "history": [], "viewCount": 0, "enchantments": {"dependencies": {"modified": "2021-01-20T12:26:15", "references": [{"idList": ["MFSA2013-02"], "type": "mozilla"}, {"idList": ["SECURITYVULNS:VULN:12816"], "type": "securityvulns"}, {"idList": ["ELSA-2013-0144", "ELSA-2013-0145"], "type": "oraclelinux"}, {"idList": ["UB:CVE-2013-0756", "UB:CVE-2013-0761"], "type": "ubuntucve"}, {"idList": ["RHSA-2013:0144", "RHSA-2013:0145"], "type": "redhat"}, {"idList": ["USN-1681-3", "USN-1681-4", "USN-1681-1", "USN-1681-2"], "type": "ubuntu"}, {"idList": ["MOZILLA_FIREFOX_180.NASL", "UBUNTU_USN-1681-1.NASL", "SEAMONKEY_215.NASL", "SUSE_SU-2013-0306-1.NASL", "MACOSX_FIREFOX_18_0.NASL", "SUSE_FIREFOX-201301-8426.NASL", "FREEBSD_PKG_A4ED66325AA911E28FCBC8600054B392.NASL", "SUSE_11_FIREFOX-201301-130110.NASL", "UBUNTU_USN-1681-2.NASL", "UBUNTU_USN-1681-3.NASL"], "type": "nessus"}, {"idList": ["CVE-2013-0761", "CVE-2012-0759", "CVE-2013-0756"], "type": "cve"}, {"idList": ["SUSE-SU-2013:0048-1", "OPENSUSE-SU-2013:0131-1", "SUSE-SU-2013:0292-1", "OPENSUSE-SU-2013:0149-1", "SUSE-SU-2013:0049-1", "SUSE-SU-2013:0306-1"], "type": "suse"}, {"idList": ["OPENVAS:1361412562310841307", "OPENVAS:841289", "OPENVAS:850391", "OPENVAS:841272", "OPENVAS:1361412562310841289", "OPENVAS:841273", "OPENVAS:1361412562310841272", "OPENVAS:1361412562310841273", "OPENVAS:1361412562310850391", "OPENVAS:841307"], "type": "openvas"}, {"idList": ["MSF:ILITIES/LINUXRPM-RHSA-2013-0144/", "MSF:ILITIES/LINUXRPM-RHSA-2013-0145/"], "type": "metasploit"}, {"idList": ["CESA-2013:0145", "CESA-2013:0144"], "type": "centos"}, {"idList": ["A4ED6632-5AA9-11E2-8FCB-C8600054B392"], "type": "freebsd"}], "rev": 2}, "score": {"modified": "2021-01-20T12:26:15", "rev": 2, "value": 9.7, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "74918", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2013-17.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(74918);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2012-0759\", \"CVE-2012-5829\", \"CVE-2013-0744\", \"CVE-2013-0745\", \"CVE-2013-0746\", \"CVE-2013-0747\", \"CVE-2013-0748\", \"CVE-2013-0749\", \"CVE-2013-0750\", \"CVE-2013-0751\", \"CVE-2013-0752\", \"CVE-2013-0753\", \"CVE-2013-0754\", \"CVE-2013-0755\", \"CVE-2013-0756\", \"CVE-2013-0757\", \"CVE-2013-0758\", \"CVE-2013-0759\", \"CVE-2013-0760\", \"CVE-2013-0761\", \"CVE-2013-0762\", \"CVE-2013-0763\", \"CVE-2013-0764\", \"CVE-2013-0766\", \"CVE-2013-0767\", \"CVE-2013-0768\", \"CVE-2013-0769\", \"CVE-2013-0770\", \"CVE-2013-0771\");\n\n script_name(english:\"openSUSE Security Update : firefox / seamonkey / thunderbird (openSUSE-SU-2013:0149-1)\");\n script_summary(english:\"Check for the openSUSE-2013-17 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Mozilla January 8th 2013 security release contains updates :\n\nMozilla Firefox was updated to version 18.0. Mozilla SeaMonkey was\nupdated to version 2.15. Mozilla Thunderbird was updated to version\n17.0.2. Mozilla XULRunner was updated to version 17.0.2.\n\n - MFSA 2013-01/CVE-2013-0749/CVE-2013-0769/CVE-2013-0770\n Miscellaneous memory safety hazards\n\n - MFSA\n 2013-02/CVE-2013-0760/CVE-2013-0762/CVE-2013-0766/CVE-20\n 13-0767\n CVE-2013-0761/CVE-2013-0763/CVE-2013-0771/CVE-2012-5829\n Use-after-free and buffer overflow issues found using\n Address Sanitizer\n\n - MFSA 2013-03/CVE-2013-0768 (bmo#815795) Buffer Overflow\n in Canvas\n\n - MFSA 2013-04/CVE-2012-0759 (bmo#802026) URL spoofing in\n addressbar during page loads\n\n - MFSA 2013-05/CVE-2013-0744 (bmo#814713) Use-after-free\n when displaying table with many columns and column\n groups\n\n - MFSA 2013-06/CVE-2013-0751 (bmo#790454) Touch events are\n shared across iframes\n\n - MFSA 2013-07/CVE-2013-0764 (bmo#804237) Crash due to\n handling of SSL on threads\n\n - MFSA 2013-08/CVE-2013-0745 (bmo#794158)\n AutoWrapperChanger fails to keep objects alive during\n garbage collection\n\n - MFSA 2013-09/CVE-2013-0746 (bmo#816842) Compartment\n mismatch with quickstubs returned values\n\n - MFSA 2013-10/CVE-2013-0747 (bmo#733305) Event\n manipulation in plugin handler to bypass same-origin\n policy\n\n - MFSA 2013-11/CVE-2013-0748 (bmo#806031) Address space\n layout leaked in XBL objects\n\n - MFSA 2013-12/CVE-2013-0750 (bmo#805121) Buffer overflow\n in JavaScript string concatenation\n\n - MFSA 2013-13/CVE-2013-0752 (bmo#805024) Memory\n corruption in XBL with XML bindings containing SVG\n\n - MFSA 2013-14/CVE-2013-0757 (bmo#813901) Chrome Object\n Wrapper (COW) bypass through changing prototype\n\n - MFSA 2013-15/CVE-2013-0758 (bmo#813906) Privilege\n escalation through plugin objects\n\n - MFSA 2013-16/CVE-2013-0753 (bmo#814001) Use-after-free\n in serializeToStream\n\n - MFSA 2013-17/CVE-2013-0754 (bmo#814026) Use-after-free\n in ListenerManager\n\n - MFSA 2013-18/CVE-2013-0755 (bmo#814027) Use-after-free\n in Vibrate\n\n - MFSA 2013-19/CVE-2013-0756 (bmo#814029) Use-after-free\n in JavaScript Proxy objects\n\nMozilla NSPR was updated to 4.9.4, containing some small bugfixes and\nnew features.\n\nMozilla NSS was updated to 3.14.1 containing various new features,\nsecurity fix and bugfixes :\n\n - MFSA 2013-20/CVE-2013-0743 (bmo#825022, bnc#796628)\n revoke mis-issued intermediate certificates from\n TURKTRUST\n\nCryptographic changes done :\n\n - Support for TLS 1.1 (RFC 4346)\n\n - Experimental support for DTLS 1.0 (RFC 4347) and\n DTLS-SRTP (RFC 5764)\n\n - Support for AES-CTR, AES-CTS, and AES-GCM\n\n - Support for Keying Material Exporters for TLS (RFC 5705)\n\n - Support for certificate signatures using the MD5 hash\n algorithm is now disabled by default\n\n - The NSS license has changed to MPL 2.0. Previous\n releases were released under a MPL 1.1/GPL 2.0/LGPL 2.1\n tri-license. For more information about MPL 2.0, please\n see http://www.mozilla.org/MPL/2.0/FAQ.html. For an\n additional explanation on GPL/LGPL compatibility, see\n security/nss/COPYING in the source code.\n\n - Export and DES cipher suites are disabled by default.\n Non-ECC AES and Triple DES cipher suites are enabled by\n default\n\nPlease see http://www.mozilla.org/security/announce/ for more\ninformation.\"\n );\n # http://www.mozilla.org/MPL/2.0/FAQ.html.\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/MPL/2.0/FAQ.html.\"\n );\n # http://www.mozilla.org/security/announce/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=796628\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2013-01/msg00040.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected firefox / seamonkey / thunderbird packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Firefox 17.0.1 Flash Privileged Code Injection');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-branding-upstream\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-buildsymbols\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-buildsymbols\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:enigmail\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:enigmail-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreebl3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreebl3-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreebl3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreebl3-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsoftokn3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsoftokn3-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsoftokn3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsoftokn3-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-js\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-js-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-js-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-js-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nspr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nspr-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nspr-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nspr-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nspr-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nspr-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-certs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-certs-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-certs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-certs-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-dom-inspector\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-irc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-venkman\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xulrunner\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xulrunner-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xulrunner-buildsymbols\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xulrunner-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xulrunner-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xulrunner-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xulrunner-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xulrunner-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/01/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.1|SUSE12\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.1 / 12.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaFirefox-18.0-2.58.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaFirefox-branding-upstream-18.0-2.58.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaFirefox-buildsymbols-18.0-2.58.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaFirefox-debuginfo-18.0-2.58.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaFirefox-debugsource-18.0-2.58.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaFirefox-devel-18.0-2.58.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaFirefox-translations-common-18.0-2.58.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaFirefox-translations-other-18.0-2.58.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaThunderbird-17.0.2-33.47.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaThunderbird-buildsymbols-17.0.2-33.47.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaThunderbird-debuginfo-17.0.2-33.47.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaThunderbird-debugsource-17.0.2-33.47.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaThunderbird-devel-17.0.2-33.47.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaThunderbird-devel-debuginfo-17.0.2-33.47.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaThunderbird-translations-common-17.0.2-33.47.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaThunderbird-translations-other-17.0.2-33.47.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"enigmail-1.5.0+17.0.2-33.47.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"enigmail-debuginfo-1.5.0+17.0.2-33.47.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libfreebl3-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libfreebl3-debuginfo-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libsoftokn3-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libsoftokn3-debuginfo-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-js-17.0.2-2.53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-js-debuginfo-17.0.2-2.53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nspr-4.9.4-3.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nspr-debuginfo-4.9.4-3.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nspr-debugsource-4.9.4-3.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nspr-devel-4.9.4-3.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nss-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nss-certs-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nss-certs-debuginfo-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nss-debuginfo-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nss-debugsource-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nss-devel-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nss-sysinit-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nss-sysinit-debuginfo-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nss-tools-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nss-tools-debuginfo-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"seamonkey-2.15-2.49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"seamonkey-debuginfo-2.15-2.49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"seamonkey-debugsource-2.15-2.49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"seamonkey-dom-inspector-2.15-2.49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"seamonkey-irc-2.15-2.49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"seamonkey-translations-common-2.15-2.49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"seamonkey-translations-other-2.15-2.49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"seamonkey-venkman-2.15-2.49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"xulrunner-17.0.2-2.53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"xulrunner-buildsymbols-17.0.2-2.53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"xulrunner-debuginfo-17.0.2-2.53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"xulrunner-debugsource-17.0.2-2.53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"xulrunner-devel-17.0.2-2.53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"xulrunner-devel-debuginfo-17.0.2-2.53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"libfreebl3-32bit-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"libfreebl3-debuginfo-32bit-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"libsoftokn3-32bit-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"libsoftokn3-debuginfo-32bit-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"mozilla-js-32bit-17.0.2-2.53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"mozilla-js-debuginfo-32bit-17.0.2-2.53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"mozilla-nspr-32bit-4.9.4-3.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"mozilla-nspr-debuginfo-32bit-4.9.4-3.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"mozilla-nss-32bit-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"mozilla-nss-certs-32bit-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"mozilla-nss-certs-debuginfo-32bit-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"mozilla-nss-debuginfo-32bit-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"mozilla-nss-sysinit-32bit-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"mozilla-nss-sysinit-debuginfo-32bit-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"xulrunner-32bit-17.0.2-2.53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"xulrunner-debuginfo-32bit-17.0.2-2.53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaFirefox-18.0-2.29.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaFirefox-branding-upstream-18.0-2.29.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaFirefox-buildsymbols-18.0-2.29.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaFirefox-debuginfo-18.0-2.29.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaFirefox-debugsource-18.0-2.29.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaFirefox-devel-18.0-2.29.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaFirefox-translations-common-18.0-2.29.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaFirefox-translations-other-18.0-2.29.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaThunderbird-17.0.2-49.27.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaThunderbird-buildsymbols-17.0.2-49.27.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaThunderbird-debuginfo-17.0.2-49.27.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaThunderbird-debugsource-17.0.2-49.27.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaThunderbird-devel-17.0.2-49.27.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaThunderbird-devel-debuginfo-17.0.2-49.27.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaThunderbird-translations-common-17.0.2-49.27.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaThunderbird-translations-other-17.0.2-49.27.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"enigmail-1.5.0+17.0.2-49.27.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"enigmail-debuginfo-1.5.0+17.0.2-49.27.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"libfreebl3-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"libfreebl3-debuginfo-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"libsoftokn3-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"libsoftokn3-debuginfo-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-js-17.0.2-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-js-debuginfo-17.0.2-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-nspr-4.9.4-1.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-nspr-debuginfo-4.9.4-1.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-nspr-debugsource-4.9.4-1.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-nspr-devel-4.9.4-1.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-nss-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-nss-certs-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-nss-certs-debuginfo-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-nss-debuginfo-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-nss-debugsource-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-nss-devel-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-nss-sysinit-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-nss-sysinit-debuginfo-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-nss-tools-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-nss-tools-debuginfo-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"seamonkey-2.15-2.30.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"seamonkey-debuginfo-2.15-2.30.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"seamonkey-debugsource-2.15-2.30.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"seamonkey-dom-inspector-2.15-2.30.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"seamonkey-irc-2.15-2.30.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"seamonkey-translations-common-2.15-2.30.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"seamonkey-translations-other-2.15-2.30.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"seamonkey-venkman-2.15-2.30.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"xulrunner-17.0.2-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"xulrunner-buildsymbols-17.0.2-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"xulrunner-debuginfo-17.0.2-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"xulrunner-debugsource-17.0.2-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"xulrunner-devel-17.0.2-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"xulrunner-devel-debuginfo-17.0.2-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"libfreebl3-32bit-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"libfreebl3-debuginfo-32bit-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"libsoftokn3-32bit-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"libsoftokn3-debuginfo-32bit-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"mozilla-js-32bit-17.0.2-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"mozilla-js-debuginfo-32bit-17.0.2-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"mozilla-nspr-32bit-4.9.4-1.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"mozilla-nspr-debuginfo-32bit-4.9.4-1.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"mozilla-nss-32bit-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"mozilla-nss-certs-32bit-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"mozilla-nss-certs-debuginfo-32bit-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"mozilla-nss-debuginfo-32bit-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"mozilla-nss-sysinit-32bit-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"mozilla-nss-sysinit-debuginfo-32bit-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"xulrunner-32bit-17.0.2-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"xulrunner-debuginfo-32bit-17.0.2-2.26.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MozillaFirefox / MozillaFirefox-branding-upstream / etc\");\n}\n", "naslFamily": "SuSE Local Security Checks", "cpe": ["p-cpe:/a:novell:opensuse:MozillaFirefox-translations-common", "p-cpe:/a:novell:opensuse:mozilla-js", "p-cpe:/a:novell:opensuse:MozillaFirefox-buildsymbols", "p-cpe:/a:novell:opensuse:libfreebl3-debuginfo", "p-cpe:/a:novell:opensuse:mozilla-nss-tools-debuginfo", "p-cpe:/a:novell:opensuse:mozilla-nspr-debuginfo", "p-cpe:/a:novell:opensuse:libfreebl3", "p-cpe:/a:novell:opensuse:seamonkey-debugsource", "p-cpe:/a:novell:opensuse:libsoftokn3-32bit", "p-cpe:/a:novell:opensuse:mozilla-nss-certs", "p-cpe:/a:novell:opensuse:mozilla-nss-32bit", "p-cpe:/a:novell:opensuse:MozillaFirefox-debuginfo", "cpe:/o:novell:opensuse:12.1", "p-cpe:/a:novell:opensuse:libsoftokn3-debuginfo-32bit", "p-cpe:/a:novell:opensuse:MozillaThunderbird-debuginfo", "p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-other", "p-cpe:/a:novell:opensuse:MozillaThunderbird-debugsource", "p-cpe:/a:novell:opensuse:xulrunner-devel", "p-cpe:/a:novell:opensuse:MozillaFirefox-devel", "p-cpe:/a:novell:opensuse:mozilla-nss-debugsource", "p-cpe:/a:novell:opensuse:mozilla-nspr", "p-cpe:/a:novell:opensuse:MozillaThunderbird", "p-cpe:/a:novell:opensuse:seamonkey-debuginfo", "p-cpe:/a:novell:opensuse:MozillaThunderbird-buildsymbols", "p-cpe:/a:novell:opensuse:MozillaThunderbird-devel", "p-cpe:/a:novell:opensuse:seamonkey-dom-inspector", "p-cpe:/a:novell:opensuse:mozilla-nss-tools", "p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libsoftokn3", "p-cpe:/a:novell:opensuse:mozilla-nspr-32bit", "p-cpe:/a:novell:opensuse:MozillaThunderbird-devel-debuginfo", "p-cpe:/a:novell:opensuse:xulrunner-debuginfo", "p-cpe:/a:novell:opensuse:mozilla-nss", "p-cpe:/a:novell:opensuse:seamonkey-translations-other", "p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-debuginfo", "p-cpe:/a:novell:opensuse:mozilla-js-debuginfo-32bit", "p-cpe:/a:novell:opensuse:mozilla-nss-certs-debuginfo", "p-cpe:/a:novell:opensuse:mozilla-nss-certs-32bit", "p-cpe:/a:novell:opensuse:mozilla-nspr-debuginfo-32bit", "p-cpe:/a:novell:opensuse:seamonkey-venkman", "p-cpe:/a:novell:opensuse:mozilla-nss-debuginfo", "p-cpe:/a:novell:opensuse:MozillaFirefox-branding-upstream", "p-cpe:/a:novell:opensuse:xulrunner-32bit", "p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-32bit", "p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-common", "p-cpe:/a:novell:opensuse:mozilla-nss-certs-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libsoftokn3-debuginfo", "p-cpe:/a:novell:opensuse:xulrunner-debuginfo-32bit", "p-cpe:/a:novell:opensuse:xulrunner-debugsource", "p-cpe:/a:novell:opensuse:mozilla-js-32bit", "p-cpe:/a:novell:opensuse:seamonkey-translations-common", "p-cpe:/a:novell:opensuse:mozilla-nspr-devel", "p-cpe:/a:novell:opensuse:mozilla-js-debuginfo", "p-cpe:/a:novell:opensuse:xulrunner", "p-cpe:/a:novell:opensuse:mozilla-nss-debuginfo-32bit", "p-cpe:/a:novell:opensuse:seamonkey-irc", "p-cpe:/a:novell:opensuse:enigmail", "p-cpe:/a:novell:opensuse:mozilla-nss-sysinit", "p-cpe:/a:novell:opensuse:MozillaFirefox-translations-other", "p-cpe:/a:novell:opensuse:MozillaFirefox-debugsource", "p-cpe:/a:novell:opensuse:libfreebl3-debuginfo-32bit", "p-cpe:/a:novell:opensuse:MozillaFirefox", "p-cpe:/a:novell:opensuse:libfreebl3-32bit", "p-cpe:/a:novell:opensuse:mozilla-nss-devel", "p-cpe:/a:novell:opensuse:xulrunner-devel-debuginfo", "p-cpe:/a:novell:opensuse:xulrunner-buildsymbols", "p-cpe:/a:novell:opensuse:mozilla-nspr-debugsource", "p-cpe:/a:novell:opensuse:seamonkey", "cpe:/o:novell:opensuse:12.2", "p-cpe:/a:novell:opensuse:enigmail-debuginfo"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2021-01-20T12:26:15", "differentElements": ["cpe", "cvss2", "naslFamily", "sourceData"], "edition": 5}, {"bulletin": {"id": "OPENSUSE-2013-17.NASL", "hash": "94dc602ca97c66c7800a3d43801225a04ab6a2fa01182b188664f7770f09534e", "type": "nessus", "bulletinFamily": "scanner", "title": "openSUSE Security Update : firefox / seamonkey / thunderbird (openSUSE-SU-2013:0149-1)", "description": "The Mozilla January 8th 2013 security release contains updates :\n\nMozilla Firefox was updated to version 18.0. Mozilla SeaMonkey was\nupdated to version 2.15. Mozilla Thunderbird was updated to version\n17.0.2. Mozilla XULRunner was updated to version 17.0.2.\n\n - MFSA 2013-01/CVE-2013-0749/CVE-2013-0769/CVE-2013-0770\n Miscellaneous memory safety hazards\n\n - MFSA\n 2013-02/CVE-2013-0760/CVE-2013-0762/CVE-2013-0766/CVE-20\n 13-0767\n CVE-2013-0761/CVE-2013-0763/CVE-2013-0771/CVE-2012-5829\n Use-after-free and buffer overflow issues found using\n Address Sanitizer\n\n - MFSA 2013-03/CVE-2013-0768 (bmo#815795) Buffer Overflow\n in Canvas\n\n - MFSA 2013-04/CVE-2012-0759 (bmo#802026) URL spoofing in\n addressbar during page loads\n\n - MFSA 2013-05/CVE-2013-0744 (bmo#814713) Use-after-free\n when displaying table with many columns and column\n groups\n\n - MFSA 2013-06/CVE-2013-0751 (bmo#790454) Touch events are\n shared across iframes\n\n - MFSA 2013-07/CVE-2013-0764 (bmo#804237) Crash due to\n handling of SSL on threads\n\n - MFSA 2013-08/CVE-2013-0745 (bmo#794158)\n AutoWrapperChanger fails to keep objects alive during\n garbage collection\n\n - MFSA 2013-09/CVE-2013-0746 (bmo#816842) Compartment\n mismatch with quickstubs returned values\n\n - MFSA 2013-10/CVE-2013-0747 (bmo#733305) Event\n manipulation in plugin handler to bypass same-origin\n policy\n\n - MFSA 2013-11/CVE-2013-0748 (bmo#806031) Address space\n layout leaked in XBL objects\n\n - MFSA 2013-12/CVE-2013-0750 (bmo#805121) Buffer overflow\n in JavaScript string concatenation\n\n - MFSA 2013-13/CVE-2013-0752 (bmo#805024) Memory\n corruption in XBL with XML bindings containing SVG\n\n - MFSA 2013-14/CVE-2013-0757 (bmo#813901) Chrome Object\n Wrapper (COW) bypass through changing prototype\n\n - MFSA 2013-15/CVE-2013-0758 (bmo#813906) Privilege\n escalation through plugin objects\n\n - MFSA 2013-16/CVE-2013-0753 (bmo#814001) Use-after-free\n in serializeToStream\n\n - MFSA 2013-17/CVE-2013-0754 (bmo#814026) Use-after-free\n in ListenerManager\n\n - MFSA 2013-18/CVE-2013-0755 (bmo#814027) Use-after-free\n in Vibrate\n\n - MFSA 2013-19/CVE-2013-0756 (bmo#814029) Use-after-free\n in JavaScript Proxy objects\n\nMozilla NSPR was updated to 4.9.4, containing some small bugfixes and\nnew features.\n\nMozilla NSS was updated to 3.14.1 containing various new features,\nsecurity fix and bugfixes :\n\n - MFSA 2013-20/CVE-2013-0743 (bmo#825022, bnc#796628)\n revoke mis-issued intermediate certificates from\n TURKTRUST\n\nCryptographic changes done :\n\n - Support for TLS 1.1 (RFC 4346)\n\n - Experimental support for DTLS 1.0 (RFC 4347) and\n DTLS-SRTP (RFC 5764)\n\n - Support for AES-CTR, AES-CTS, and AES-GCM\n\n - Support for Keying Material Exporters for TLS (RFC 5705)\n\n - Support for certificate signatures using the MD5 hash\n algorithm is now disabled by default\n\n - The NSS license has changed to MPL 2.0. Previous\n releases were released under a MPL 1.1/GPL 2.0/LGPL 2.1\n tri-license. For more information about MPL 2.0, please\n see http://www.mozilla.org/MPL/2.0/FAQ.html. For an\n additional explanation on GPL/LGPL compatibility, see\n security/nss/COPYING in the source code.\n\n - Export and DES cipher suites are disabled by default.\n Non-ECC AES and Triple DES cipher suites are enabled by\n default\n\nPlease see http://www.mozilla.org/security/announce/ for more\ninformation.", "published": "2014-06-13T00:00:00", "modified": "2014-06-13T00:00:00", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/74918", "reporter": "This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://www.mozilla.org/en-US/MPL/2.0/FAQ.html.", "https://bugzilla.novell.com/show_bug.cgi?id=796628", "https://www.mozilla.org/en-US/security/advisories/", "https://lists.opensuse.org/opensuse-updates/2013-01/msg00040.html"], "cvelist": ["CVE-2013-0743", "CVE-2013-0763", "CVE-2013-0746", "CVE-2012-5829", "CVE-2013-0766", "CVE-2013-0747", "CVE-2013-0751", "CVE-2013-0744", "CVE-2013-0748", "CVE-2013-0768", "CVE-2013-0755", "CVE-2013-0752", "CVE-2013-0754", "CVE-2013-0769", "CVE-2013-0771", "CVE-2013-0757", "CVE-2013-0749", "CVE-2013-0761", "CVE-2012-0759", "CVE-2013-0745", "CVE-2013-0756", "CVE-2013-0760", "CVE-2013-0767", "CVE-2013-0762", "CVE-2013-0753", "CVE-2013-0750", "CVE-2013-0759", "CVE-2013-0770", "CVE-2013-0758", "CVE-2013-0764"], "immutableFields": [], "lastseen": "2021-01-20T12:26:15", "history": [], "viewCount": 0, "enchantments": {"dependencies": {"modified": "2021-01-20T12:26:15", "references": [{"idList": ["MFSA2013-02"], "type": "mozilla"}, {"idList": ["SECURITYVULNS:VULN:12816"], "type": "securityvulns"}, {"idList": ["ELSA-2013-0144", "ELSA-2013-0145"], "type": "oraclelinux"}, {"idList": ["UB:CVE-2013-0756", "UB:CVE-2013-0761"], "type": "ubuntucve"}, {"idList": ["RHSA-2013:0144", "RHSA-2013:0145"], "type": "redhat"}, {"idList": ["USN-1681-3", "USN-1681-4", "USN-1681-1", "USN-1681-2"], "type": "ubuntu"}, {"idList": ["MOZILLA_FIREFOX_180.NASL", "UBUNTU_USN-1681-1.NASL", "SEAMONKEY_215.NASL", "SUSE_SU-2013-0306-1.NASL", "MACOSX_FIREFOX_18_0.NASL", "SUSE_FIREFOX-201301-8426.NASL", "FREEBSD_PKG_A4ED66325AA911E28FCBC8600054B392.NASL", "SUSE_11_FIREFOX-201301-130110.NASL", "UBUNTU_USN-1681-2.NASL", "UBUNTU_USN-1681-3.NASL"], "type": "nessus"}, {"idList": ["CVE-2013-0761", "CVE-2012-0759", "CVE-2013-0756"], "type": "cve"}, {"idList": ["SUSE-SU-2013:0048-1", "OPENSUSE-SU-2013:0131-1", "SUSE-SU-2013:0292-1", "OPENSUSE-SU-2013:0149-1", "SUSE-SU-2013:0049-1", "SUSE-SU-2013:0306-1"], "type": "suse"}, {"idList": ["OPENVAS:1361412562310841307", "OPENVAS:841289", "OPENVAS:850391", "OPENVAS:841272", "OPENVAS:1361412562310841289", "OPENVAS:841273", "OPENVAS:1361412562310841272", "OPENVAS:1361412562310841273", "OPENVAS:1361412562310850391", "OPENVAS:841307"], "type": "openvas"}, {"idList": ["MSF:ILITIES/LINUXRPM-RHSA-2013-0144/", "MSF:ILITIES/LINUXRPM-RHSA-2013-0145/"], "type": "metasploit"}, {"idList": ["CESA-2013:0145", "CESA-2013:0144"], "type": "centos"}, {"idList": ["A4ED6632-5AA9-11E2-8FCB-C8600054B392"], "type": "freebsd"}], "rev": 2}, "score": {"modified": "2021-01-20T12:26:15", "rev": 2, "value": 9.7, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "74918", "sourceData": "", "naslFamily": "", "cpe": [], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2021-01-20T12:26:15", "differentElements": ["cpe", "cvelist", "cvss3", "description", "exploitAvailable", "exploitEase", "exploitableWith", "modified", "naslFamily", "patchPublicationDate", "references", "solution", "sourceData", "vpr"], "edition": 6}, {"bulletin": {"id": "OPENSUSE-2013-17.NASL", "hash": "0c0c55e23d364ac7e0380c87b1224ee1", "type": "nessus", "bulletinFamily": "scanner", "title": "openSUSE Security Update : firefox / seamonkey / thunderbird (openSUSE-SU-2013:0149-1)", "description": "The Mozilla January 8th 2013 security release contains updates :\n\nMozilla Firefox was updated to version 18.0. Mozilla SeaMonkey was updated to version 2.15. Mozilla Thunderbird was updated to version 17.0.2. Mozilla XULRunner was updated to version 17.0.2.\n\n - MFSA 2013-01/CVE-2013-0749/CVE-2013-0769/CVE-2013-0770 Miscellaneous memory safety hazards\n\n - MFSA 2013-02/CVE-2013-0760/CVE-2013-0762/CVE-2013-0766/CVE-20 13-0767 CVE-2013-0761/CVE-2013-0763/CVE-2013-0771/CVE-2012-5829 Use-after-free and buffer overflow issues found using Address Sanitizer\n\n - MFSA 2013-03/CVE-2013-0768 (bmo#815795) Buffer Overflow in Canvas\n\n - MFSA 2013-04/CVE-2012-0759 (bmo#802026) URL spoofing in addressbar during page loads\n\n - MFSA 2013-05/CVE-2013-0744 (bmo#814713) Use-after-free when displaying table with many columns and column groups\n\n - MFSA 2013-06/CVE-2013-0751 (bmo#790454) Touch events are shared across iframes\n\n - MFSA 2013-07/CVE-2013-0764 (bmo#804237) Crash due to handling of SSL on threads\n\n - MFSA 2013-08/CVE-2013-0745 (bmo#794158) AutoWrapperChanger fails to keep objects alive during garbage collection\n\n - MFSA 2013-09/CVE-2013-0746 (bmo#816842) Compartment mismatch with quickstubs returned values\n\n - MFSA 2013-10/CVE-2013-0747 (bmo#733305) Event manipulation in plugin handler to bypass same-origin policy\n\n - MFSA 2013-11/CVE-2013-0748 (bmo#806031) Address space layout leaked in XBL objects\n\n - MFSA 2013-12/CVE-2013-0750 (bmo#805121) Buffer overflow in JavaScript string concatenation\n\n - MFSA 2013-13/CVE-2013-0752 (bmo#805024) Memory corruption in XBL with XML bindings containing SVG\n\n - MFSA 2013-14/CVE-2013-0757 (bmo#813901) Chrome Object Wrapper (COW) bypass through changing prototype\n\n - MFSA 2013-15/CVE-2013-0758 (bmo#813906) Privilege escalation through plugin objects\n\n - MFSA 2013-16/CVE-2013-0753 (bmo#814001) Use-after-free in serializeToStream\n\n - MFSA 2013-17/CVE-2013-0754 (bmo#814026) Use-after-free in ListenerManager\n\n - MFSA 2013-18/CVE-2013-0755 (bmo#814027) Use-after-free in Vibrate\n\n - MFSA 2013-19/CVE-2013-0756 (bmo#814029) Use-after-free in JavaScript Proxy objects\n\nMozilla NSPR was updated to 4.9.4, containing some small bugfixes and new features.\n\nMozilla NSS was updated to 3.14.1 containing various new features, security fix and bugfixes :\n\n - MFSA 2013-20/CVE-2013-0743 (bmo#825022, bnc#796628) revoke mis-issued intermediate certificates from TURKTRUST\n\nCryptographic changes done :\n\n - Support for TLS 1.1 (RFC 4346)\n\n - Experimental support for DTLS 1.0 (RFC 4347) and DTLS-SRTP (RFC 5764)\n\n - Support for AES-CTR, AES-CTS, and AES-GCM\n\n - Support for Keying Material Exporters for TLS (RFC 5705)\n\n - Support for certificate signatures using the MD5 hash algorithm is now disabled by default\n\n - The NSS license has changed to MPL 2.0. Previous releases were released under a MPL 1.1/GPL 2.0/LGPL 2.1 tri-license. For more information about MPL 2.0, please see http://www.mozilla.org/MPL/2.0/FAQ.html. For an additional explanation on GPL/LGPL compatibility, see security/nss/COPYING in the source code.\n\n - Export and DES cipher suites are disabled by default.\n Non-ECC AES and Triple DES cipher suites are enabled by default\n\nPlease see http://www.mozilla.org/security/announce/ for more information.", "published": "2014-06-13T00:00:00", "modified": "2021-01-19T00:00:00", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {"score": null, "vector": null}, "href": "https://www.tenable.com/plugins/nessus/74918", "reporter": "This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0770", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0763", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0758", "https://lists.opensuse.org/opensuse-updates/2013-01/msg00040.html", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0751", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0754", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0744", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0771", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0766", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0769", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0745", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0757", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0752", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0755", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0753", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0759", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0756", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0762", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0761", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0768", "https://www.mozilla.org/en-US/security/advisories/", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0767", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5829", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0750", "https://www.mozilla.org/en-US/MPL/2.0/FAQ.html.", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0748", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0749", "https://bugzilla.novell.com/show_bug.cgi?id=796628", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0746", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0764", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0747", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0759", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0760"], "cvelist": ["CVE-2012-0759", "CVE-2012-5829", "CVE-2013-0744", "CVE-2013-0745", "CVE-2013-0746", "CVE-2013-0747", "CVE-2013-0748", "CVE-2013-0749", "CVE-2013-0750", "CVE-2013-0751", "CVE-2013-0752", "CVE-2013-0753", "CVE-2013-0754", "CVE-2013-0755", "CVE-2013-0756", "CVE-2013-0757", "CVE-2013-0758", "CVE-2013-0759", "CVE-2013-0760", "CVE-2013-0761", "CVE-2013-0762", "CVE-2013-0763", "CVE-2013-0764", "CVE-2013-0766", "CVE-2013-0767", "CVE-2013-0768", "CVE-2013-0769", "CVE-2013-0770", "CVE-2013-0771"], "immutableFields": [], "lastseen": "2021-08-11T14:14:57", "history": [], "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "nessus", "idList": ["UBUNTU_USN-1681-1.NASL", "SUSE_11_FIREFOX-201301-130110.NASL", "UBUNTU_USN-1681-4.NASL", "UBUNTU_USN-1681-2.NASL", "6668.PRM", "UBUNTU_USN-1681-3.NASL", "SEAMONKEY_215.NASL", "SUSE_FIREFOX-201301-8426.NASL", "MACOSX_FIREFOX_18_0.NASL", "MOZILLA_FIREFOX_180.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310850391", "OPENVAS:841273", "OPENVAS:1361412562310841307", "OPENVAS:1361412562310841289", "OPENVAS:841272", "OPENVAS:1361412562310841272", "OPENVAS:850391", "OPENVAS:1361412562310841273", "OPENVAS:841289", "OPENVAS:841307"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2013:0131-1", "SUSE-SU-2013:0048-1", "SUSE-SU-2013:0306-1", "SUSE-SU-2013:0292-1", "SUSE-SU-2013:0049-1", "OPENSUSE-SU-2013:0149-1"]}, {"type": "freebsd", "idList": ["A4ED6632-5AA9-11E2-8FCB-C8600054B392"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:12816"]}, {"type": "ubuntu", "idList": ["USN-1681-4", "USN-1681-3", "USN-1681-1", "USN-1681-2"]}, {"type": "oraclelinux", "idList": ["ELSA-2013-0145", "ELSA-2013-0144"]}, {"type": "redhat", "idList": ["RHSA-2013:0145", "RHSA-2013:0144"]}, {"type": "centos", "idList": ["CESA-2013:0144", "CESA-2013:0145"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/LINUXRPM-RHSA-2013-0145/", "MSF:ILITIES/LINUXRPM-RHSA-2013-0144/"]}, {"type": "mozilla", "idList": ["MFSA2013-02"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2013-0768", "UB:CVE-2013-0761"]}, {"type": "cve", "idList": ["CVE-2012-0759", "CVE-2013-0768", "CVE-2013-0770", "CVE-2013-0761"]}], "modified": "2021-08-11T14:14:57", "rev": 2}, "score": {"value": 9.7, "vector": "NONE", "modified": "2021-08-11T14:14:57", "rev": 2}}, "objectVersion": "1.6", "pluginID": "74918", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2013-17.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(74918);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2012-0759\", \"CVE-2012-5829\", \"CVE-2013-0744\", \"CVE-2013-0745\", \"CVE-2013-0746\", \"CVE-2013-0747\", \"CVE-2013-0748\", \"CVE-2013-0749\", \"CVE-2013-0750\", \"CVE-2013-0751\", \"CVE-2013-0752\", \"CVE-2013-0753\", \"CVE-2013-0754\", \"CVE-2013-0755\", \"CVE-2013-0756\", \"CVE-2013-0757\", \"CVE-2013-0758\", \"CVE-2013-0759\", \"CVE-2013-0760\", \"CVE-2013-0761\", \"CVE-2013-0762\", \"CVE-2013-0763\", \"CVE-2013-0764\", \"CVE-2013-0766\", \"CVE-2013-0767\", \"CVE-2013-0768\", \"CVE-2013-0769\", \"CVE-2013-0770\", \"CVE-2013-0771\");\n\n script_name(english:\"openSUSE Security Update : firefox / seamonkey / thunderbird (openSUSE-SU-2013:0149-1)\");\n script_summary(english:\"Check for the openSUSE-2013-17 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Mozilla January 8th 2013 security release contains updates :\n\nMozilla Firefox was updated to version 18.0. Mozilla SeaMonkey was\nupdated to version 2.15. Mozilla Thunderbird was updated to version\n17.0.2. Mozilla XULRunner was updated to version 17.0.2.\n\n - MFSA 2013-01/CVE-2013-0749/CVE-2013-0769/CVE-2013-0770\n Miscellaneous memory safety hazards\n\n - MFSA\n 2013-02/CVE-2013-0760/CVE-2013-0762/CVE-2013-0766/CVE-20\n 13-0767\n CVE-2013-0761/CVE-2013-0763/CVE-2013-0771/CVE-2012-5829\n Use-after-free and buffer overflow issues found using\n Address Sanitizer\n\n - MFSA 2013-03/CVE-2013-0768 (bmo#815795) Buffer Overflow\n in Canvas\n\n - MFSA 2013-04/CVE-2012-0759 (bmo#802026) URL spoofing in\n addressbar during page loads\n\n - MFSA 2013-05/CVE-2013-0744 (bmo#814713) Use-after-free\n when displaying table with many columns and column\n groups\n\n - MFSA 2013-06/CVE-2013-0751 (bmo#790454) Touch events are\n shared across iframes\n\n - MFSA 2013-07/CVE-2013-0764 (bmo#804237) Crash due to\n handling of SSL on threads\n\n - MFSA 2013-08/CVE-2013-0745 (bmo#794158)\n AutoWrapperChanger fails to keep objects alive during\n garbage collection\n\n - MFSA 2013-09/CVE-2013-0746 (bmo#816842) Compartment\n mismatch with quickstubs returned values\n\n - MFSA 2013-10/CVE-2013-0747 (bmo#733305) Event\n manipulation in plugin handler to bypass same-origin\n policy\n\n - MFSA 2013-11/CVE-2013-0748 (bmo#806031) Address space\n layout leaked in XBL objects\n\n - MFSA 2013-12/CVE-2013-0750 (bmo#805121) Buffer overflow\n in JavaScript string concatenation\n\n - MFSA 2013-13/CVE-2013-0752 (bmo#805024) Memory\n corruption in XBL with XML bindings containing SVG\n\n - MFSA 2013-14/CVE-2013-0757 (bmo#813901) Chrome Object\n Wrapper (COW) bypass through changing prototype\n\n - MFSA 2013-15/CVE-2013-0758 (bmo#813906) Privilege\n escalation through plugin objects\n\n - MFSA 2013-16/CVE-2013-0753 (bmo#814001) Use-after-free\n in serializeToStream\n\n - MFSA 2013-17/CVE-2013-0754 (bmo#814026) Use-after-free\n in ListenerManager\n\n - MFSA 2013-18/CVE-2013-0755 (bmo#814027) Use-after-free\n in Vibrate\n\n - MFSA 2013-19/CVE-2013-0756 (bmo#814029) Use-after-free\n in JavaScript Proxy objects\n\nMozilla NSPR was updated to 4.9.4, containing some small bugfixes and\nnew features.\n\nMozilla NSS was updated to 3.14.1 containing various new features,\nsecurity fix and bugfixes :\n\n - MFSA 2013-20/CVE-2013-0743 (bmo#825022, bnc#796628)\n revoke mis-issued intermediate certificates from\n TURKTRUST\n\nCryptographic changes done :\n\n - Support for TLS 1.1 (RFC 4346)\n\n - Experimental support for DTLS 1.0 (RFC 4347) and\n DTLS-SRTP (RFC 5764)\n\n - Support for AES-CTR, AES-CTS, and AES-GCM\n\n - Support for Keying Material Exporters for TLS (RFC 5705)\n\n - Support for certificate signatures using the MD5 hash\n algorithm is now disabled by default\n\n - The NSS license has changed to MPL 2.0. Previous\n releases were released under a MPL 1.1/GPL 2.0/LGPL 2.1\n tri-license. For more information about MPL 2.0, please\n see http://www.mozilla.org/MPL/2.0/FAQ.html. For an\n additional explanation on GPL/LGPL compatibility, see\n security/nss/COPYING in the source code.\n\n - Export and DES cipher suites are disabled by default.\n Non-ECC AES and Triple DES cipher suites are enabled by\n default\n\nPlease see http://www.mozilla.org/security/announce/ for more\ninformation.\"\n );\n # http://www.mozilla.org/MPL/2.0/FAQ.html.\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/MPL/2.0/FAQ.html.\"\n );\n # http://www.mozilla.org/security/announce/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=796628\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2013-01/msg00040.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected firefox / seamonkey / thunderbird packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Firefox 17.0.1 Flash Privileged Code Injection');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-branding-upstream\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-buildsymbols\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-buildsymbols\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:enigmail\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:enigmail-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreebl3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreebl3-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreebl3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreebl3-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsoftokn3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsoftokn3-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsoftokn3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsoftokn3-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-js\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-js-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-js-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-js-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nspr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nspr-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nspr-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nspr-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nspr-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nspr-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-certs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-certs-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-certs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-certs-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-dom-inspector\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-irc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-venkman\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xulrunner\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xulrunner-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xulrunner-buildsymbols\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xulrunner-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xulrunner-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xulrunner-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xulrunner-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xulrunner-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/01/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.1|SUSE12\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.1 / 12.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaFirefox-18.0-2.58.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaFirefox-branding-upstream-18.0-2.58.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaFirefox-buildsymbols-18.0-2.58.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaFirefox-debuginfo-18.0-2.58.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaFirefox-debugsource-18.0-2.58.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaFirefox-devel-18.0-2.58.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaFirefox-translations-common-18.0-2.58.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaFirefox-translations-other-18.0-2.58.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaThunderbird-17.0.2-33.47.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaThunderbird-buildsymbols-17.0.2-33.47.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaThunderbird-debuginfo-17.0.2-33.47.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaThunderbird-debugsource-17.0.2-33.47.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaThunderbird-devel-17.0.2-33.47.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaThunderbird-devel-debuginfo-17.0.2-33.47.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaThunderbird-translations-common-17.0.2-33.47.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaThunderbird-translations-other-17.0.2-33.47.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"enigmail-1.5.0+17.0.2-33.47.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"enigmail-debuginfo-1.5.0+17.0.2-33.47.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libfreebl3-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libfreebl3-debuginfo-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libsoftokn3-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libsoftokn3-debuginfo-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-js-17.0.2-2.53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-js-debuginfo-17.0.2-2.53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nspr-4.9.4-3.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nspr-debuginfo-4.9.4-3.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nspr-debugsource-4.9.4-3.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nspr-devel-4.9.4-3.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nss-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nss-certs-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nss-certs-debuginfo-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nss-debuginfo-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nss-debugsource-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nss-devel-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nss-sysinit-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nss-sysinit-debuginfo-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nss-tools-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nss-tools-debuginfo-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"seamonkey-2.15-2.49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"seamonkey-debuginfo-2.15-2.49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"seamonkey-debugsource-2.15-2.49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"seamonkey-dom-inspector-2.15-2.49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"seamonkey-irc-2.15-2.49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"seamonkey-translations-common-2.15-2.49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"seamonkey-translations-other-2.15-2.49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"seamonkey-venkman-2.15-2.49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"xulrunner-17.0.2-2.53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"xulrunner-buildsymbols-17.0.2-2.53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"xulrunner-debuginfo-17.0.2-2.53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"xulrunner-debugsource-17.0.2-2.53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"xulrunner-devel-17.0.2-2.53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"xulrunner-devel-debuginfo-17.0.2-2.53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"libfreebl3-32bit-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"libfreebl3-debuginfo-32bit-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"libsoftokn3-32bit-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"libsoftokn3-debuginfo-32bit-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"mozilla-js-32bit-17.0.2-2.53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"mozilla-js-debuginfo-32bit-17.0.2-2.53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"mozilla-nspr-32bit-4.9.4-3.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"mozilla-nspr-debuginfo-32bit-4.9.4-3.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"mozilla-nss-32bit-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"mozilla-nss-certs-32bit-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"mozilla-nss-certs-debuginfo-32bit-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"mozilla-nss-debuginfo-32bit-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"mozilla-nss-sysinit-32bit-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"mozilla-nss-sysinit-debuginfo-32bit-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"xulrunner-32bit-17.0.2-2.53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"xulrunner-debuginfo-32bit-17.0.2-2.53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaFirefox-18.0-2.29.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaFirefox-branding-upstream-18.0-2.29.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaFirefox-buildsymbols-18.0-2.29.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaFirefox-debuginfo-18.0-2.29.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaFirefox-debugsource-18.0-2.29.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaFirefox-devel-18.0-2.29.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaFirefox-translations-common-18.0-2.29.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaFirefox-translations-other-18.0-2.29.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaThunderbird-17.0.2-49.27.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaThunderbird-buildsymbols-17.0.2-49.27.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaThunderbird-debuginfo-17.0.2-49.27.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaThunderbird-debugsource-17.0.2-49.27.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaThunderbird-devel-17.0.2-49.27.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaThunderbird-devel-debuginfo-17.0.2-49.27.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaThunderbird-translations-common-17.0.2-49.27.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaThunderbird-translations-other-17.0.2-49.27.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"enigmail-1.5.0+17.0.2-49.27.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"enigmail-debuginfo-1.5.0+17.0.2-49.27.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"libfreebl3-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"libfreebl3-debuginfo-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"libsoftokn3-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"libsoftokn3-debuginfo-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-js-17.0.2-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-js-debuginfo-17.0.2-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-nspr-4.9.4-1.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-nspr-debuginfo-4.9.4-1.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-nspr-debugsource-4.9.4-1.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-nspr-devel-4.9.4-1.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-nss-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-nss-certs-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-nss-certs-debuginfo-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-nss-debuginfo-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-nss-debugsource-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-nss-devel-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-nss-sysinit-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-nss-sysinit-debuginfo-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-nss-tools-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-nss-tools-debuginfo-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"seamonkey-2.15-2.30.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"seamonkey-debuginfo-2.15-2.30.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"seamonkey-debugsource-2.15-2.30.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"seamonkey-dom-inspector-2.15-2.30.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"seamonkey-irc-2.15-2.30.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"seamonkey-translations-common-2.15-2.30.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"seamonkey-translations-other-2.15-2.30.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"seamonkey-venkman-2.15-2.30.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"xulrunner-17.0.2-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"xulrunner-buildsymbols-17.0.2-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"xulrunner-debuginfo-17.0.2-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"xulrunner-debugsource-17.0.2-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"xulrunner-devel-17.0.2-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"xulrunner-devel-debuginfo-17.0.2-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"libfreebl3-32bit-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"libfreebl3-debuginfo-32bit-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"libsoftokn3-32bit-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"libsoftokn3-debuginfo-32bit-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"mozilla-js-32bit-17.0.2-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"mozilla-js-debuginfo-32bit-17.0.2-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"mozilla-nspr-32bit-4.9.4-1.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"mozilla-nspr-debuginfo-32bit-4.9.4-1.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"mozilla-nss-32bit-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"mozilla-nss-certs-32bit-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"mozilla-nss-certs-debuginfo-32bit-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"mozilla-nss-debuginfo-32bit-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"mozilla-nss-sysinit-32bit-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"mozilla-nss-sysinit-debuginfo-32bit-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"xulrunner-32bit-17.0.2-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"xulrunner-debuginfo-32bit-17.0.2-2.26.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MozillaFirefox / MozillaFirefox-branding-upstream / etc\");\n}\n", "naslFamily": "SuSE Local Security Checks", "cpe": ["p-cpe:/a:novell:opensuse:MozillaFirefox", "p-cpe:/a:novell:opensuse:MozillaFirefox-branding-upstream", "p-cpe:/a:novell:opensuse:MozillaFirefox-buildsymbols", "p-cpe:/a:novell:opensuse:MozillaFirefox-debuginfo", "p-cpe:/a:novell:opensuse:MozillaFirefox-debugsource", "p-cpe:/a:novell:opensuse:MozillaFirefox-devel", "p-cpe:/a:novell:opensuse:MozillaFirefox-translations-common", "p-cpe:/a:novell:opensuse:MozillaFirefox-translations-other", "p-cpe:/a:novell:opensuse:MozillaThunderbird", "p-cpe:/a:novell:opensuse:MozillaThunderbird-buildsymbols", "p-cpe:/a:novell:opensuse:MozillaThunderbird-debuginfo", "p-cpe:/a:novell:opensuse:MozillaThunderbird-debugsource", "p-cpe:/a:novell:opensuse:MozillaThunderbird-devel", "p-cpe:/a:novell:opensuse:MozillaThunderbird-devel-debuginfo", "p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-common", "p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-other", "p-cpe:/a:novell:opensuse:enigmail", "p-cpe:/a:novell:opensuse:enigmail-debuginfo", "p-cpe:/a:novell:opensuse:libfreebl3", "p-cpe:/a:novell:opensuse:libfreebl3-32bit", "p-cpe:/a:novell:opensuse:libfreebl3-debuginfo", "p-cpe:/a:novell:opensuse:libfreebl3-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libsoftokn3", "p-cpe:/a:novell:opensuse:libsoftokn3-32bit", "p-cpe:/a:novell:opensuse:libsoftokn3-debuginfo", "p-cpe:/a:novell:opensuse:libsoftokn3-debuginfo-32bit", "p-cpe:/a:novell:opensuse:mozilla-js", "p-cpe:/a:novell:opensuse:mozilla-js-32bit", "p-cpe:/a:novell:opensuse:mozilla-js-debuginfo", "p-cpe:/a:novell:opensuse:mozilla-js-debuginfo-32bit", "p-cpe:/a:novell:opensuse:mozilla-nspr", "p-cpe:/a:novell:opensuse:mozilla-nspr-32bit", "p-cpe:/a:novell:opensuse:mozilla-nspr-debuginfo", "p-cpe:/a:novell:opensuse:mozilla-nspr-debuginfo-32bit", "p-cpe:/a:novell:opensuse:mozilla-nspr-debugsource", "p-cpe:/a:novell:opensuse:mozilla-nspr-devel", "p-cpe:/a:novell:opensuse:mozilla-nss", "p-cpe:/a:novell:opensuse:mozilla-nss-32bit", "p-cpe:/a:novell:opensuse:mozilla-nss-certs", "p-cpe:/a:novell:opensuse:mozilla-nss-certs-32bit", "p-cpe:/a:novell:opensuse:mozilla-nss-certs-debuginfo", "p-cpe:/a:novell:opensuse:mozilla-nss-certs-debuginfo-32bit", "p-cpe:/a:novell:opensuse:mozilla-nss-debuginfo", "p-cpe:/a:novell:opensuse:mozilla-nss-debuginfo-32bit", "p-cpe:/a:novell:opensuse:mozilla-nss-debugsource", "p-cpe:/a:novell:opensuse:mozilla-nss-devel", "p-cpe:/a:novell:opensuse:mozilla-nss-sysinit", "p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-32bit", "p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-debuginfo", "p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-debuginfo-32bit", "p-cpe:/a:novell:opensuse:mozilla-nss-tools", "p-cpe:/a:novell:opensuse:mozilla-nss-tools-debuginfo", "p-cpe:/a:novell:opensuse:seamonkey", "p-cpe:/a:novell:opensuse:seamonkey-debuginfo", "p-cpe:/a:novell:opensuse:seamonkey-debugsource", "p-cpe:/a:novell:opensuse:seamonkey-dom-inspector", "p-cpe:/a:novell:opensuse:seamonkey-irc", "p-cpe:/a:novell:opensuse:seamonkey-translations-common", "p-cpe:/a:novell:opensuse:seamonkey-translations-other", "p-cpe:/a:novell:opensuse:seamonkey-venkman", "p-cpe:/a:novell:opensuse:xulrunner", "p-cpe:/a:novell:opensuse:xulrunner-32bit", "p-cpe:/a:novell:opensuse:xulrunner-buildsymbols", "p-cpe:/a:novell:opensuse:xulrunner-debuginfo", "p-cpe:/a:novell:opensuse:xulrunner-debuginfo-32bit", "p-cpe:/a:novell:opensuse:xulrunner-debugsource", "p-cpe:/a:novell:opensuse:xulrunner-devel", "p-cpe:/a:novell:opensuse:xulrunner-devel-debuginfo", "cpe:/o:novell:opensuse:12.1", "cpe:/o:novell:opensuse:12.2"], "solution": "Update the affected firefox / seamonkey / thunderbird packages.", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {"risk factor": "Critical", "score": "9.5"}, "exploitAvailable": true, "exploitEase": "Exploits are available", "patchPublicationDate": "2013-01-09T00:00:00", "vulnerabilityPublicationDate": null, "exploitableWith": ["Core Impact", "Metasploit: Firefox 17.0.1 Flash Privileged Code Injection"]}, "lastseen": "2021-08-11T14:14:57", "differentElements": ["vpr"], "edition": 7}, {"bulletin": {"id": "OPENSUSE-2013-17.NASL", "hash": "6a473449ff2c888119fd18d3442a8ca4", "type": "nessus", "bulletinFamily": "scanner", "title": "openSUSE Security Update : firefox / seamonkey / thunderbird (openSUSE-SU-2013:0149-1)", "description": "The Mozilla January 8th 2013 security release contains updates :\n\nMozilla Firefox was updated to version 18.0. Mozilla SeaMonkey was updated to version 2.15. Mozilla Thunderbird was updated to version 17.0.2. Mozilla XULRunner was updated to version 17.0.2.\n\n - MFSA 2013-01/CVE-2013-0749/CVE-2013-0769/CVE-2013-0770 Miscellaneous memory safety hazards\n\n - MFSA 2013-02/CVE-2013-0760/CVE-2013-0762/CVE-2013-0766/CVE-20 13-0767 CVE-2013-0761/CVE-2013-0763/CVE-2013-0771/CVE-2012-5829 Use-after-free and buffer overflow issues found using Address Sanitizer\n\n - MFSA 2013-03/CVE-2013-0768 (bmo#815795) Buffer Overflow in Canvas\n\n - MFSA 2013-04/CVE-2012-0759 (bmo#802026) URL spoofing in addressbar during page loads\n\n - MFSA 2013-05/CVE-2013-0744 (bmo#814713) Use-after-free when displaying table with many columns and column groups\n\n - MFSA 2013-06/CVE-2013-0751 (bmo#790454) Touch events are shared across iframes\n\n - MFSA 2013-07/CVE-2013-0764 (bmo#804237) Crash due to handling of SSL on threads\n\n - MFSA 2013-08/CVE-2013-0745 (bmo#794158) AutoWrapperChanger fails to keep objects alive during garbage collection\n\n - MFSA 2013-09/CVE-2013-0746 (bmo#816842) Compartment mismatch with quickstubs returned values\n\n - MFSA 2013-10/CVE-2013-0747 (bmo#733305) Event manipulation in plugin handler to bypass same-origin policy\n\n - MFSA 2013-11/CVE-2013-0748 (bmo#806031) Address space layout leaked in XBL objects\n\n - MFSA 2013-12/CVE-2013-0750 (bmo#805121) Buffer overflow in JavaScript string concatenation\n\n - MFSA 2013-13/CVE-2013-0752 (bmo#805024) Memory corruption in XBL with XML bindings containing SVG\n\n - MFSA 2013-14/CVE-2013-0757 (bmo#813901) Chrome Object Wrapper (COW) bypass through changing prototype\n\n - MFSA 2013-15/CVE-2013-0758 (bmo#813906) Privilege escalation through plugin objects\n\n - MFSA 2013-16/CVE-2013-0753 (bmo#814001) Use-after-free in serializeToStream\n\n - MFSA 2013-17/CVE-2013-0754 (bmo#814026) Use-after-free in ListenerManager\n\n - MFSA 2013-18/CVE-2013-0755 (bmo#814027) Use-after-free in Vibrate\n\n - MFSA 2013-19/CVE-2013-0756 (bmo#814029) Use-after-free in JavaScript Proxy objects\n\nMozilla NSPR was updated to 4.9.4, containing some small bugfixes and new features.\n\nMozilla NSS was updated to 3.14.1 containing various new features, security fix and bugfixes :\n\n - MFSA 2013-20/CVE-2013-0743 (bmo#825022, bnc#796628) revoke mis-issued intermediate certificates from TURKTRUST\n\nCryptographic changes done :\n\n - Support for TLS 1.1 (RFC 4346)\n\n - Experimental support for DTLS 1.0 (RFC 4347) and DTLS-SRTP (RFC 5764)\n\n - Support for AES-CTR, AES-CTS, and AES-GCM\n\n - Support for Keying Material Exporters for TLS (RFC 5705)\n\n - Support for certificate signatures using the MD5 hash algorithm is now disabled by default\n\n - The NSS license has changed to MPL 2.0. Previous releases were released under a MPL 1.1/GPL 2.0/LGPL 2.1 tri-license. For more information about MPL 2.0, please see http://www.mozilla.org/MPL/2.0/FAQ.html. For an additional explanation on GPL/LGPL compatibility, see security/nss/COPYING in the source code.\n\n - Export and DES cipher suites are disabled by default.\n Non-ECC AES and Triple DES cipher suites are enabled by default\n\nPlease see http://www.mozilla.org/security/announce/ for more information.", "published": "2014-06-13T00:00:00", "modified": "2021-01-19T00:00:00", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {"score": null, "vector": null}, "href": "https://www.tenable.com/plugins/nessus/74918", "reporter": "This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0763", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0771", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0755", "https://lists.opensuse.org/opensuse-updates/2013-01/msg00040.html", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0759", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0747", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0745", "https://www.mozilla.org/en-US/security/advisories/", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0759", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0766", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0753", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0767", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0770", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0746", "https://www.mozilla.org/en-US/MPL/2.0/FAQ.html.", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0757", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5829", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0754", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0750", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0768", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0751", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0756", "https://bugzilla.novell.com/show_bug.cgi?id=796628", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0744", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0758", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0749", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0764", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0748", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0752", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0769", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0762", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0761", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0760"], "cvelist": ["CVE-2012-0759", "CVE-2012-5829", "CVE-2013-0744", "CVE-2013-0745", "CVE-2013-0746", "CVE-2013-0747", "CVE-2013-0748", "CVE-2013-0749", "CVE-2013-0750", "CVE-2013-0751", "CVE-2013-0752", "CVE-2013-0753", "CVE-2013-0754", "CVE-2013-0755", "CVE-2013-0756", "CVE-2013-0757", "CVE-2013-0758", "CVE-2013-0759", "CVE-2013-0760", "CVE-2013-0761", "CVE-2013-0762", "CVE-2013-0763", "CVE-2013-0764", "CVE-2013-0766", "CVE-2013-0767", "CVE-2013-0768", "CVE-2013-0769", "CVE-2013-0770", "CVE-2013-0771"], "immutableFields": [], "lastseen": "2021-08-14T00:24:10", "history": [], "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "nessus", "idList": ["UBUNTU_USN-1681-4.NASL", "6668.PRM", "UBUNTU_USN-1681-1.NASL", "MACOSX_FIREFOX_18_0.NASL", "FREEBSD_PKG_A4ED66325AA911E28FCBC8600054B392.NASL", "SUSE_11_FIREFOX-201301-130110.NASL", "MOZILLA_FIREFOX_180.NASL", "UBUNTU_USN-1681-2.NASL", "SEAMONKEY_215.NASL", "UBUNTU_USN-1681-3.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:841289", "OPENVAS:841273", "OPENVAS:1361412562310850391", "OPENVAS:1361412562310841307", "OPENVAS:841272", "OPENVAS:1361412562310841272", "OPENVAS:1361412562310841289", "OPENVAS:1361412562310841273", "OPENVAS:850391", "OPENVAS:841307"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2013:0131-1", "OPENSUSE-SU-2013:0149-1", "SUSE-SU-2013:0292-1", "SUSE-SU-2013:0306-1", "SUSE-SU-2013:0048-1", "SUSE-SU-2013:0049-1"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:12816"]}, {"type": "freebsd", "idList": ["A4ED6632-5AA9-11E2-8FCB-C8600054B392"]}, {"type": "ubuntu", "idList": ["USN-1681-4", "USN-1681-2", "USN-1681-1", "USN-1681-3"]}, {"type": "redhat", "idList": ["RHSA-2013:0145", "RHSA-2013:0144"]}, {"type": "oraclelinux", "idList": ["ELSA-2013-0144", "ELSA-2013-0145"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/LINUXRPM-RHSA-2013-0144/", "MSF:ILITIES/LINUXRPM-RHSA-2013-0145/"]}, {"type": "centos", "idList": ["CESA-2013:0145", "CESA-2013:0144"]}, {"type": "mozilla", "idList": ["MFSA2013-02"]}, {"type": "cve", "idList": ["CVE-2013-0761"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2013-0761"]}], "modified": "2021-08-14T00:24:10", "rev": 2}, "score": {"value": 9.7, "vector": "NONE", "modified": "2021-08-14T00:24:10", "rev": 2}}, "objectVersion": "1.6", "pluginID": "74918", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2013-17.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(74918);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2012-0759\", \"CVE-2012-5829\", \"CVE-2013-0744\", \"CVE-2013-0745\", \"CVE-2013-0746\", \"CVE-2013-0747\", \"CVE-2013-0748\", \"CVE-2013-0749\", \"CVE-2013-0750\", \"CVE-2013-0751\", \"CVE-2013-0752\", \"CVE-2013-0753\", \"CVE-2013-0754\", \"CVE-2013-0755\", \"CVE-2013-0756\", \"CVE-2013-0757\", \"CVE-2013-0758\", \"CVE-2013-0759\", \"CVE-2013-0760\", \"CVE-2013-0761\", \"CVE-2013-0762\", \"CVE-2013-0763\", \"CVE-2013-0764\", \"CVE-2013-0766\", \"CVE-2013-0767\", \"CVE-2013-0768\", \"CVE-2013-0769\", \"CVE-2013-0770\", \"CVE-2013-0771\");\n\n script_name(english:\"openSUSE Security Update : firefox / seamonkey / thunderbird (openSUSE-SU-2013:0149-1)\");\n script_summary(english:\"Check for the openSUSE-2013-17 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Mozilla January 8th 2013 security release contains updates :\n\nMozilla Firefox was updated to version 18.0. Mozilla SeaMonkey was\nupdated to version 2.15. Mozilla Thunderbird was updated to version\n17.0.2. Mozilla XULRunner was updated to version 17.0.2.\n\n - MFSA 2013-01/CVE-2013-0749/CVE-2013-0769/CVE-2013-0770\n Miscellaneous memory safety hazards\n\n - MFSA\n 2013-02/CVE-2013-0760/CVE-2013-0762/CVE-2013-0766/CVE-20\n 13-0767\n CVE-2013-0761/CVE-2013-0763/CVE-2013-0771/CVE-2012-5829\n Use-after-free and buffer overflow issues found using\n Address Sanitizer\n\n - MFSA 2013-03/CVE-2013-0768 (bmo#815795) Buffer Overflow\n in Canvas\n\n - MFSA 2013-04/CVE-2012-0759 (bmo#802026) URL spoofing in\n addressbar during page loads\n\n - MFSA 2013-05/CVE-2013-0744 (bmo#814713) Use-after-free\n when displaying table with many columns and column\n groups\n\n - MFSA 2013-06/CVE-2013-0751 (bmo#790454) Touch events are\n shared across iframes\n\n - MFSA 2013-07/CVE-2013-0764 (bmo#804237) Crash due to\n handling of SSL on threads\n\n - MFSA 2013-08/CVE-2013-0745 (bmo#794158)\n AutoWrapperChanger fails to keep objects alive during\n garbage collection\n\n - MFSA 2013-09/CVE-2013-0746 (bmo#816842) Compartment\n mismatch with quickstubs returned values\n\n - MFSA 2013-10/CVE-2013-0747 (bmo#733305) Event\n manipulation in plugin handler to bypass same-origin\n policy\n\n - MFSA 2013-11/CVE-2013-0748 (bmo#806031) Address space\n layout leaked in XBL objects\n\n - MFSA 2013-12/CVE-2013-0750 (bmo#805121) Buffer overflow\n in JavaScript string concatenation\n\n - MFSA 2013-13/CVE-2013-0752 (bmo#805024) Memory\n corruption in XBL with XML bindings containing SVG\n\n - MFSA 2013-14/CVE-2013-0757 (bmo#813901) Chrome Object\n Wrapper (COW) bypass through changing prototype\n\n - MFSA 2013-15/CVE-2013-0758 (bmo#813906) Privilege\n escalation through plugin objects\n\n - MFSA 2013-16/CVE-2013-0753 (bmo#814001) Use-after-free\n in serializeToStream\n\n - MFSA 2013-17/CVE-2013-0754 (bmo#814026) Use-after-free\n in ListenerManager\n\n - MFSA 2013-18/CVE-2013-0755 (bmo#814027) Use-after-free\n in Vibrate\n\n - MFSA 2013-19/CVE-2013-0756 (bmo#814029) Use-after-free\n in JavaScript Proxy objects\n\nMozilla NSPR was updated to 4.9.4, containing some small bugfixes and\nnew features.\n\nMozilla NSS was updated to 3.14.1 containing various new features,\nsecurity fix and bugfixes :\n\n - MFSA 2013-20/CVE-2013-0743 (bmo#825022, bnc#796628)\n revoke mis-issued intermediate certificates from\n TURKTRUST\n\nCryptographic changes done :\n\n - Support for TLS 1.1 (RFC 4346)\n\n - Experimental support for DTLS 1.0 (RFC 4347) and\n DTLS-SRTP (RFC 5764)\n\n - Support for AES-CTR, AES-CTS, and AES-GCM\n\n - Support for Keying Material Exporters for TLS (RFC 5705)\n\n - Support for certificate signatures using the MD5 hash\n algorithm is now disabled by default\n\n - The NSS license has changed to MPL 2.0. Previous\n releases were released under a MPL 1.1/GPL 2.0/LGPL 2.1\n tri-license. For more information about MPL 2.0, please\n see http://www.mozilla.org/MPL/2.0/FAQ.html. For an\n additional explanation on GPL/LGPL compatibility, see\n security/nss/COPYING in the source code.\n\n - Export and DES cipher suites are disabled by default.\n Non-ECC AES and Triple DES cipher suites are enabled by\n default\n\nPlease see http://www.mozilla.org/security/announce/ for more\ninformation.\"\n );\n # http://www.mozilla.org/MPL/2.0/FAQ.html.\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/MPL/2.0/FAQ.html.\"\n );\n # http://www.mozilla.org/security/announce/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=796628\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2013-01/msg00040.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected firefox / seamonkey / thunderbird packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Firefox 17.0.1 Flash Privileged Code Injection');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-branding-upstream\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-buildsymbols\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-buildsymbols\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:enigmail\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:enigmail-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreebl3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreebl3-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreebl3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreebl3-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsoftokn3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsoftokn3-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsoftokn3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsoftokn3-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-js\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-js-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-js-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-js-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nspr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nspr-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nspr-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nspr-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nspr-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nspr-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-certs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-certs-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-certs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-certs-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-dom-inspector\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-irc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-venkman\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xulrunner\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xulrunner-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xulrunner-buildsymbols\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xulrunner-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xulrunner-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xulrunner-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xulrunner-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xulrunner-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/01/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.1|SUSE12\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.1 / 12.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaFirefox-18.0-2.58.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaFirefox-branding-upstream-18.0-2.58.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaFirefox-buildsymbols-18.0-2.58.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaFirefox-debuginfo-18.0-2.58.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaFirefox-debugsource-18.0-2.58.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaFirefox-devel-18.0-2.58.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaFirefox-translations-common-18.0-2.58.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaFirefox-translations-other-18.0-2.58.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaThunderbird-17.0.2-33.47.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaThunderbird-buildsymbols-17.0.2-33.47.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaThunderbird-debuginfo-17.0.2-33.47.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaThunderbird-debugsource-17.0.2-33.47.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaThunderbird-devel-17.0.2-33.47.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaThunderbird-devel-debuginfo-17.0.2-33.47.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaThunderbird-translations-common-17.0.2-33.47.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaThunderbird-translations-other-17.0.2-33.47.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"enigmail-1.5.0+17.0.2-33.47.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"enigmail-debuginfo-1.5.0+17.0.2-33.47.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libfreebl3-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libfreebl3-debuginfo-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libsoftokn3-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libsoftokn3-debuginfo-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-js-17.0.2-2.53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-js-debuginfo-17.0.2-2.53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nspr-4.9.4-3.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nspr-debuginfo-4.9.4-3.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nspr-debugsource-4.9.4-3.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nspr-devel-4.9.4-3.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nss-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nss-certs-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nss-certs-debuginfo-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nss-debuginfo-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nss-debugsource-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nss-devel-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nss-sysinit-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nss-sysinit-debuginfo-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nss-tools-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nss-tools-debuginfo-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"seamonkey-2.15-2.49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"seamonkey-debuginfo-2.15-2.49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"seamonkey-debugsource-2.15-2.49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"seamonkey-dom-inspector-2.15-2.49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"seamonkey-irc-2.15-2.49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"seamonkey-translations-common-2.15-2.49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"seamonkey-translations-other-2.15-2.49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"seamonkey-venkman-2.15-2.49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"xulrunner-17.0.2-2.53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"xulrunner-buildsymbols-17.0.2-2.53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"xulrunner-debuginfo-17.0.2-2.53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"xulrunner-debugsource-17.0.2-2.53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"xulrunner-devel-17.0.2-2.53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"xulrunner-devel-debuginfo-17.0.2-2.53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"libfreebl3-32bit-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"libfreebl3-debuginfo-32bit-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"libsoftokn3-32bit-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"libsoftokn3-debuginfo-32bit-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"mozilla-js-32bit-17.0.2-2.53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"mozilla-js-debuginfo-32bit-17.0.2-2.53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"mozilla-nspr-32bit-4.9.4-3.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"mozilla-nspr-debuginfo-32bit-4.9.4-3.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"mozilla-nss-32bit-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"mozilla-nss-certs-32bit-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"mozilla-nss-certs-debuginfo-32bit-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"mozilla-nss-debuginfo-32bit-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"mozilla-nss-sysinit-32bit-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"mozilla-nss-sysinit-debuginfo-32bit-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"xulrunner-32bit-17.0.2-2.53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"xulrunner-debuginfo-32bit-17.0.2-2.53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaFirefox-18.0-2.29.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaFirefox-branding-upstream-18.0-2.29.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaFirefox-buildsymbols-18.0-2.29.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaFirefox-debuginfo-18.0-2.29.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaFirefox-debugsource-18.0-2.29.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaFirefox-devel-18.0-2.29.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaFirefox-translations-common-18.0-2.29.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaFirefox-translations-other-18.0-2.29.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaThunderbird-17.0.2-49.27.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaThunderbird-buildsymbols-17.0.2-49.27.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaThunderbird-debuginfo-17.0.2-49.27.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaThunderbird-debugsource-17.0.2-49.27.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaThunderbird-devel-17.0.2-49.27.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaThunderbird-devel-debuginfo-17.0.2-49.27.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaThunderbird-translations-common-17.0.2-49.27.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaThunderbird-translations-other-17.0.2-49.27.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"enigmail-1.5.0+17.0.2-49.27.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"enigmail-debuginfo-1.5.0+17.0.2-49.27.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"libfreebl3-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"libfreebl3-debuginfo-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"libsoftokn3-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"libsoftokn3-debuginfo-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-js-17.0.2-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-js-debuginfo-17.0.2-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-nspr-4.9.4-1.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-nspr-debuginfo-4.9.4-1.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-nspr-debugsource-4.9.4-1.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-nspr-devel-4.9.4-1.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-nss-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-nss-certs-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-nss-certs-debuginfo-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-nss-debuginfo-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-nss-debugsource-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-nss-devel-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-nss-sysinit-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-nss-sysinit-debuginfo-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-nss-tools-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-nss-tools-debuginfo-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"seamonkey-2.15-2.30.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"seamonkey-debuginfo-2.15-2.30.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"seamonkey-debugsource-2.15-2.30.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"seamonkey-dom-inspector-2.15-2.30.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"seamonkey-irc-2.15-2.30.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"seamonkey-translations-common-2.15-2.30.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"seamonkey-translations-other-2.15-2.30.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"seamonkey-venkman-2.15-2.30.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"xulrunner-17.0.2-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"xulrunner-buildsymbols-17.0.2-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"xulrunner-debuginfo-17.0.2-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"xulrunner-debugsource-17.0.2-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"xulrunner-devel-17.0.2-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"xulrunner-devel-debuginfo-17.0.2-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"libfreebl3-32bit-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"libfreebl3-debuginfo-32bit-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"libsoftokn3-32bit-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"libsoftokn3-debuginfo-32bit-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"mozilla-js-32bit-17.0.2-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"mozilla-js-debuginfo-32bit-17.0.2-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"mozilla-nspr-32bit-4.9.4-1.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"mozilla-nspr-debuginfo-32bit-4.9.4-1.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"mozilla-nss-32bit-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"mozilla-nss-certs-32bit-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"mozilla-nss-certs-debuginfo-32bit-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"mozilla-nss-debuginfo-32bit-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"mozilla-nss-sysinit-32bit-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"mozilla-nss-sysinit-debuginfo-32bit-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"xulrunner-32bit-17.0.2-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"xulrunner-debuginfo-32bit-17.0.2-2.26.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MozillaFirefox / MozillaFirefox-branding-upstream / etc\");\n}\n", "naslFamily": "SuSE Local Security Checks", "cpe": ["p-cpe:/a:novell:opensuse:MozillaFirefox", "p-cpe:/a:novell:opensuse:MozillaFirefox-branding-upstream", "p-cpe:/a:novell:opensuse:MozillaFirefox-buildsymbols", "p-cpe:/a:novell:opensuse:MozillaFirefox-debuginfo", "p-cpe:/a:novell:opensuse:MozillaFirefox-debugsource", "p-cpe:/a:novell:opensuse:MozillaFirefox-devel", "p-cpe:/a:novell:opensuse:MozillaFirefox-translations-common", "p-cpe:/a:novell:opensuse:MozillaFirefox-translations-other", "p-cpe:/a:novell:opensuse:MozillaThunderbird", "p-cpe:/a:novell:opensuse:MozillaThunderbird-buildsymbols", "p-cpe:/a:novell:opensuse:MozillaThunderbird-debuginfo", "p-cpe:/a:novell:opensuse:MozillaThunderbird-debugsource", "p-cpe:/a:novell:opensuse:MozillaThunderbird-devel", "p-cpe:/a:novell:opensuse:MozillaThunderbird-devel-debuginfo", "p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-common", "p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-other", "p-cpe:/a:novell:opensuse:enigmail", "p-cpe:/a:novell:opensuse:enigmail-debuginfo", "p-cpe:/a:novell:opensuse:libfreebl3", "p-cpe:/a:novell:opensuse:libfreebl3-32bit", "p-cpe:/a:novell:opensuse:libfreebl3-debuginfo", "p-cpe:/a:novell:opensuse:libfreebl3-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libsoftokn3", "p-cpe:/a:novell:opensuse:libsoftokn3-32bit", "p-cpe:/a:novell:opensuse:libsoftokn3-debuginfo", "p-cpe:/a:novell:opensuse:libsoftokn3-debuginfo-32bit", "p-cpe:/a:novell:opensuse:mozilla-js", "p-cpe:/a:novell:opensuse:mozilla-js-32bit", "p-cpe:/a:novell:opensuse:mozilla-js-debuginfo", "p-cpe:/a:novell:opensuse:mozilla-js-debuginfo-32bit", "p-cpe:/a:novell:opensuse:mozilla-nspr", "p-cpe:/a:novell:opensuse:mozilla-nspr-32bit", "p-cpe:/a:novell:opensuse:mozilla-nspr-debuginfo", "p-cpe:/a:novell:opensuse:mozilla-nspr-debuginfo-32bit", "p-cpe:/a:novell:opensuse:mozilla-nspr-debugsource", "p-cpe:/a:novell:opensuse:mozilla-nspr-devel", "p-cpe:/a:novell:opensuse:mozilla-nss", "p-cpe:/a:novell:opensuse:mozilla-nss-32bit", "p-cpe:/a:novell:opensuse:mozilla-nss-certs", "p-cpe:/a:novell:opensuse:mozilla-nss-certs-32bit", "p-cpe:/a:novell:opensuse:mozilla-nss-certs-debuginfo", "p-cpe:/a:novell:opensuse:mozilla-nss-certs-debuginfo-32bit", "p-cpe:/a:novell:opensuse:mozilla-nss-debuginfo", "p-cpe:/a:novell:opensuse:mozilla-nss-debuginfo-32bit", "p-cpe:/a:novell:opensuse:mozilla-nss-debugsource", "p-cpe:/a:novell:opensuse:mozilla-nss-devel", "p-cpe:/a:novell:opensuse:mozilla-nss-sysinit", "p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-32bit", "p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-debuginfo", "p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-debuginfo-32bit", "p-cpe:/a:novell:opensuse:mozilla-nss-tools", "p-cpe:/a:novell:opensuse:mozilla-nss-tools-debuginfo", "p-cpe:/a:novell:opensuse:seamonkey", "p-cpe:/a:novell:opensuse:seamonkey-debuginfo", "p-cpe:/a:novell:opensuse:seamonkey-debugsource", "p-cpe:/a:novell:opensuse:seamonkey-dom-inspector", "p-cpe:/a:novell:opensuse:seamonkey-irc", "p-cpe:/a:novell:opensuse:seamonkey-translations-common", "p-cpe:/a:novell:opensuse:seamonkey-translations-other", "p-cpe:/a:novell:opensuse:seamonkey-venkman", "p-cpe:/a:novell:opensuse:xulrunner", "p-cpe:/a:novell:opensuse:xulrunner-32bit", "p-cpe:/a:novell:opensuse:xulrunner-buildsymbols", "p-cpe:/a:novell:opensuse:xulrunner-debuginfo", "p-cpe:/a:novell:opensuse:xulrunner-debuginfo-32bit", "p-cpe:/a:novell:opensuse:xulrunner-debugsource", "p-cpe:/a:novell:opensuse:xulrunner-devel", "p-cpe:/a:novell:opensuse:xulrunner-devel-debuginfo", "cpe:/o:novell:opensuse:12.1", "cpe:/o:novell:opensuse:12.2"], "solution": "Update the affected firefox / seamonkey / thunderbird packages.", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {"risk factor": "Critical", "score": "9.4"}, "exploitAvailable": true, "exploitEase": "Exploits are available", "patchPublicationDate": "2013-01-09T00:00:00", "vulnerabilityPublicationDate": null, "exploitableWith": ["Core Impact", "Metasploit: Firefox 17.0.1 Flash Privileged Code Injection"]}, "lastseen": "2021-08-14T00:24:10", "differentElements": ["exploitableWith", "nessusSeverity"], "edition": 8}, {"bulletin": {"id": "OPENSUSE-2013-17.NASL", "hash": "4f748c20d8303e4c2afe9e37e3cf83ce", "type": "nessus", "bulletinFamily": "scanner", "title": "openSUSE Security Update : firefox / seamonkey / thunderbird (openSUSE-SU-2013:0149-1)", "description": "The Mozilla January 8th 2013 security release contains updates :\n\nMozilla Firefox was updated to version 18.0. Mozilla SeaMonkey was updated to version 2.15. Mozilla Thunderbird was updated to version 17.0.2. Mozilla XULRunner was updated to version 17.0.2.\n\n - MFSA 2013-01/CVE-2013-0749/CVE-2013-0769/CVE-2013-0770 Miscellaneous memory safety hazards\n\n - MFSA 2013-02/CVE-2013-0760/CVE-2013-0762/CVE-2013-0766/CVE-20 13-0767 CVE-2013-0761/CVE-2013-0763/CVE-2013-0771/CVE-2012-5829 Use-after-free and buffer overflow issues found using Address Sanitizer\n\n - MFSA 2013-03/CVE-2013-0768 (bmo#815795) Buffer Overflow in Canvas\n\n - MFSA 2013-04/CVE-2012-0759 (bmo#802026) URL spoofing in addressbar during page loads\n\n - MFSA 2013-05/CVE-2013-0744 (bmo#814713) Use-after-free when displaying table with many columns and column groups\n\n - MFSA 2013-06/CVE-2013-0751 (bmo#790454) Touch events are shared across iframes\n\n - MFSA 2013-07/CVE-2013-0764 (bmo#804237) Crash due to handling of SSL on threads\n\n - MFSA 2013-08/CVE-2013-0745 (bmo#794158) AutoWrapperChanger fails to keep objects alive during garbage collection\n\n - MFSA 2013-09/CVE-2013-0746 (bmo#816842) Compartment mismatch with quickstubs returned values\n\n - MFSA 2013-10/CVE-2013-0747 (bmo#733305) Event manipulation in plugin handler to bypass same-origin policy\n\n - MFSA 2013-11/CVE-2013-0748 (bmo#806031) Address space layout leaked in XBL objects\n\n - MFSA 2013-12/CVE-2013-0750 (bmo#805121) Buffer overflow in JavaScript string concatenation\n\n - MFSA 2013-13/CVE-2013-0752 (bmo#805024) Memory corruption in XBL with XML bindings containing SVG\n\n - MFSA 2013-14/CVE-2013-0757 (bmo#813901) Chrome Object Wrapper (COW) bypass through changing prototype\n\n - MFSA 2013-15/CVE-2013-0758 (bmo#813906) Privilege escalation through plugin objects\n\n - MFSA 2013-16/CVE-2013-0753 (bmo#814001) Use-after-free in serializeToStream\n\n - MFSA 2013-17/CVE-2013-0754 (bmo#814026) Use-after-free in ListenerManager\n\n - MFSA 2013-18/CVE-2013-0755 (bmo#814027) Use-after-free in Vibrate\n\n - MFSA 2013-19/CVE-2013-0756 (bmo#814029) Use-after-free in JavaScript Proxy objects\n\nMozilla NSPR was updated to 4.9.4, containing some small bugfixes and new features.\n\nMozilla NSS was updated to 3.14.1 containing various new features, security fix and bugfixes :\n\n - MFSA 2013-20/CVE-2013-0743 (bmo#825022, bnc#796628) revoke mis-issued intermediate certificates from TURKTRUST\n\nCryptographic changes done :\n\n - Support for TLS 1.1 (RFC 4346)\n\n - Experimental support for DTLS 1.0 (RFC 4347) and DTLS-SRTP (RFC 5764)\n\n - Support for AES-CTR, AES-CTS, and AES-GCM\n\n - Support for Keying Material Exporters for TLS (RFC 5705)\n\n - Support for certificate signatures using the MD5 hash algorithm is now disabled by default\n\n - The NSS license has changed to MPL 2.0. Previous releases were released under a MPL 1.1/GPL 2.0/LGPL 2.1 tri-license. For more information about MPL 2.0, please see http://www.mozilla.org/MPL/2.0/FAQ.html. For an additional explanation on GPL/LGPL compatibility, see security/nss/COPYING in the source code.\n\n - Export and DES cipher suites are disabled by default.\n Non-ECC AES and Triple DES cipher suites are enabled by default\n\nPlease see http://www.mozilla.org/security/announce/ for more information.", "published": "2014-06-13T00:00:00", "modified": "2021-01-19T00:00:00", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {"score": null, "vector": null}, "href": "https://www.tenable.com/plugins/nessus/74918", "reporter": "This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://www.mozilla.org/en-US/MPL/2.0/FAQ.html.", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0758", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0744", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0751", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0768", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0757", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0762", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0755", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0750", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0756", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0764", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0766", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0749", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0745", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0767", "https://lists.opensuse.org/opensuse-updates/2013-01/msg00040.html", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0769", "https://bugzilla.novell.com/show_bug.cgi?id=796628", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0746", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0747", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0752", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0760", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0761", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0748", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0759", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0753", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0770", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0771", "https://www.mozilla.org/en-US/security/advisories/", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0763", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0754", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0759", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5829"], "cvelist": ["CVE-2012-0759", "CVE-2012-5829", "CVE-2013-0744", "CVE-2013-0745", "CVE-2013-0746", "CVE-2013-0747", "CVE-2013-0748", "CVE-2013-0749", "CVE-2013-0750", "CVE-2013-0751", "CVE-2013-0752", "CVE-2013-0753", "CVE-2013-0754", "CVE-2013-0755", "CVE-2013-0756", "CVE-2013-0757", "CVE-2013-0758", "CVE-2013-0759", "CVE-2013-0760", "CVE-2013-0761", "CVE-2013-0762", "CVE-2013-0763", "CVE-2013-0764", "CVE-2013-0766", "CVE-2013-0767", "CVE-2013-0768", "CVE-2013-0769", "CVE-2013-0770", "CVE-2013-0771"], "immutableFields": [], "lastseen": "2021-08-19T12:50:01", "history": [], "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "nessus", "idList": ["MOZILLA_FIREFOX_180.NASL", "UBUNTU_USN-1681-2.NASL", "UBUNTU_USN-1681-4.NASL", "SEAMONKEY_215.NASL", "UBUNTU_USN-1681-3.NASL", "6668.PRM", "MACOSX_FIREFOX_18_0.NASL", "FREEBSD_PKG_A4ED66325AA911E28FCBC8600054B392.NASL", "UBUNTU_USN-1681-1.NASL", "SUSE_FIREFOX-201301-8426.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310841307", "OPENVAS:1361412562310841272", "OPENVAS:1361412562310850391", "OPENVAS:841289", "OPENVAS:1361412562310841289", "OPENVAS:1361412562310841273", "OPENVAS:850391", "OPENVAS:841272", "OPENVAS:841273", "OPENVAS:841307"]}, {"type": "suse", "idList": ["SUSE-SU-2013:0292-1", "OPENSUSE-SU-2013:0149-1", "SUSE-SU-2013:0306-1", "SUSE-SU-2013:0049-1", "OPENSUSE-SU-2013:0131-1", "SUSE-SU-2013:0048-1"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:12816"]}, {"type": "freebsd", "idList": ["A4ED6632-5AA9-11E2-8FCB-C8600054B392"]}, {"type": "ubuntu", "idList": ["USN-1681-1", "USN-1681-4", "USN-1681-3", "USN-1681-2"]}, {"type": "oraclelinux", "idList": ["ELSA-2013-0145", "ELSA-2013-0144"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/LINUXRPM-RHSA-2013-0144/", "MSF:ILITIES/LINUXRPM-RHSA-2013-0145/"]}, {"type": "centos", "idList": ["CESA-2013:0144", "CESA-2013:0145"]}, {"type": "redhat", "idList": ["RHSA-2013:0145", "RHSA-2013:0144"]}, {"type": "mozilla", "idList": ["MFSA2013-02"]}], "modified": "2021-08-19T12:50:01", "rev": 2}, "score": {"value": 10.0, "vector": "NONE", "modified": "2021-08-19T12:50:01", "rev": 2}}, "objectVersion": "1.6", "pluginID": "74918", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2013-17.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(74918);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2012-0759\", \"CVE-2012-5829\", \"CVE-2013-0744\", \"CVE-2013-0745\", \"CVE-2013-0746\", \"CVE-2013-0747\", \"CVE-2013-0748\", \"CVE-2013-0749\", \"CVE-2013-0750\", \"CVE-2013-0751\", \"CVE-2013-0752\", \"CVE-2013-0753\", \"CVE-2013-0754\", \"CVE-2013-0755\", \"CVE-2013-0756\", \"CVE-2013-0757\", \"CVE-2013-0758\", \"CVE-2013-0759\", \"CVE-2013-0760\", \"CVE-2013-0761\", \"CVE-2013-0762\", \"CVE-2013-0763\", \"CVE-2013-0764\", \"CVE-2013-0766\", \"CVE-2013-0767\", \"CVE-2013-0768\", \"CVE-2013-0769\", \"CVE-2013-0770\", \"CVE-2013-0771\");\n\n script_name(english:\"openSUSE Security Update : firefox / seamonkey / thunderbird (openSUSE-SU-2013:0149-1)\");\n script_summary(english:\"Check for the openSUSE-2013-17 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Mozilla January 8th 2013 security release contains updates :\n\nMozilla Firefox was updated to version 18.0. Mozilla SeaMonkey was\nupdated to version 2.15. Mozilla Thunderbird was updated to version\n17.0.2. Mozilla XULRunner was updated to version 17.0.2.\n\n - MFSA 2013-01/CVE-2013-0749/CVE-2013-0769/CVE-2013-0770\n Miscellaneous memory safety hazards\n\n - MFSA\n 2013-02/CVE-2013-0760/CVE-2013-0762/CVE-2013-0766/CVE-20\n 13-0767\n CVE-2013-0761/CVE-2013-0763/CVE-2013-0771/CVE-2012-5829\n Use-after-free and buffer overflow issues found using\n Address Sanitizer\n\n - MFSA 2013-03/CVE-2013-0768 (bmo#815795) Buffer Overflow\n in Canvas\n\n - MFSA 2013-04/CVE-2012-0759 (bmo#802026) URL spoofing in\n addressbar during page loads\n\n - MFSA 2013-05/CVE-2013-0744 (bmo#814713) Use-after-free\n when displaying table with many columns and column\n groups\n\n - MFSA 2013-06/CVE-2013-0751 (bmo#790454) Touch events are\n shared across iframes\n\n - MFSA 2013-07/CVE-2013-0764 (bmo#804237) Crash due to\n handling of SSL on threads\n\n - MFSA 2013-08/CVE-2013-0745 (bmo#794158)\n AutoWrapperChanger fails to keep objects alive during\n garbage collection\n\n - MFSA 2013-09/CVE-2013-0746 (bmo#816842) Compartment\n mismatch with quickstubs returned values\n\n - MFSA 2013-10/CVE-2013-0747 (bmo#733305) Event\n manipulation in plugin handler to bypass same-origin\n policy\n\n - MFSA 2013-11/CVE-2013-0748 (bmo#806031) Address space\n layout leaked in XBL objects\n\n - MFSA 2013-12/CVE-2013-0750 (bmo#805121) Buffer overflow\n in JavaScript string concatenation\n\n - MFSA 2013-13/CVE-2013-0752 (bmo#805024) Memory\n corruption in XBL with XML bindings containing SVG\n\n - MFSA 2013-14/CVE-2013-0757 (bmo#813901) Chrome Object\n Wrapper (COW) bypass through changing prototype\n\n - MFSA 2013-15/CVE-2013-0758 (bmo#813906) Privilege\n escalation through plugin objects\n\n - MFSA 2013-16/CVE-2013-0753 (bmo#814001) Use-after-free\n in serializeToStream\n\n - MFSA 2013-17/CVE-2013-0754 (bmo#814026) Use-after-free\n in ListenerManager\n\n - MFSA 2013-18/CVE-2013-0755 (bmo#814027) Use-after-free\n in Vibrate\n\n - MFSA 2013-19/CVE-2013-0756 (bmo#814029) Use-after-free\n in JavaScript Proxy objects\n\nMozilla NSPR was updated to 4.9.4, containing some small bugfixes and\nnew features.\n\nMozilla NSS was updated to 3.14.1 containing various new features,\nsecurity fix and bugfixes :\n\n - MFSA 2013-20/CVE-2013-0743 (bmo#825022, bnc#796628)\n revoke mis-issued intermediate certificates from\n TURKTRUST\n\nCryptographic changes done :\n\n - Support for TLS 1.1 (RFC 4346)\n\n - Experimental support for DTLS 1.0 (RFC 4347) and\n DTLS-SRTP (RFC 5764)\n\n - Support for AES-CTR, AES-CTS, and AES-GCM\n\n - Support for Keying Material Exporters for TLS (RFC 5705)\n\n - Support for certificate signatures using the MD5 hash\n algorithm is now disabled by default\n\n - The NSS license has changed to MPL 2.0. Previous\n releases were released under a MPL 1.1/GPL 2.0/LGPL 2.1\n tri-license. For more information about MPL 2.0, please\n see http://www.mozilla.org/MPL/2.0/FAQ.html. For an\n additional explanation on GPL/LGPL compatibility, see\n security/nss/COPYING in the source code.\n\n - Export and DES cipher suites are disabled by default.\n Non-ECC AES and Triple DES cipher suites are enabled by\n default\n\nPlease see http://www.mozilla.org/security/announce/ for more\ninformation.\"\n );\n # http://www.mozilla.org/MPL/2.0/FAQ.html.\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/MPL/2.0/FAQ.html.\"\n );\n # http://www.mozilla.org/security/announce/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=796628\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2013-01/msg00040.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected firefox / seamonkey / thunderbird packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Firefox 17.0.1 Flash Privileged Code Injection');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-branding-upstream\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-buildsymbols\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-buildsymbols\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:enigmail\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:enigmail-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreebl3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreebl3-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreebl3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreebl3-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsoftokn3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsoftokn3-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsoftokn3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsoftokn3-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-js\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-js-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-js-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-js-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nspr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nspr-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nspr-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nspr-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nspr-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nspr-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-certs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-certs-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-certs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-certs-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-dom-inspector\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-irc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-venkman\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xulrunner\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xulrunner-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xulrunner-buildsymbols\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xulrunner-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xulrunner-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xulrunner-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xulrunner-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xulrunner-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/01/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.1|SUSE12\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.1 / 12.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaFirefox-18.0-2.58.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaFirefox-branding-upstream-18.0-2.58.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaFirefox-buildsymbols-18.0-2.58.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaFirefox-debuginfo-18.0-2.58.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaFirefox-debugsource-18.0-2.58.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaFirefox-devel-18.0-2.58.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaFirefox-translations-common-18.0-2.58.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaFirefox-translations-other-18.0-2.58.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaThunderbird-17.0.2-33.47.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaThunderbird-buildsymbols-17.0.2-33.47.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaThunderbird-debuginfo-17.0.2-33.47.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaThunderbird-debugsource-17.0.2-33.47.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaThunderbird-devel-17.0.2-33.47.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaThunderbird-devel-debuginfo-17.0.2-33.47.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaThunderbird-translations-common-17.0.2-33.47.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaThunderbird-translations-other-17.0.2-33.47.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"enigmail-1.5.0+17.0.2-33.47.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"enigmail-debuginfo-1.5.0+17.0.2-33.47.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libfreebl3-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libfreebl3-debuginfo-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libsoftokn3-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libsoftokn3-debuginfo-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-js-17.0.2-2.53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-js-debuginfo-17.0.2-2.53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nspr-4.9.4-3.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nspr-debuginfo-4.9.4-3.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nspr-debugsource-4.9.4-3.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nspr-devel-4.9.4-3.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nss-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nss-certs-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nss-certs-debuginfo-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nss-debuginfo-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nss-debugsource-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nss-devel-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nss-sysinit-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nss-sysinit-debuginfo-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nss-tools-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nss-tools-debuginfo-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"seamonkey-2.15-2.49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"seamonkey-debuginfo-2.15-2.49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"seamonkey-debugsource-2.15-2.49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"seamonkey-dom-inspector-2.15-2.49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"seamonkey-irc-2.15-2.49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"seamonkey-translations-common-2.15-2.49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"seamonkey-translations-other-2.15-2.49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"seamonkey-venkman-2.15-2.49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"xulrunner-17.0.2-2.53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"xulrunner-buildsymbols-17.0.2-2.53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"xulrunner-debuginfo-17.0.2-2.53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"xulrunner-debugsource-17.0.2-2.53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"xulrunner-devel-17.0.2-2.53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"xulrunner-devel-debuginfo-17.0.2-2.53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"libfreebl3-32bit-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"libfreebl3-debuginfo-32bit-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"libsoftokn3-32bit-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"libsoftokn3-debuginfo-32bit-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"mozilla-js-32bit-17.0.2-2.53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"mozilla-js-debuginfo-32bit-17.0.2-2.53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"mozilla-nspr-32bit-4.9.4-3.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"mozilla-nspr-debuginfo-32bit-4.9.4-3.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"mozilla-nss-32bit-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"mozilla-nss-certs-32bit-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"mozilla-nss-certs-debuginfo-32bit-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"mozilla-nss-debuginfo-32bit-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"mozilla-nss-sysinit-32bit-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"mozilla-nss-sysinit-debuginfo-32bit-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"xulrunner-32bit-17.0.2-2.53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"xulrunner-debuginfo-32bit-17.0.2-2.53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaFirefox-18.0-2.29.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaFirefox-branding-upstream-18.0-2.29.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaFirefox-buildsymbols-18.0-2.29.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaFirefox-debuginfo-18.0-2.29.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaFirefox-debugsource-18.0-2.29.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaFirefox-devel-18.0-2.29.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaFirefox-translations-common-18.0-2.29.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaFirefox-translations-other-18.0-2.29.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaThunderbird-17.0.2-49.27.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaThunderbird-buildsymbols-17.0.2-49.27.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaThunderbird-debuginfo-17.0.2-49.27.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaThunderbird-debugsource-17.0.2-49.27.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaThunderbird-devel-17.0.2-49.27.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaThunderbird-devel-debuginfo-17.0.2-49.27.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaThunderbird-translations-common-17.0.2-49.27.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaThunderbird-translations-other-17.0.2-49.27.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"enigmail-1.5.0+17.0.2-49.27.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"enigmail-debuginfo-1.5.0+17.0.2-49.27.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"libfreebl3-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"libfreebl3-debuginfo-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"libsoftokn3-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"libsoftokn3-debuginfo-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-js-17.0.2-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-js-debuginfo-17.0.2-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-nspr-4.9.4-1.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-nspr-debuginfo-4.9.4-1.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-nspr-debugsource-4.9.4-1.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-nspr-devel-4.9.4-1.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-nss-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-nss-certs-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-nss-certs-debuginfo-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-nss-debuginfo-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-nss-debugsource-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-nss-devel-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-nss-sysinit-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-nss-sysinit-debuginfo-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-nss-tools-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-nss-tools-debuginfo-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"seamonkey-2.15-2.30.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"seamonkey-debuginfo-2.15-2.30.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"seamonkey-debugsource-2.15-2.30.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"seamonkey-dom-inspector-2.15-2.30.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"seamonkey-irc-2.15-2.30.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"seamonkey-translations-common-2.15-2.30.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"seamonkey-translations-other-2.15-2.30.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"seamonkey-venkman-2.15-2.30.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"xulrunner-17.0.2-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"xulrunner-buildsymbols-17.0.2-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"xulrunner-debuginfo-17.0.2-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"xulrunner-debugsource-17.0.2-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"xulrunner-devel-17.0.2-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"xulrunner-devel-debuginfo-17.0.2-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"libfreebl3-32bit-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"libfreebl3-debuginfo-32bit-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"libsoftokn3-32bit-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"libsoftokn3-debuginfo-32bit-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"mozilla-js-32bit-17.0.2-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"mozilla-js-debuginfo-32bit-17.0.2-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"mozilla-nspr-32bit-4.9.4-1.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"mozilla-nspr-debuginfo-32bit-4.9.4-1.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"mozilla-nss-32bit-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"mozilla-nss-certs-32bit-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"mozilla-nss-certs-debuginfo-32bit-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"mozilla-nss-debuginfo-32bit-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"mozilla-nss-sysinit-32bit-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"mozilla-nss-sysinit-debuginfo-32bit-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"xulrunner-32bit-17.0.2-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"xulrunner-debuginfo-32bit-17.0.2-2.26.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MozillaFirefox / MozillaFirefox-branding-upstream / etc\");\n}\n", "naslFamily": "SuSE Local Security Checks", "cpe": ["p-cpe:/a:novell:opensuse:MozillaFirefox", "p-cpe:/a:novell:opensuse:MozillaFirefox-branding-upstream", "p-cpe:/a:novell:opensuse:MozillaFirefox-buildsymbols", "p-cpe:/a:novell:opensuse:MozillaFirefox-debuginfo", "p-cpe:/a:novell:opensuse:MozillaFirefox-debugsource", "p-cpe:/a:novell:opensuse:MozillaFirefox-devel", "p-cpe:/a:novell:opensuse:MozillaFirefox-translations-common", "p-cpe:/a:novell:opensuse:MozillaFirefox-translations-other", "p-cpe:/a:novell:opensuse:MozillaThunderbird", "p-cpe:/a:novell:opensuse:MozillaThunderbird-buildsymbols", "p-cpe:/a:novell:opensuse:MozillaThunderbird-debuginfo", "p-cpe:/a:novell:opensuse:MozillaThunderbird-debugsource", "p-cpe:/a:novell:opensuse:MozillaThunderbird-devel", "p-cpe:/a:novell:opensuse:MozillaThunderbird-devel-debuginfo", "p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-common", "p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-other", "p-cpe:/a:novell:opensuse:enigmail", "p-cpe:/a:novell:opensuse:enigmail-debuginfo", "p-cpe:/a:novell:opensuse:libfreebl3", "p-cpe:/a:novell:opensuse:libfreebl3-32bit", "p-cpe:/a:novell:opensuse:libfreebl3-debuginfo", "p-cpe:/a:novell:opensuse:libfreebl3-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libsoftokn3", "p-cpe:/a:novell:opensuse:libsoftokn3-32bit", "p-cpe:/a:novell:opensuse:libsoftokn3-debuginfo", "p-cpe:/a:novell:opensuse:libsoftokn3-debuginfo-32bit", "p-cpe:/a:novell:opensuse:mozilla-js", "p-cpe:/a:novell:opensuse:mozilla-js-32bit", "p-cpe:/a:novell:opensuse:mozilla-js-debuginfo", "p-cpe:/a:novell:opensuse:mozilla-js-debuginfo-32bit", "p-cpe:/a:novell:opensuse:mozilla-nspr", "p-cpe:/a:novell:opensuse:mozilla-nspr-32bit", "p-cpe:/a:novell:opensuse:mozilla-nspr-debuginfo", "p-cpe:/a:novell:opensuse:mozilla-nspr-debuginfo-32bit", "p-cpe:/a:novell:opensuse:mozilla-nspr-debugsource", "p-cpe:/a:novell:opensuse:mozilla-nspr-devel", "p-cpe:/a:novell:opensuse:mozilla-nss", "p-cpe:/a:novell:opensuse:mozilla-nss-32bit", "p-cpe:/a:novell:opensuse:mozilla-nss-certs", "p-cpe:/a:novell:opensuse:mozilla-nss-certs-32bit", "p-cpe:/a:novell:opensuse:mozilla-nss-certs-debuginfo", "p-cpe:/a:novell:opensuse:mozilla-nss-certs-debuginfo-32bit", "p-cpe:/a:novell:opensuse:mozilla-nss-debuginfo", "p-cpe:/a:novell:opensuse:mozilla-nss-debuginfo-32bit", "p-cpe:/a:novell:opensuse:mozilla-nss-debugsource", "p-cpe:/a:novell:opensuse:mozilla-nss-devel", "p-cpe:/a:novell:opensuse:mozilla-nss-sysinit", "p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-32bit", "p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-debuginfo", "p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-debuginfo-32bit", "p-cpe:/a:novell:opensuse:mozilla-nss-tools", "p-cpe:/a:novell:opensuse:mozilla-nss-tools-debuginfo", "p-cpe:/a:novell:opensuse:seamonkey", "p-cpe:/a:novell:opensuse:seamonkey-debuginfo", "p-cpe:/a:novell:opensuse:seamonkey-debugsource", "p-cpe:/a:novell:opensuse:seamonkey-dom-inspector", "p-cpe:/a:novell:opensuse:seamonkey-irc", "p-cpe:/a:novell:opensuse:seamonkey-translations-common", "p-cpe:/a:novell:opensuse:seamonkey-translations-other", "p-cpe:/a:novell:opensuse:seamonkey-venkman", "p-cpe:/a:novell:opensuse:xulrunner", "p-cpe:/a:novell:opensuse:xulrunner-32bit", "p-cpe:/a:novell:opensuse:xulrunner-buildsymbols", "p-cpe:/a:novell:opensuse:xulrunner-debuginfo", "p-cpe:/a:novell:opensuse:xulrunner-debuginfo-32bit", "p-cpe:/a:novell:opensuse:xulrunner-debugsource", "p-cpe:/a:novell:opensuse:xulrunner-devel", "p-cpe:/a:novell:opensuse:xulrunner-devel-debuginfo", "cpe:/o:novell:opensuse:12.1", "cpe:/o:novell:opensuse:12.2"], "solution": "Update the affected firefox / seamonkey / thunderbird packages.", "nessusSeverity": "Critical", "cvssScoreSource": "", "vpr": {"risk factor": "Critical", "score": "9.4"}, "exploitAvailable": true, "exploitEase": "Exploits are available", "patchPublicationDate": "2013-01-09T00:00:00", "vulnerabilityPublicationDate": null, "exploitableWith": ["Core Impact", "Metasploit(Firefox 17.0.1 Flash Privileged Code Injection)"]}, "lastseen": "2021-08-19T12:50:01", "differentElements": ["vpr"], "edition": 9}, {"bulletin": {"id": "OPENSUSE-2013-17.NASL", "hash": "28631a5fe3471b84da034aa293959156", "type": "nessus", "bulletinFamily": "scanner", "title": "openSUSE Security Update : firefox / seamonkey / thunderbird (openSUSE-SU-2013:0149-1)", "description": "The Mozilla January 8th 2013 security release contains updates :\n\nMozilla Firefox was updated to version 18.0. Mozilla SeaMonkey was updated to version 2.15. Mozilla Thunderbird was updated to version 17.0.2. Mozilla XULRunner was updated to version 17.0.2.\n\n - MFSA 2013-01/CVE-2013-0749/CVE-2013-0769/CVE-2013-0770 Miscellaneous memory safety hazards\n\n - MFSA 2013-02/CVE-2013-0760/CVE-2013-0762/CVE-2013-0766/CVE-20 13-0767 CVE-2013-0761/CVE-2013-0763/CVE-2013-0771/CVE-2012-5829 Use-after-free and buffer overflow issues found using Address Sanitizer\n\n - MFSA 2013-03/CVE-2013-0768 (bmo#815795) Buffer Overflow in Canvas\n\n - MFSA 2013-04/CVE-2012-0759 (bmo#802026) URL spoofing in addressbar during page loads\n\n - MFSA 2013-05/CVE-2013-0744 (bmo#814713) Use-after-free when displaying table with many columns and column groups\n\n - MFSA 2013-06/CVE-2013-0751 (bmo#790454) Touch events are shared across iframes\n\n - MFSA 2013-07/CVE-2013-0764 (bmo#804237) Crash due to handling of SSL on threads\n\n - MFSA 2013-08/CVE-2013-0745 (bmo#794158) AutoWrapperChanger fails to keep objects alive during garbage collection\n\n - MFSA 2013-09/CVE-2013-0746 (bmo#816842) Compartment mismatch with quickstubs returned values\n\n - MFSA 2013-10/CVE-2013-0747 (bmo#733305) Event manipulation in plugin handler to bypass same-origin policy\n\n - MFSA 2013-11/CVE-2013-0748 (bmo#806031) Address space layout leaked in XBL objects\n\n - MFSA 2013-12/CVE-2013-0750 (bmo#805121) Buffer overflow in JavaScript string concatenation\n\n - MFSA 2013-13/CVE-2013-0752 (bmo#805024) Memory corruption in XBL with XML bindings containing SVG\n\n - MFSA 2013-14/CVE-2013-0757 (bmo#813901) Chrome Object Wrapper (COW) bypass through changing prototype\n\n - MFSA 2013-15/CVE-2013-0758 (bmo#813906) Privilege escalation through plugin objects\n\n - MFSA 2013-16/CVE-2013-0753 (bmo#814001) Use-after-free in serializeToStream\n\n - MFSA 2013-17/CVE-2013-0754 (bmo#814026) Use-after-free in ListenerManager\n\n - MFSA 2013-18/CVE-2013-0755 (bmo#814027) Use-after-free in Vibrate\n\n - MFSA 2013-19/CVE-2013-0756 (bmo#814029) Use-after-free in JavaScript Proxy objects\n\nMozilla NSPR was updated to 4.9.4, containing some small bugfixes and new features.\n\nMozilla NSS was updated to 3.14.1 containing various new features, security fix and bugfixes :\n\n - MFSA 2013-20/CVE-2013-0743 (bmo#825022, bnc#796628) revoke mis-issued intermediate certificates from TURKTRUST\n\nCryptographic changes done :\n\n - Support for TLS 1.1 (RFC 4346)\n\n - Experimental support for DTLS 1.0 (RFC 4347) and DTLS-SRTP (RFC 5764)\n\n - Support for AES-CTR, AES-CTS, and AES-GCM\n\n - Support for Keying Material Exporters for TLS (RFC 5705)\n\n - Support for certificate signatures using the MD5 hash algorithm is now disabled by default\n\n - The NSS license has changed to MPL 2.0. Previous releases were released under a MPL 1.1/GPL 2.0/LGPL 2.1 tri-license. For more information about MPL 2.0, please see http://www.mozilla.org/MPL/2.0/FAQ.html. For an additional explanation on GPL/LGPL compatibility, see security/nss/COPYING in the source code.\n\n - Export and DES cipher suites are disabled by default.\n Non-ECC AES and Triple DES cipher suites are enabled by default\n\nPlease see http://www.mozilla.org/security/announce/ for more information.", "published": "2014-06-13T00:00:00", "modified": "2021-01-19T00:00:00", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {"score": null, "vector": null}, "href": "https://www.tenable.com/plugins/nessus/74918", "reporter": "This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0752", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0770", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0746", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0771", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0769", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0751", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0758", "https://bugzilla.novell.com/show_bug.cgi?id=796628", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0767", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0763", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0761", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0759", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0756", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0757", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0755", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0762", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0768", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0753", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0764", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0760", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0759", "https://www.mozilla.org/en-US/MPL/2.0/FAQ.html.", "https://www.mozilla.org/en-US/security/advisories/", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0745", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0749", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0744", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0754", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0766", "https://lists.opensuse.org/opensuse-updates/2013-01/msg00040.html", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0747", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0748", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0750", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5829"], "cvelist": ["CVE-2012-0759", "CVE-2012-5829", "CVE-2013-0744", "CVE-2013-0745", "CVE-2013-0746", "CVE-2013-0747", "CVE-2013-0748", "CVE-2013-0749", "CVE-2013-0750", "CVE-2013-0751", "CVE-2013-0752", "CVE-2013-0753", "CVE-2013-0754", "CVE-2013-0755", "CVE-2013-0756", "CVE-2013-0757", "CVE-2013-0758", "CVE-2013-0759", "CVE-2013-0760", "CVE-2013-0761", "CVE-2013-0762", "CVE-2013-0763", "CVE-2013-0764", "CVE-2013-0766", "CVE-2013-0767", "CVE-2013-0768", "CVE-2013-0769", "CVE-2013-0770", "CVE-2013-0771"], "immutableFields": [], "lastseen": "2021-09-01T02:36:20", "history": [], "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "nessus", "idList": ["SUSE_FIREFOX-201301-8426.NASL", "MACOSX_FIREFOX_18_0.NASL", "SEAMONKEY_215.NASL", "6668.PRM", "UBUNTU_USN-1681-3.NASL", "UBUNTU_USN-1681-4.NASL", "FREEBSD_PKG_A4ED66325AA911E28FCBC8600054B392.NASL", "UBUNTU_USN-1681-2.NASL", "MOZILLA_FIREFOX_180.NASL", "UBUNTU_USN-1681-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:841273", "OPENVAS:841289", "OPENVAS:841307", "OPENVAS:850391", "OPENVAS:1361412562310841272", "OPENVAS:841272", "OPENVAS:1361412562310841307", "OPENVAS:1361412562310850391", "OPENVAS:1361412562310841289", "OPENVAS:1361412562310841273"]}, {"type": "suse", "idList": ["SUSE-SU-2013:0048-1", "SUSE-SU-2013:0306-1", "OPENSUSE-SU-2013:0131-1", "OPENSUSE-SU-2013:0149-1", "SUSE-SU-2013:0049-1", "SUSE-SU-2013:0292-1"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:12816"]}, {"type": "freebsd", "idList": ["A4ED6632-5AA9-11E2-8FCB-C8600054B392"]}, {"type": "ubuntu", "idList": ["USN-1681-4", "USN-1681-1", "USN-1681-3", "USN-1681-2"]}, {"type": "oraclelinux", "idList": ["ELSA-2013-0144", "ELSA-2013-0145"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/LINUXRPM-RHSA-2013-0144/", "MSF:ILITIES/LINUXRPM-RHSA-2013-0145/"]}, {"type": "centos", "idList": ["CESA-2013:0144", "CESA-2013:0145"]}, {"type": "redhat", "idList": ["RHSA-2013:0145", "RHSA-2013:0144"]}, {"type": "mozilla", "idList": ["MFSA2013-02"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2013-0761", "UB:CVE-2013-0756"]}, {"type": "cve", "idList": ["CVE-2013-0770", "CVE-2013-0756", "CVE-2012-0759", "CVE-2013-0761"]}], "modified": "2021-09-01T02:36:20", "rev": 2}, "score": {"value": 9.7, "vector": "NONE", "modified": "2021-09-01T02:36:20", "rev": 2}}, "objectVersion": "1.6", "pluginID": "74918", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2013-17.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(74918);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2012-0759\", \"CVE-2012-5829\", \"CVE-2013-0744\", \"CVE-2013-0745\", \"CVE-2013-0746\", \"CVE-2013-0747\", \"CVE-2013-0748\", \"CVE-2013-0749\", \"CVE-2013-0750\", \"CVE-2013-0751\", \"CVE-2013-0752\", \"CVE-2013-0753\", \"CVE-2013-0754\", \"CVE-2013-0755\", \"CVE-2013-0756\", \"CVE-2013-0757\", \"CVE-2013-0758\", \"CVE-2013-0759\", \"CVE-2013-0760\", \"CVE-2013-0761\", \"CVE-2013-0762\", \"CVE-2013-0763\", \"CVE-2013-0764\", \"CVE-2013-0766\", \"CVE-2013-0767\", \"CVE-2013-0768\", \"CVE-2013-0769\", \"CVE-2013-0770\", \"CVE-2013-0771\");\n\n script_name(english:\"openSUSE Security Update : firefox / seamonkey / thunderbird (openSUSE-SU-2013:0149-1)\");\n script_summary(english:\"Check for the openSUSE-2013-17 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Mozilla January 8th 2013 security release contains updates :\n\nMozilla Firefox was updated to version 18.0. Mozilla SeaMonkey was\nupdated to version 2.15. Mozilla Thunderbird was updated to version\n17.0.2. Mozilla XULRunner was updated to version 17.0.2.\n\n - MFSA 2013-01/CVE-2013-0749/CVE-2013-0769/CVE-2013-0770\n Miscellaneous memory safety hazards\n\n - MFSA\n 2013-02/CVE-2013-0760/CVE-2013-0762/CVE-2013-0766/CVE-20\n 13-0767\n CVE-2013-0761/CVE-2013-0763/CVE-2013-0771/CVE-2012-5829\n Use-after-free and buffer overflow issues found using\n Address Sanitizer\n\n - MFSA 2013-03/CVE-2013-0768 (bmo#815795) Buffer Overflow\n in Canvas\n\n - MFSA 2013-04/CVE-2012-0759 (bmo#802026) URL spoofing in\n addressbar during page loads\n\n - MFSA 2013-05/CVE-2013-0744 (bmo#814713) Use-after-free\n when displaying table with many columns and column\n groups\n\n - MFSA 2013-06/CVE-2013-0751 (bmo#790454) Touch events are\n shared across iframes\n\n - MFSA 2013-07/CVE-2013-0764 (bmo#804237) Crash due to\n handling of SSL on threads\n\n - MFSA 2013-08/CVE-2013-0745 (bmo#794158)\n AutoWrapperChanger fails to keep objects alive during\n garbage collection\n\n - MFSA 2013-09/CVE-2013-0746 (bmo#816842) Compartment\n mismatch with quickstubs returned values\n\n - MFSA 2013-10/CVE-2013-0747 (bmo#733305) Event\n manipulation in plugin handler to bypass same-origin\n policy\n\n - MFSA 2013-11/CVE-2013-0748 (bmo#806031) Address space\n layout leaked in XBL objects\n\n - MFSA 2013-12/CVE-2013-0750 (bmo#805121) Buffer overflow\n in JavaScript string concatenation\n\n - MFSA 2013-13/CVE-2013-0752 (bmo#805024) Memory\n corruption in XBL with XML bindings containing SVG\n\n - MFSA 2013-14/CVE-2013-0757 (bmo#813901) Chrome Object\n Wrapper (COW) bypass through changing prototype\n\n - MFSA 2013-15/CVE-2013-0758 (bmo#813906) Privilege\n escalation through plugin objects\n\n - MFSA 2013-16/CVE-2013-0753 (bmo#814001) Use-after-free\n in serializeToStream\n\n - MFSA 2013-17/CVE-2013-0754 (bmo#814026) Use-after-free\n in ListenerManager\n\n - MFSA 2013-18/CVE-2013-0755 (bmo#814027) Use-after-free\n in Vibrate\n\n - MFSA 2013-19/CVE-2013-0756 (bmo#814029) Use-after-free\n in JavaScript Proxy objects\n\nMozilla NSPR was updated to 4.9.4, containing some small bugfixes and\nnew features.\n\nMozilla NSS was updated to 3.14.1 containing various new features,\nsecurity fix and bugfixes :\n\n - MFSA 2013-20/CVE-2013-0743 (bmo#825022, bnc#796628)\n revoke mis-issued intermediate certificates from\n TURKTRUST\n\nCryptographic changes done :\n\n - Support for TLS 1.1 (RFC 4346)\n\n - Experimental support for DTLS 1.0 (RFC 4347) and\n DTLS-SRTP (RFC 5764)\n\n - Support for AES-CTR, AES-CTS, and AES-GCM\n\n - Support for Keying Material Exporters for TLS (RFC 5705)\n\n - Support for certificate signatures using the MD5 hash\n algorithm is now disabled by default\n\n - The NSS license has changed to MPL 2.0. Previous\n releases were released under a MPL 1.1/GPL 2.0/LGPL 2.1\n tri-license. For more information about MPL 2.0, please\n see http://www.mozilla.org/MPL/2.0/FAQ.html. For an\n additional explanation on GPL/LGPL compatibility, see\n security/nss/COPYING in the source code.\n\n - Export and DES cipher suites are disabled by default.\n Non-ECC AES and Triple DES cipher suites are enabled by\n default\n\nPlease see http://www.mozilla.org/security/announce/ for more\ninformation.\"\n );\n # http://www.mozilla.org/MPL/2.0/FAQ.html.\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/MPL/2.0/FAQ.html.\"\n );\n # http://www.mozilla.org/security/announce/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=796628\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2013-01/msg00040.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected firefox / seamonkey / thunderbird packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Firefox 17.0.1 Flash Privileged Code Injection');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-branding-upstream\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-buildsymbols\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-buildsymbols\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:enigmail\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:enigmail-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreebl3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreebl3-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreebl3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreebl3-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsoftokn3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsoftokn3-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsoftokn3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsoftokn3-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-js\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-js-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-js-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-js-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nspr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nspr-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nspr-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nspr-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nspr-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nspr-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-certs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-certs-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-certs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-certs-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-dom-inspector\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-irc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-venkman\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xulrunner\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xulrunner-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xulrunner-buildsymbols\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xulrunner-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xulrunner-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xulrunner-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xulrunner-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xulrunner-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/01/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.1|SUSE12\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.1 / 12.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaFirefox-18.0-2.58.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaFirefox-branding-upstream-18.0-2.58.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaFirefox-buildsymbols-18.0-2.58.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaFirefox-debuginfo-18.0-2.58.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaFirefox-debugsource-18.0-2.58.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaFirefox-devel-18.0-2.58.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaFirefox-translations-common-18.0-2.58.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaFirefox-translations-other-18.0-2.58.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaThunderbird-17.0.2-33.47.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaThunderbird-buildsymbols-17.0.2-33.47.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaThunderbird-debuginfo-17.0.2-33.47.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaThunderbird-debugsource-17.0.2-33.47.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaThunderbird-devel-17.0.2-33.47.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaThunderbird-devel-debuginfo-17.0.2-33.47.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaThunderbird-translations-common-17.0.2-33.47.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaThunderbird-translations-other-17.0.2-33.47.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"enigmail-1.5.0+17.0.2-33.47.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"enigmail-debuginfo-1.5.0+17.0.2-33.47.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libfreebl3-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libfreebl3-debuginfo-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libsoftokn3-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libsoftokn3-debuginfo-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-js-17.0.2-2.53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-js-debuginfo-17.0.2-2.53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nspr-4.9.4-3.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nspr-debuginfo-4.9.4-3.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nspr-debugsource-4.9.4-3.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nspr-devel-4.9.4-3.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nss-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nss-certs-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nss-certs-debuginfo-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nss-debuginfo-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nss-debugsource-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nss-devel-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nss-sysinit-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nss-sysinit-debuginfo-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nss-tools-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nss-tools-debuginfo-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"seamonkey-2.15-2.49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"seamonkey-debuginfo-2.15-2.49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"seamonkey-debugsource-2.15-2.49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"seamonkey-dom-inspector-2.15-2.49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"seamonkey-irc-2.15-2.49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"seamonkey-translations-common-2.15-2.49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"seamonkey-translations-other-2.15-2.49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"seamonkey-venkman-2.15-2.49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"xulrunner-17.0.2-2.53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"xulrunner-buildsymbols-17.0.2-2.53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"xulrunner-debuginfo-17.0.2-2.53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"xulrunner-debugsource-17.0.2-2.53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"xulrunner-devel-17.0.2-2.53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"xulrunner-devel-debuginfo-17.0.2-2.53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"libfreebl3-32bit-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"libfreebl3-debuginfo-32bit-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"libsoftokn3-32bit-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"libsoftokn3-debuginfo-32bit-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"mozilla-js-32bit-17.0.2-2.53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"mozilla-js-debuginfo-32bit-17.0.2-2.53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"mozilla-nspr-32bit-4.9.4-3.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"mozilla-nspr-debuginfo-32bit-4.9.4-3.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"mozilla-nss-32bit-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"mozilla-nss-certs-32bit-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"mozilla-nss-certs-debuginfo-32bit-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"mozilla-nss-debuginfo-32bit-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"mozilla-nss-sysinit-32bit-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"mozilla-nss-sysinit-debuginfo-32bit-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"xulrunner-32bit-17.0.2-2.53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"xulrunner-debuginfo-32bit-17.0.2-2.53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaFirefox-18.0-2.29.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaFirefox-branding-upstream-18.0-2.29.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaFirefox-buildsymbols-18.0-2.29.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaFirefox-debuginfo-18.0-2.29.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaFirefox-debugsource-18.0-2.29.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaFirefox-devel-18.0-2.29.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaFirefox-translations-common-18.0-2.29.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaFirefox-translations-other-18.0-2.29.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaThunderbird-17.0.2-49.27.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaThunderbird-buildsymbols-17.0.2-49.27.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaThunderbird-debuginfo-17.0.2-49.27.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaThunderbird-debugsource-17.0.2-49.27.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaThunderbird-devel-17.0.2-49.27.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaThunderbird-devel-debuginfo-17.0.2-49.27.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaThunderbird-translations-common-17.0.2-49.27.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaThunderbird-translations-other-17.0.2-49.27.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"enigmail-1.5.0+17.0.2-49.27.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"enigmail-debuginfo-1.5.0+17.0.2-49.27.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"libfreebl3-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"libfreebl3-debuginfo-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"libsoftokn3-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"libsoftokn3-debuginfo-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-js-17.0.2-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-js-debuginfo-17.0.2-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-nspr-4.9.4-1.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-nspr-debuginfo-4.9.4-1.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-nspr-debugsource-4.9.4-1.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-nspr-devel-4.9.4-1.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-nss-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-nss-certs-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-nss-certs-debuginfo-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-nss-debuginfo-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-nss-debugsource-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-nss-devel-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-nss-sysinit-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-nss-sysinit-debuginfo-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-nss-tools-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-nss-tools-debuginfo-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"seamonkey-2.15-2.30.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"seamonkey-debuginfo-2.15-2.30.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"seamonkey-debugsource-2.15-2.30.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"seamonkey-dom-inspector-2.15-2.30.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"seamonkey-irc-2.15-2.30.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"seamonkey-translations-common-2.15-2.30.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"seamonkey-translations-other-2.15-2.30.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"seamonkey-venkman-2.15-2.30.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"xulrunner-17.0.2-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"xulrunner-buildsymbols-17.0.2-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"xulrunner-debuginfo-17.0.2-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"xulrunner-debugsource-17.0.2-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"xulrunner-devel-17.0.2-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"xulrunner-devel-debuginfo-17.0.2-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"libfreebl3-32bit-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"libfreebl3-debuginfo-32bit-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"libsoftokn3-32bit-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"libsoftokn3-debuginfo-32bit-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"mozilla-js-32bit-17.0.2-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"mozilla-js-debuginfo-32bit-17.0.2-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"mozilla-nspr-32bit-4.9.4-1.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"mozilla-nspr-debuginfo-32bit-4.9.4-1.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"mozilla-nss-32bit-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"mozilla-nss-certs-32bit-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"mozilla-nss-certs-debuginfo-32bit-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"mozilla-nss-debuginfo-32bit-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"mozilla-nss-sysinit-32bit-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"mozilla-nss-sysinit-debuginfo-32bit-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"xulrunner-32bit-17.0.2-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"xulrunner-debuginfo-32bit-17.0.2-2.26.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MozillaFirefox / MozillaFirefox-branding-upstream / etc\");\n}\n", "naslFamily": "SuSE Local Security Checks", "cpe": ["p-cpe:/a:novell:opensuse:MozillaFirefox", "p-cpe:/a:novell:opensuse:MozillaFirefox-branding-upstream", "p-cpe:/a:novell:opensuse:MozillaFirefox-buildsymbols", "p-cpe:/a:novell:opensuse:MozillaFirefox-debuginfo", "p-cpe:/a:novell:opensuse:MozillaFirefox-debugsource", "p-cpe:/a:novell:opensuse:MozillaFirefox-devel", "p-cpe:/a:novell:opensuse:MozillaFirefox-translations-common", "p-cpe:/a:novell:opensuse:MozillaFirefox-translations-other", "p-cpe:/a:novell:opensuse:MozillaThunderbird", "p-cpe:/a:novell:opensuse:MozillaThunderbird-buildsymbols", "p-cpe:/a:novell:opensuse:MozillaThunderbird-debuginfo", "p-cpe:/a:novell:opensuse:MozillaThunderbird-debugsource", "p-cpe:/a:novell:opensuse:MozillaThunderbird-devel", "p-cpe:/a:novell:opensuse:MozillaThunderbird-devel-debuginfo", "p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-common", "p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-other", "p-cpe:/a:novell:opensuse:enigmail", "p-cpe:/a:novell:opensuse:enigmail-debuginfo", "p-cpe:/a:novell:opensuse:libfreebl3", "p-cpe:/a:novell:opensuse:libfreebl3-32bit", "p-cpe:/a:novell:opensuse:libfreebl3-debuginfo", "p-cpe:/a:novell:opensuse:libfreebl3-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libsoftokn3", "p-cpe:/a:novell:opensuse:libsoftokn3-32bit", "p-cpe:/a:novell:opensuse:libsoftokn3-debuginfo", "p-cpe:/a:novell:opensuse:libsoftokn3-debuginfo-32bit", "p-cpe:/a:novell:opensuse:mozilla-js", "p-cpe:/a:novell:opensuse:mozilla-js-32bit", "p-cpe:/a:novell:opensuse:mozilla-js-debuginfo", "p-cpe:/a:novell:opensuse:mozilla-js-debuginfo-32bit", "p-cpe:/a:novell:opensuse:mozilla-nspr", "p-cpe:/a:novell:opensuse:mozilla-nspr-32bit", "p-cpe:/a:novell:opensuse:mozilla-nspr-debuginfo", "p-cpe:/a:novell:opensuse:mozilla-nspr-debuginfo-32bit", "p-cpe:/a:novell:opensuse:mozilla-nspr-debugsource", "p-cpe:/a:novell:opensuse:mozilla-nspr-devel", "p-cpe:/a:novell:opensuse:mozilla-nss", "p-cpe:/a:novell:opensuse:mozilla-nss-32bit", "p-cpe:/a:novell:opensuse:mozilla-nss-certs", "p-cpe:/a:novell:opensuse:mozilla-nss-certs-32bit", "p-cpe:/a:novell:opensuse:mozilla-nss-certs-debuginfo", "p-cpe:/a:novell:opensuse:mozilla-nss-certs-debuginfo-32bit", "p-cpe:/a:novell:opensuse:mozilla-nss-debuginfo", "p-cpe:/a:novell:opensuse:mozilla-nss-debuginfo-32bit", "p-cpe:/a:novell:opensuse:mozilla-nss-debugsource", "p-cpe:/a:novell:opensuse:mozilla-nss-devel", "p-cpe:/a:novell:opensuse:mozilla-nss-sysinit", "p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-32bit", "p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-debuginfo", "p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-debuginfo-32bit", "p-cpe:/a:novell:opensuse:mozilla-nss-tools", "p-cpe:/a:novell:opensuse:mozilla-nss-tools-debuginfo", "p-cpe:/a:novell:opensuse:seamonkey", "p-cpe:/a:novell:opensuse:seamonkey-debuginfo", "p-cpe:/a:novell:opensuse:seamonkey-debugsource", "p-cpe:/a:novell:opensuse:seamonkey-dom-inspector", "p-cpe:/a:novell:opensuse:seamonkey-irc", "p-cpe:/a:novell:opensuse:seamonkey-translations-common", "p-cpe:/a:novell:opensuse:seamonkey-translations-other", "p-cpe:/a:novell:opensuse:seamonkey-venkman", "p-cpe:/a:novell:opensuse:xulrunner", "p-cpe:/a:novell:opensuse:xulrunner-32bit", "p-cpe:/a:novell:opensuse:xulrunner-buildsymbols", "p-cpe:/a:novell:opensuse:xulrunner-debuginfo", "p-cpe:/a:novell:opensuse:xulrunner-debuginfo-32bit", "p-cpe:/a:novell:opensuse:xulrunner-debugsource", "p-cpe:/a:novell:opensuse:xulrunner-devel", "p-cpe:/a:novell:opensuse:xulrunner-devel-debuginfo", "cpe:/o:novell:opensuse:12.1", "cpe:/o:novell:opensuse:12.2"], "solution": "Update the affected firefox / seamonkey / thunderbird packages.", "nessusSeverity": "Critical", "cvssScoreSource": "", "vpr": {"risk factor": "Critical", "score": "9.2"}, "exploitAvailable": true, "exploitEase": "Exploits are available", "patchPublicationDate": "2013-01-09T00:00:00", "vulnerabilityPublicationDate": null, "exploitableWith": ["Core Impact", "Metasploit(Firefox 17.0.1 Flash Privileged Code Injection)"]}, "lastseen": "2021-09-01T02:36:20", "differentElements": ["vpr"], "edition": 10}, {"bulletin": {"id": "OPENSUSE-2013-17.NASL", "hash": "4f748c20d8303e4c2afe9e37e3cf83ce", "type": "nessus", "bulletinFamily": "scanner", "title": "openSUSE Security Update : firefox / seamonkey / thunderbird (openSUSE-SU-2013:0149-1)", "description": "The Mozilla January 8th 2013 security release contains updates :\n\nMozilla Firefox was updated to version 18.0. Mozilla SeaMonkey was updated to version 2.15. Mozilla Thunderbird was updated to version 17.0.2. Mozilla XULRunner was updated to version 17.0.2.\n\n - MFSA 2013-01/CVE-2013-0749/CVE-2013-0769/CVE-2013-0770 Miscellaneous memory safety hazards\n\n - MFSA 2013-02/CVE-2013-0760/CVE-2013-0762/CVE-2013-0766/CVE-20 13-0767 CVE-2013-0761/CVE-2013-0763/CVE-2013-0771/CVE-2012-5829 Use-after-free and buffer overflow issues found using Address Sanitizer\n\n - MFSA 2013-03/CVE-2013-0768 (bmo#815795) Buffer Overflow in Canvas\n\n - MFSA 2013-04/CVE-2012-0759 (bmo#802026) URL spoofing in addressbar during page loads\n\n - MFSA 2013-05/CVE-2013-0744 (bmo#814713) Use-after-free when displaying table with many columns and column groups\n\n - MFSA 2013-06/CVE-2013-0751 (bmo#790454) Touch events are shared across iframes\n\n - MFSA 2013-07/CVE-2013-0764 (bmo#804237) Crash due to handling of SSL on threads\n\n - MFSA 2013-08/CVE-2013-0745 (bmo#794158) AutoWrapperChanger fails to keep objects alive during garbage collection\n\n - MFSA 2013-09/CVE-2013-0746 (bmo#816842) Compartment mismatch with quickstubs returned values\n\n - MFSA 2013-10/CVE-2013-0747 (bmo#733305) Event manipulation in plugin handler to bypass same-origin policy\n\n - MFSA 2013-11/CVE-2013-0748 (bmo#806031) Address space layout leaked in XBL objects\n\n - MFSA 2013-12/CVE-2013-0750 (bmo#805121) Buffer overflow in JavaScript string concatenation\n\n - MFSA 2013-13/CVE-2013-0752 (bmo#805024) Memory corruption in XBL with XML bindings containing SVG\n\n - MFSA 2013-14/CVE-2013-0757 (bmo#813901) Chrome Object Wrapper (COW) bypass through changing prototype\n\n - MFSA 2013-15/CVE-2013-0758 (bmo#813906) Privilege escalation through plugin objects\n\n - MFSA 2013-16/CVE-2013-0753 (bmo#814001) Use-after-free in serializeToStream\n\n - MFSA 2013-17/CVE-2013-0754 (bmo#814026) Use-after-free in ListenerManager\n\n - MFSA 2013-18/CVE-2013-0755 (bmo#814027) Use-after-free in Vibrate\n\n - MFSA 2013-19/CVE-2013-0756 (bmo#814029) Use-after-free in JavaScript Proxy objects\n\nMozilla NSPR was updated to 4.9.4, containing some small bugfixes and new features.\n\nMozilla NSS was updated to 3.14.1 containing various new features, security fix and bugfixes :\n\n - MFSA 2013-20/CVE-2013-0743 (bmo#825022, bnc#796628) revoke mis-issued intermediate certificates from TURKTRUST\n\nCryptographic changes done :\n\n - Support for TLS 1.1 (RFC 4346)\n\n - Experimental support for DTLS 1.0 (RFC 4347) and DTLS-SRTP (RFC 5764)\n\n - Support for AES-CTR, AES-CTS, and AES-GCM\n\n - Support for Keying Material Exporters for TLS (RFC 5705)\n\n - Support for certificate signatures using the MD5 hash algorithm is now disabled by default\n\n - The NSS license has changed to MPL 2.0. Previous releases were released under a MPL 1.1/GPL 2.0/LGPL 2.1 tri-license. For more information about MPL 2.0, please see http://www.mozilla.org/MPL/2.0/FAQ.html. For an additional explanation on GPL/LGPL compatibility, see security/nss/COPYING in the source code.\n\n - Export and DES cipher suites are disabled by default.\n Non-ECC AES and Triple DES cipher suites are enabled by default\n\nPlease see http://www.mozilla.org/security/announce/ for more information.", "published": "2014-06-13T00:00:00", "modified": "2021-01-19T00:00:00", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {"score": null, "vector": null}, "href": "https://www.tenable.com/plugins/nessus/74918", "reporter": "This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0760", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0768", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0761", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0753", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0757", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0754", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0750", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0749", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0746", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0748", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0769", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0751", "https://www.mozilla.org/en-US/security/advisories/", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0744", "https://lists.opensuse.org/opensuse-updates/2013-01/msg00040.html", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0756", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0759", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0758", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0759", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0771", "https://bugzilla.novell.com/show_bug.cgi?id=796628", "https://www.mozilla.org/en-US/MPL/2.0/FAQ.html.", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0763", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0747", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0764", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0755", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0762", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0767", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0766", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5829", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0745", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0770", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0752"], "cvelist": ["CVE-2012-0759", "CVE-2012-5829", "CVE-2013-0744", "CVE-2013-0745", "CVE-2013-0746", "CVE-2013-0747", "CVE-2013-0748", "CVE-2013-0749", "CVE-2013-0750", "CVE-2013-0751", "CVE-2013-0752", "CVE-2013-0753", "CVE-2013-0754", "CVE-2013-0755", "CVE-2013-0756", "CVE-2013-0757", "CVE-2013-0758", "CVE-2013-0759", "CVE-2013-0760", "CVE-2013-0761", "CVE-2013-0762", "CVE-2013-0763", "CVE-2013-0764", "CVE-2013-0766", "CVE-2013-0767", "CVE-2013-0768", "CVE-2013-0769", "CVE-2013-0770", "CVE-2013-0771"], "immutableFields": [], "lastseen": "2021-09-05T01:20:12", "history": [], "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "nessus", "idList": ["UBUNTU_USN-1681-3.NASL", "6668.PRM", "UBUNTU_USN-1681-1.NASL", "UBUNTU_USN-1681-4.NASL", "SUSE_FIREFOX-201301-8426.NASL", "UBUNTU_USN-1681-2.NASL", "MACOSX_FIREFOX_18_0.NASL", "SEAMONKEY_215.NASL", "FREEBSD_PKG_A4ED66325AA911E28FCBC8600054B392.NASL", "MOZILLA_FIREFOX_180.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:841273", "OPENVAS:1361412562310841272", "OPENVAS:841307", "OPENVAS:841289", "OPENVAS:1361412562310850391", "OPENVAS:850391", "OPENVAS:1361412562310841273", "OPENVAS:1361412562310841289", "OPENVAS:1361412562310841307", "OPENVAS:841272"]}, {"type": "suse", "idList": ["SUSE-SU-2013:0048-1", "SUSE-SU-2013:0292-1", "SUSE-SU-2013:0049-1", "OPENSUSE-SU-2013:0149-1", "SUSE-SU-2013:0306-1", "OPENSUSE-SU-2013:0131-1"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:12816"]}, {"type": "freebsd", "idList": ["A4ED6632-5AA9-11E2-8FCB-C8600054B392"]}, {"type": "ubuntu", "idList": ["USN-1681-3", "USN-1681-4", "USN-1681-2", "USN-1681-1"]}, {"type": "oraclelinux", "idList": ["ELSA-2013-0145", "ELSA-2013-0144"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/LINUXRPM-RHSA-2013-0144/", "MSF:ILITIES/LINUXRPM-RHSA-2013-0145/"]}, {"type": "centos", "idList": ["CESA-2013:0144", "CESA-2013:0145"]}, {"type": "redhat", "idList": ["RHSA-2013:0145", "RHSA-2013:0144"]}, {"type": "mozilla", "idList": ["MFSA2013-02"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2013-0756", "UB:CVE-2013-0761"]}, {"type": "cve", "idList": ["CVE-2013-0756", "CVE-2012-0759", "CVE-2013-0768", "CVE-2013-0761"]}], "modified": "2021-09-05T01:20:12", "rev": 2}, "score": {"value": 9.7, "vector": "NONE", "modified": "2021-09-05T01:20:12", "rev": 2}}, "objectVersion": "1.6", "pluginID": "74918", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2013-17.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(74918);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2012-0759\", \"CVE-2012-5829\", \"CVE-2013-0744\", \"CVE-2013-0745\", \"CVE-2013-0746\", \"CVE-2013-0747\", \"CVE-2013-0748\", \"CVE-2013-0749\", \"CVE-2013-0750\", \"CVE-2013-0751\", \"CVE-2013-0752\", \"CVE-2013-0753\", \"CVE-2013-0754\", \"CVE-2013-0755\", \"CVE-2013-0756\", \"CVE-2013-0757\", \"CVE-2013-0758\", \"CVE-2013-0759\", \"CVE-2013-0760\", \"CVE-2013-0761\", \"CVE-2013-0762\", \"CVE-2013-0763\", \"CVE-2013-0764\", \"CVE-2013-0766\", \"CVE-2013-0767\", \"CVE-2013-0768\", \"CVE-2013-0769\", \"CVE-2013-0770\", \"CVE-2013-0771\");\n\n script_name(english:\"openSUSE Security Update : firefox / seamonkey / thunderbird (openSUSE-SU-2013:0149-1)\");\n script_summary(english:\"Check for the openSUSE-2013-17 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Mozilla January 8th 2013 security release contains updates :\n\nMozilla Firefox was updated to version 18.0. Mozilla SeaMonkey was\nupdated to version 2.15. Mozilla Thunderbird was updated to version\n17.0.2. Mozilla XULRunner was updated to version 17.0.2.\n\n - MFSA 2013-01/CVE-2013-0749/CVE-2013-0769/CVE-2013-0770\n Miscellaneous memory safety hazards\n\n - MFSA\n 2013-02/CVE-2013-0760/CVE-2013-0762/CVE-2013-0766/CVE-20\n 13-0767\n CVE-2013-0761/CVE-2013-0763/CVE-2013-0771/CVE-2012-5829\n Use-after-free and buffer overflow issues found using\n Address Sanitizer\n\n - MFSA 2013-03/CVE-2013-0768 (bmo#815795) Buffer Overflow\n in Canvas\n\n - MFSA 2013-04/CVE-2012-0759 (bmo#802026) URL spoofing in\n addressbar during page loads\n\n - MFSA 2013-05/CVE-2013-0744 (bmo#814713) Use-after-free\n when displaying table with many columns and column\n groups\n\n - MFSA 2013-06/CVE-2013-0751 (bmo#790454) Touch events are\n shared across iframes\n\n - MFSA 2013-07/CVE-2013-0764 (bmo#804237) Crash due to\n handling of SSL on threads\n\n - MFSA 2013-08/CVE-2013-0745 (bmo#794158)\n AutoWrapperChanger fails to keep objects alive during\n garbage collection\n\n - MFSA 2013-09/CVE-2013-0746 (bmo#816842) Compartment\n mismatch with quickstubs returned values\n\n - MFSA 2013-10/CVE-2013-0747 (bmo#733305) Event\n manipulation in plugin handler to bypass same-origin\n policy\n\n - MFSA 2013-11/CVE-2013-0748 (bmo#806031) Address space\n layout leaked in XBL objects\n\n - MFSA 2013-12/CVE-2013-0750 (bmo#805121) Buffer overflow\n in JavaScript string concatenation\n\n - MFSA 2013-13/CVE-2013-0752 (bmo#805024) Memory\n corruption in XBL with XML bindings containing SVG\n\n - MFSA 2013-14/CVE-2013-0757 (bmo#813901) Chrome Object\n Wrapper (COW) bypass through changing prototype\n\n - MFSA 2013-15/CVE-2013-0758 (bmo#813906) Privilege\n escalation through plugin objects\n\n - MFSA 2013-16/CVE-2013-0753 (bmo#814001) Use-after-free\n in serializeToStream\n\n - MFSA 2013-17/CVE-2013-0754 (bmo#814026) Use-after-free\n in ListenerManager\n\n - MFSA 2013-18/CVE-2013-0755 (bmo#814027) Use-after-free\n in Vibrate\n\n - MFSA 2013-19/CVE-2013-0756 (bmo#814029) Use-after-free\n in JavaScript Proxy objects\n\nMozilla NSPR was updated to 4.9.4, containing some small bugfixes and\nnew features.\n\nMozilla NSS was updated to 3.14.1 containing various new features,\nsecurity fix and bugfixes :\n\n - MFSA 2013-20/CVE-2013-0743 (bmo#825022, bnc#796628)\n revoke mis-issued intermediate certificates from\n TURKTRUST\n\nCryptographic changes done :\n\n - Support for TLS 1.1 (RFC 4346)\n\n - Experimental support for DTLS 1.0 (RFC 4347) and\n DTLS-SRTP (RFC 5764)\n\n - Support for AES-CTR, AES-CTS, and AES-GCM\n\n - Support for Keying Material Exporters for TLS (RFC 5705)\n\n - Support for certificate signatures using the MD5 hash\n algorithm is now disabled by default\n\n - The NSS license has changed to MPL 2.0. Previous\n releases were released under a MPL 1.1/GPL 2.0/LGPL 2.1\n tri-license. For more information about MPL 2.0, please\n see http://www.mozilla.org/MPL/2.0/FAQ.html. For an\n additional explanation on GPL/LGPL compatibility, see\n security/nss/COPYING in the source code.\n\n - Export and DES cipher suites are disabled by default.\n Non-ECC AES and Triple DES cipher suites are enabled by\n default\n\nPlease see http://www.mozilla.org/security/announce/ for more\ninformation.\"\n );\n # http://www.mozilla.org/MPL/2.0/FAQ.html.\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/MPL/2.0/FAQ.html.\"\n );\n # http://www.mozilla.org/security/announce/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=796628\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2013-01/msg00040.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected firefox / seamonkey / thunderbird packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Firefox 17.0.1 Flash Privileged Code Injection');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-branding-upstream\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-buildsymbols\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-buildsymbols\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:enigmail\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:enigmail-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreebl3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreebl3-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreebl3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreebl3-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsoftokn3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsoftokn3-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsoftokn3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsoftokn3-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-js\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-js-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-js-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-js-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nspr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nspr-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nspr-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nspr-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nspr-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nspr-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-certs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-certs-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-certs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-certs-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-dom-inspector\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-irc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-venkman\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xulrunner\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xulrunner-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xulrunner-buildsymbols\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xulrunner-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xulrunner-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xulrunner-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xulrunner-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xulrunner-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/01/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.1|SUSE12\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.1 / 12.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaFirefox-18.0-2.58.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaFirefox-branding-upstream-18.0-2.58.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaFirefox-buildsymbols-18.0-2.58.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaFirefox-debuginfo-18.0-2.58.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaFirefox-debugsource-18.0-2.58.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaFirefox-devel-18.0-2.58.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaFirefox-translations-common-18.0-2.58.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaFirefox-translations-other-18.0-2.58.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaThunderbird-17.0.2-33.47.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaThunderbird-buildsymbols-17.0.2-33.47.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaThunderbird-debuginfo-17.0.2-33.47.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaThunderbird-debugsource-17.0.2-33.47.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaThunderbird-devel-17.0.2-33.47.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaThunderbird-devel-debuginfo-17.0.2-33.47.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaThunderbird-translations-common-17.0.2-33.47.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaThunderbird-translations-other-17.0.2-33.47.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"enigmail-1.5.0+17.0.2-33.47.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"enigmail-debuginfo-1.5.0+17.0.2-33.47.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libfreebl3-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libfreebl3-debuginfo-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libsoftokn3-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libsoftokn3-debuginfo-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-js-17.0.2-2.53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-js-debuginfo-17.0.2-2.53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nspr-4.9.4-3.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nspr-debuginfo-4.9.4-3.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nspr-debugsource-4.9.4-3.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nspr-devel-4.9.4-3.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nss-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nss-certs-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nss-certs-debuginfo-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nss-debuginfo-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nss-debugsource-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nss-devel-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nss-sysinit-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nss-sysinit-debuginfo-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nss-tools-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nss-tools-debuginfo-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"seamonkey-2.15-2.49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"seamonkey-debuginfo-2.15-2.49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"seamonkey-debugsource-2.15-2.49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"seamonkey-dom-inspector-2.15-2.49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"seamonkey-irc-2.15-2.49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"seamonkey-translations-common-2.15-2.49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"seamonkey-translations-other-2.15-2.49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"seamonkey-venkman-2.15-2.49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"xulrunner-17.0.2-2.53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"xulrunner-buildsymbols-17.0.2-2.53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"xulrunner-debuginfo-17.0.2-2.53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"xulrunner-debugsource-17.0.2-2.53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"xulrunner-devel-17.0.2-2.53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"xulrunner-devel-debuginfo-17.0.2-2.53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"libfreebl3-32bit-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"libfreebl3-debuginfo-32bit-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"libsoftokn3-32bit-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"libsoftokn3-debuginfo-32bit-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"mozilla-js-32bit-17.0.2-2.53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"mozilla-js-debuginfo-32bit-17.0.2-2.53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"mozilla-nspr-32bit-4.9.4-3.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"mozilla-nspr-debuginfo-32bit-4.9.4-3.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"mozilla-nss-32bit-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"mozilla-nss-certs-32bit-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"mozilla-nss-certs-debuginfo-32bit-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"mozilla-nss-debuginfo-32bit-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"mozilla-nss-sysinit-32bit-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"mozilla-nss-sysinit-debuginfo-32bit-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"xulrunner-32bit-17.0.2-2.53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"xulrunner-debuginfo-32bit-17.0.2-2.53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaFirefox-18.0-2.29.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaFirefox-branding-upstream-18.0-2.29.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaFirefox-buildsymbols-18.0-2.29.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaFirefox-debuginfo-18.0-2.29.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaFirefox-debugsource-18.0-2.29.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaFirefox-devel-18.0-2.29.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaFirefox-translations-common-18.0-2.29.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaFirefox-translations-other-18.0-2.29.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaThunderbird-17.0.2-49.27.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaThunderbird-buildsymbols-17.0.2-49.27.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaThunderbird-debuginfo-17.0.2-49.27.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaThunderbird-debugsource-17.0.2-49.27.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaThunderbird-devel-17.0.2-49.27.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaThunderbird-devel-debuginfo-17.0.2-49.27.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaThunderbird-translations-common-17.0.2-49.27.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaThunderbird-translations-other-17.0.2-49.27.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"enigmail-1.5.0+17.0.2-49.27.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"enigmail-debuginfo-1.5.0+17.0.2-49.27.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"libfreebl3-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"libfreebl3-debuginfo-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"libsoftokn3-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"libsoftokn3-debuginfo-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-js-17.0.2-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-js-debuginfo-17.0.2-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-nspr-4.9.4-1.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-nspr-debuginfo-4.9.4-1.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-nspr-debugsource-4.9.4-1.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-nspr-devel-4.9.4-1.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-nss-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-nss-certs-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-nss-certs-debuginfo-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-nss-debuginfo-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-nss-debugsource-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-nss-devel-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-nss-sysinit-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-nss-sysinit-debuginfo-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-nss-tools-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-nss-tools-debuginfo-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"seamonkey-2.15-2.30.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"seamonkey-debuginfo-2.15-2.30.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"seamonkey-debugsource-2.15-2.30.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"seamonkey-dom-inspector-2.15-2.30.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"seamonkey-irc-2.15-2.30.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"seamonkey-translations-common-2.15-2.30.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"seamonkey-translations-other-2.15-2.30.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"seamonkey-venkman-2.15-2.30.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"xulrunner-17.0.2-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"xulrunner-buildsymbols-17.0.2-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"xulrunner-debuginfo-17.0.2-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"xulrunner-debugsource-17.0.2-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"xulrunner-devel-17.0.2-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"xulrunner-devel-debuginfo-17.0.2-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"libfreebl3-32bit-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"libfreebl3-debuginfo-32bit-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"libsoftokn3-32bit-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"libsoftokn3-debuginfo-32bit-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"mozilla-js-32bit-17.0.2-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"mozilla-js-debuginfo-32bit-17.0.2-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"mozilla-nspr-32bit-4.9.4-1.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"mozilla-nspr-debuginfo-32bit-4.9.4-1.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"mozilla-nss-32bit-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"mozilla-nss-certs-32bit-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"mozilla-nss-certs-debuginfo-32bit-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"mozilla-nss-debuginfo-32bit-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"mozilla-nss-sysinit-32bit-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"mozilla-nss-sysinit-debuginfo-32bit-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"xulrunner-32bit-17.0.2-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"xulrunner-debuginfo-32bit-17.0.2-2.26.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MozillaFirefox / MozillaFirefox-branding-upstream / etc\");\n}\n", "naslFamily": "SuSE Local Security Checks", "cpe": ["p-cpe:/a:novell:opensuse:MozillaFirefox", "p-cpe:/a:novell:opensuse:MozillaFirefox-branding-upstream", "p-cpe:/a:novell:opensuse:MozillaFirefox-buildsymbols", "p-cpe:/a:novell:opensuse:MozillaFirefox-debuginfo", "p-cpe:/a:novell:opensuse:MozillaFirefox-debugsource", "p-cpe:/a:novell:opensuse:MozillaFirefox-devel", "p-cpe:/a:novell:opensuse:MozillaFirefox-translations-common", "p-cpe:/a:novell:opensuse:MozillaFirefox-translations-other", "p-cpe:/a:novell:opensuse:MozillaThunderbird", "p-cpe:/a:novell:opensuse:MozillaThunderbird-buildsymbols", "p-cpe:/a:novell:opensuse:MozillaThunderbird-debuginfo", "p-cpe:/a:novell:opensuse:MozillaThunderbird-debugsource", "p-cpe:/a:novell:opensuse:MozillaThunderbird-devel", "p-cpe:/a:novell:opensuse:MozillaThunderbird-devel-debuginfo", "p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-common", "p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-other", "p-cpe:/a:novell:opensuse:enigmail", "p-cpe:/a:novell:opensuse:enigmail-debuginfo", "p-cpe:/a:novell:opensuse:libfreebl3", "p-cpe:/a:novell:opensuse:libfreebl3-32bit", "p-cpe:/a:novell:opensuse:libfreebl3-debuginfo", "p-cpe:/a:novell:opensuse:libfreebl3-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libsoftokn3", "p-cpe:/a:novell:opensuse:libsoftokn3-32bit", "p-cpe:/a:novell:opensuse:libsoftokn3-debuginfo", "p-cpe:/a:novell:opensuse:libsoftokn3-debuginfo-32bit", "p-cpe:/a:novell:opensuse:mozilla-js", "p-cpe:/a:novell:opensuse:mozilla-js-32bit", "p-cpe:/a:novell:opensuse:mozilla-js-debuginfo", "p-cpe:/a:novell:opensuse:mozilla-js-debuginfo-32bit", "p-cpe:/a:novell:opensuse:mozilla-nspr", "p-cpe:/a:novell:opensuse:mozilla-nspr-32bit", "p-cpe:/a:novell:opensuse:mozilla-nspr-debuginfo", "p-cpe:/a:novell:opensuse:mozilla-nspr-debuginfo-32bit", "p-cpe:/a:novell:opensuse:mozilla-nspr-debugsource", "p-cpe:/a:novell:opensuse:mozilla-nspr-devel", "p-cpe:/a:novell:opensuse:mozilla-nss", "p-cpe:/a:novell:opensuse:mozilla-nss-32bit", "p-cpe:/a:novell:opensuse:mozilla-nss-certs", "p-cpe:/a:novell:opensuse:mozilla-nss-certs-32bit", "p-cpe:/a:novell:opensuse:mozilla-nss-certs-debuginfo", "p-cpe:/a:novell:opensuse:mozilla-nss-certs-debuginfo-32bit", "p-cpe:/a:novell:opensuse:mozilla-nss-debuginfo", "p-cpe:/a:novell:opensuse:mozilla-nss-debuginfo-32bit", "p-cpe:/a:novell:opensuse:mozilla-nss-debugsource", "p-cpe:/a:novell:opensuse:mozilla-nss-devel", "p-cpe:/a:novell:opensuse:mozilla-nss-sysinit", "p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-32bit", "p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-debuginfo", "p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-debuginfo-32bit", "p-cpe:/a:novell:opensuse:mozilla-nss-tools", "p-cpe:/a:novell:opensuse:mozilla-nss-tools-debuginfo", "p-cpe:/a:novell:opensuse:seamonkey", "p-cpe:/a:novell:opensuse:seamonkey-debuginfo", "p-cpe:/a:novell:opensuse:seamonkey-debugsource", "p-cpe:/a:novell:opensuse:seamonkey-dom-inspector", "p-cpe:/a:novell:opensuse:seamonkey-irc", "p-cpe:/a:novell:opensuse:seamonkey-translations-common", "p-cpe:/a:novell:opensuse:seamonkey-translations-other", "p-cpe:/a:novell:opensuse:seamonkey-venkman", "p-cpe:/a:novell:opensuse:xulrunner", "p-cpe:/a:novell:opensuse:xulrunner-32bit", "p-cpe:/a:novell:opensuse:xulrunner-buildsymbols", "p-cpe:/a:novell:opensuse:xulrunner-debuginfo", "p-cpe:/a:novell:opensuse:xulrunner-debuginfo-32bit", "p-cpe:/a:novell:opensuse:xulrunner-debugsource", "p-cpe:/a:novell:opensuse:xulrunner-devel", "p-cpe:/a:novell:opensuse:xulrunner-devel-debuginfo", "cpe:/o:novell:opensuse:12.1", "cpe:/o:novell:opensuse:12.2"], "solution": "Update the affected firefox / seamonkey / thunderbird packages.", "nessusSeverity": "Critical", "cvssScoreSource": "", "vpr": {"risk factor": "Critical", "score": "9.4"}, "exploitAvailable": true, "exploitEase": "Exploits are available", "patchPublicationDate": "2013-01-09T00:00:00", "vulnerabilityPublicationDate": null, "exploitableWith": ["Core Impact", "Metasploit(Firefox 17.0.1 Flash Privileged Code Injection)"]}, "lastseen": "2021-09-05T01:20:12", "differentElements": ["vpr"], "edition": 11}, {"bulletin": {"id": "OPENSUSE-2013-17.NASL", "hash": "28631a5fe3471b84da034aa293959156", "type": "nessus", "bulletinFamily": "scanner", "title": "openSUSE Security Update : firefox / seamonkey / thunderbird (openSUSE-SU-2013:0149-1)", "description": "The Mozilla January 8th 2013 security release contains updates :\n\nMozilla Firefox was updated to version 18.0. Mozilla SeaMonkey was updated to version 2.15. Mozilla Thunderbird was updated to version 17.0.2. Mozilla XULRunner was updated to version 17.0.2.\n\n - MFSA 2013-01/CVE-2013-0749/CVE-2013-0769/CVE-2013-0770 Miscellaneous memory safety hazards\n\n - MFSA 2013-02/CVE-2013-0760/CVE-2013-0762/CVE-2013-0766/CVE-20 13-0767 CVE-2013-0761/CVE-2013-0763/CVE-2013-0771/CVE-2012-5829 Use-after-free and buffer overflow issues found using Address Sanitizer\n\n - MFSA 2013-03/CVE-2013-0768 (bmo#815795) Buffer Overflow in Canvas\n\n - MFSA 2013-04/CVE-2012-0759 (bmo#802026) URL spoofing in addressbar during page loads\n\n - MFSA 2013-05/CVE-2013-0744 (bmo#814713) Use-after-free when displaying table with many columns and column groups\n\n - MFSA 2013-06/CVE-2013-0751 (bmo#790454) Touch events are shared across iframes\n\n - MFSA 2013-07/CVE-2013-0764 (bmo#804237) Crash due to handling of SSL on threads\n\n - MFSA 2013-08/CVE-2013-0745 (bmo#794158) AutoWrapperChanger fails to keep objects alive during garbage collection\n\n - MFSA 2013-09/CVE-2013-0746 (bmo#816842) Compartment mismatch with quickstubs returned values\n\n - MFSA 2013-10/CVE-2013-0747 (bmo#733305) Event manipulation in plugin handler to bypass same-origin policy\n\n - MFSA 2013-11/CVE-2013-0748 (bmo#806031) Address space layout leaked in XBL objects\n\n - MFSA 2013-12/CVE-2013-0750 (bmo#805121) Buffer overflow in JavaScript string concatenation\n\n - MFSA 2013-13/CVE-2013-0752 (bmo#805024) Memory corruption in XBL with XML bindings containing SVG\n\n - MFSA 2013-14/CVE-2013-0757 (bmo#813901) Chrome Object Wrapper (COW) bypass through changing prototype\n\n - MFSA 2013-15/CVE-2013-0758 (bmo#813906) Privilege escalation through plugin objects\n\n - MFSA 2013-16/CVE-2013-0753 (bmo#814001) Use-after-free in serializeToStream\n\n - MFSA 2013-17/CVE-2013-0754 (bmo#814026) Use-after-free in ListenerManager\n\n - MFSA 2013-18/CVE-2013-0755 (bmo#814027) Use-after-free in Vibrate\n\n - MFSA 2013-19/CVE-2013-0756 (bmo#814029) Use-after-free in JavaScript Proxy objects\n\nMozilla NSPR was updated to 4.9.4, containing some small bugfixes and new features.\n\nMozilla NSS was updated to 3.14.1 containing various new features, security fix and bugfixes :\n\n - MFSA 2013-20/CVE-2013-0743 (bmo#825022, bnc#796628) revoke mis-issued intermediate certificates from TURKTRUST\n\nCryptographic changes done :\n\n - Support for TLS 1.1 (RFC 4346)\n\n - Experimental support for DTLS 1.0 (RFC 4347) and DTLS-SRTP (RFC 5764)\n\n - Support for AES-CTR, AES-CTS, and AES-GCM\n\n - Support for Keying Material Exporters for TLS (RFC 5705)\n\n - Support for certificate signatures using the MD5 hash algorithm is now disabled by default\n\n - The NSS license has changed to MPL 2.0. Previous releases were released under a MPL 1.1/GPL 2.0/LGPL 2.1 tri-license. For more information about MPL 2.0, please see http://www.mozilla.org/MPL/2.0/FAQ.html. For an additional explanation on GPL/LGPL compatibility, see security/nss/COPYING in the source code.\n\n - Export and DES cipher suites are disabled by default.\n Non-ECC AES and Triple DES cipher suites are enabled by default\n\nPlease see http://www.mozilla.org/security/announce/ for more information.", "published": "2014-06-13T00:00:00", "modified": "2021-01-19T00:00:00", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {"score": null, "vector": null}, "href": "https://www.tenable.com/plugins/nessus/74918", "reporter": "This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0753", "https://bugzilla.novell.com/show_bug.cgi?id=796628", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0749", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0759", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0744", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0767", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0764", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0769", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0745", "https://www.mozilla.org/en-US/MPL/2.0/FAQ.html.", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0755", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0757", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0763", "https://www.mozilla.org/en-US/security/advisories/", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0748", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0771", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0768", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0752", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0756", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0759", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0761", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0746", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0760", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0770", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5829", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0750", "https://lists.opensuse.org/opensuse-updates/2013-01/msg00040.html", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0766", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0751", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0754", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0758", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0762", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0747"], "cvelist": ["CVE-2012-0759", "CVE-2012-5829", "CVE-2013-0744", "CVE-2013-0745", "CVE-2013-0746", "CVE-2013-0747", "CVE-2013-0748", "CVE-2013-0749", "CVE-2013-0750", "CVE-2013-0751", "CVE-2013-0752", "CVE-2013-0753", "CVE-2013-0754", "CVE-2013-0755", "CVE-2013-0756", "CVE-2013-0757", "CVE-2013-0758", "CVE-2013-0759", "CVE-2013-0760", "CVE-2013-0761", "CVE-2013-0762", "CVE-2013-0763", "CVE-2013-0764", "CVE-2013-0766", "CVE-2013-0767", "CVE-2013-0768", "CVE-2013-0769", "CVE-2013-0770", "CVE-2013-0771"], "immutableFields": [], "lastseen": "2021-09-07T02:15:56", "history": [], "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "nessus", "idList": ["MOZILLA_THUNDERBIRD_1702.NASL", "MACOSX_THUNDERBIRD_10_0_12.NASL", "FREEBSD_PKG_A4ED66325AA911E28FCBC8600054B392.NASL", "SEAMONKEY_215.NASL", "MACOSX_FIREFOX_18_0.NASL", "ORACLELINUX_ELSA-2013-0145.NASL", "6669.PRM", "ORACLELINUX_ELSA-2013-0144.NASL", "801308.PRM", "MACOSX_THUNDERBIRD_17_0_2.NASL", "SL_20130108_THUNDERBIRD_ON_SL5_X.NASL", "REDHAT-RHSA-2013-0145.NASL", "801345.PRM", "SUSE_SU-2013-0306-1.NASL", "MACOSX_FIREFOX_17_0_2.NASL", "MOZILLA_FIREFOX_1701.NASL", "UBUNTU_USN-1681-2.NASL", "CENTOS_RHSA-2013-0144.NASL", "801376.PRM", "MACOSX_FIREFOX_17_0_1.NASL", "800108.PRM", "UBUNTU_USN-1681-3.NASL", "MOZILLA_FIREFOX_180.NASL", "6668.PRM", "REDHAT-RHSA-2013-0144.NASL", "MACOSX_FIREFOX_10_0_12.NASL", "MOZILLA_FIREFOX_1702.NASL", "SUSE_11_FIREFOX-201301-130110.NASL", "UBUNTU_USN-1681-1.NASL", "UBUNTU_USN-1681-4.NASL", "SL_20130108_FIREFOX_ON_SL5_X.NASL", "MOZILLA_FIREFOX_10012.NASL", "CENTOS_RHSA-2013-0145.NASL", "SUSE_FIREFOX-201301-8426.NASL", "MOZILLA_THUNDERBIRD_10012.NASL", "6670.PRM"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310841289", "OPENVAS:1361412562310803205", "OPENVAS:803202", "OPENVAS:803200", "OPENVAS:1361412562310841273", "OPENVAS:841273", "OPENVAS:881577", "OPENVAS:881554", "OPENVAS:881565", "OPENVAS:1361412562310841307", "OPENVAS:1361412562310803099", "OPENVAS:870885", "OPENVAS:803201", "OPENVAS:881562", "OPENVAS:1361412562310803203", "OPENVAS:841272", "OPENVAS:1361412562310870885", "OPENVAS:850391", "OPENVAS:1361412562310881562", "OPENVAS:841289", "OPENVAS:803204", "OPENVAS:881555", "OPENVAS:803099", "OPENVAS:1361412562310881553", "OPENVAS:803098", "OPENVAS:841307", "OPENVAS:870881", "OPENVAS:1361412562310803200", "OPENVAS:1361412562310803201", "OPENVAS:1361412562310881577", "OPENVAS:1361412562310123765", "OPENVAS:1361412562310123766", "OPENVAS:1361412562310803204", "OPENVAS:1361412562310803098", "OPENVAS:1361412562310850391", "OPENVAS:803205", "OPENVAS:1361412562310870881", "OPENVAS:881553", "OPENVAS:1361412562310841272", "OPENVAS:1361412562310881565", "OPENVAS:1361412562310881554", "OPENVAS:1361412562310881555"]}, {"type": "suse", "idList": ["SUSE-SU-2013:0049-1", "SUSE-SU-2013:0306-1", "SUSE-SU-2013:0292-1", "SUSE-SU-2013:0048-1", "OPENSUSE-SU-2013:0149-1", "OPENSUSE-SU-2013:0131-1"]}, {"type": "freebsd", "idList": ["A4ED6632-5AA9-11E2-8FCB-C8600054B392"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:12816"]}, {"type": "ubuntu", "idList": ["USN-1681-4", "USN-1681-2", "USN-1681-1", "USN-1681-3"]}, {"type": "centos", "idList": ["CESA-2013:0145", "CESA-2013:0144"]}, {"type": "oraclelinux", "idList": ["ELSA-2013-0145", "ELSA-2013-0144"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/LINUXRPM-RHSA-2013-0145/", "MSF:ILITIES/LINUXRPM-RHSA-2013-0144/"]}, {"type": "redhat", "idList": ["RHSA-2013:0145", "RHSA-2013:0144"]}, {"type": "mozilla", "idList": ["MFSA2013-02"]}], "modified": "2021-09-07T02:15:56", "rev": 2}, "score": {"value": 10.0, "vector": "NONE", "modified": "2021-09-07T02:15:56", "rev": 2}}, "objectVersion": "1.6", "pluginID": "74918", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2013-17.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(74918);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2012-0759\", \"CVE-2012-5829\", \"CVE-2013-0744\", \"CVE-2013-0745\", \"CVE-2013-0746\", \"CVE-2013-0747\", \"CVE-2013-0748\", \"CVE-2013-0749\", \"CVE-2013-0750\", \"CVE-2013-0751\", \"CVE-2013-0752\", \"CVE-2013-0753\", \"CVE-2013-0754\", \"CVE-2013-0755\", \"CVE-2013-0756\", \"CVE-2013-0757\", \"CVE-2013-0758\", \"CVE-2013-0759\", \"CVE-2013-0760\", \"CVE-2013-0761\", \"CVE-2013-0762\", \"CVE-2013-0763\", \"CVE-2013-0764\", \"CVE-2013-0766\", \"CVE-2013-0767\", \"CVE-2013-0768\", \"CVE-2013-0769\", \"CVE-2013-0770\", \"CVE-2013-0771\");\n\n script_name(english:\"openSUSE Security Update : firefox / seamonkey / thunderbird (openSUSE-SU-2013:0149-1)\");\n script_summary(english:\"Check for the openSUSE-2013-17 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Mozilla January 8th 2013 security release contains updates :\n\nMozilla Firefox was updated to version 18.0. Mozilla SeaMonkey was\nupdated to version 2.15. Mozilla Thunderbird was updated to version\n17.0.2. Mozilla XULRunner was updated to version 17.0.2.\n\n - MFSA 2013-01/CVE-2013-0749/CVE-2013-0769/CVE-2013-0770\n Miscellaneous memory safety hazards\n\n - MFSA\n 2013-02/CVE-2013-0760/CVE-2013-0762/CVE-2013-0766/CVE-20\n 13-0767\n CVE-2013-0761/CVE-2013-0763/CVE-2013-0771/CVE-2012-5829\n Use-after-free and buffer overflow issues found using\n Address Sanitizer\n\n - MFSA 2013-03/CVE-2013-0768 (bmo#815795) Buffer Overflow\n in Canvas\n\n - MFSA 2013-04/CVE-2012-0759 (bmo#802026) URL spoofing in\n addressbar during page loads\n\n - MFSA 2013-05/CVE-2013-0744 (bmo#814713) Use-after-free\n when displaying table with many columns and column\n groups\n\n - MFSA 2013-06/CVE-2013-0751 (bmo#790454) Touch events are\n shared across iframes\n\n - MFSA 2013-07/CVE-2013-0764 (bmo#804237) Crash due to\n handling of SSL on threads\n\n - MFSA 2013-08/CVE-2013-0745 (bmo#794158)\n AutoWrapperChanger fails to keep objects alive during\n garbage collection\n\n - MFSA 2013-09/CVE-2013-0746 (bmo#816842) Compartment\n mismatch with quickstubs returned values\n\n - MFSA 2013-10/CVE-2013-0747 (bmo#733305) Event\n manipulation in plugin handler to bypass same-origin\n policy\n\n - MFSA 2013-11/CVE-2013-0748 (bmo#806031) Address space\n layout leaked in XBL objects\n\n - MFSA 2013-12/CVE-2013-0750 (bmo#805121) Buffer overflow\n in JavaScript string concatenation\n\n - MFSA 2013-13/CVE-2013-0752 (bmo#805024) Memory\n corruption in XBL with XML bindings containing SVG\n\n - MFSA 2013-14/CVE-2013-0757 (bmo#813901) Chrome Object\n Wrapper (COW) bypass through changing prototype\n\n - MFSA 2013-15/CVE-2013-0758 (bmo#813906) Privilege\n escalation through plugin objects\n\n - MFSA 2013-16/CVE-2013-0753 (bmo#814001) Use-after-free\n in serializeToStream\n\n - MFSA 2013-17/CVE-2013-0754 (bmo#814026) Use-after-free\n in ListenerManager\n\n - MFSA 2013-18/CVE-2013-0755 (bmo#814027) Use-after-free\n in Vibrate\n\n - MFSA 2013-19/CVE-2013-0756 (bmo#814029) Use-after-free\n in JavaScript Proxy objects\n\nMozilla NSPR was updated to 4.9.4, containing some small bugfixes and\nnew features.\n\nMozilla NSS was updated to 3.14.1 containing various new features,\nsecurity fix and bugfixes :\n\n - MFSA 2013-20/CVE-2013-0743 (bmo#825022, bnc#796628)\n revoke mis-issued intermediate certificates from\n TURKTRUST\n\nCryptographic changes done :\n\n - Support for TLS 1.1 (RFC 4346)\n\n - Experimental support for DTLS 1.0 (RFC 4347) and\n DTLS-SRTP (RFC 5764)\n\n - Support for AES-CTR, AES-CTS, and AES-GCM\n\n - Support for Keying Material Exporters for TLS (RFC 5705)\n\n - Support for certificate signatures using the MD5 hash\n algorithm is now disabled by default\n\n - The NSS license has changed to MPL 2.0. Previous\n releases were released under a MPL 1.1/GPL 2.0/LGPL 2.1\n tri-license. For more information about MPL 2.0, please\n see http://www.mozilla.org/MPL/2.0/FAQ.html. For an\n additional explanation on GPL/LGPL compatibility, see\n security/nss/COPYING in the source code.\n\n - Export and DES cipher suites are disabled by default.\n Non-ECC AES and Triple DES cipher suites are enabled by\n default\n\nPlease see http://www.mozilla.org/security/announce/ for more\ninformation.\"\n );\n # http://www.mozilla.org/MPL/2.0/FAQ.html.\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/MPL/2.0/FAQ.html.\"\n );\n # http://www.mozilla.org/security/announce/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=796628\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2013-01/msg00040.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected firefox / seamonkey / thunderbird packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Firefox 17.0.1 Flash Privileged Code Injection');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-branding-upstream\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-buildsymbols\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-buildsymbols\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:enigmail\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:enigmail-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreebl3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreebl3-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreebl3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreebl3-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsoftokn3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsoftokn3-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsoftokn3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsoftokn3-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-js\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-js-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-js-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-js-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nspr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nspr-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nspr-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nspr-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nspr-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nspr-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-certs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-certs-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-certs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-certs-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-dom-inspector\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-irc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-venkman\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xulrunner\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xulrunner-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xulrunner-buildsymbols\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xulrunner-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xulrunner-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xulrunner-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xulrunner-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xulrunner-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/01/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.1|SUSE12\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.1 / 12.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaFirefox-18.0-2.58.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaFirefox-branding-upstream-18.0-2.58.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaFirefox-buildsymbols-18.0-2.58.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaFirefox-debuginfo-18.0-2.58.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaFirefox-debugsource-18.0-2.58.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaFirefox-devel-18.0-2.58.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaFirefox-translations-common-18.0-2.58.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaFirefox-translations-other-18.0-2.58.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaThunderbird-17.0.2-33.47.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaThunderbird-buildsymbols-17.0.2-33.47.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaThunderbird-debuginfo-17.0.2-33.47.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaThunderbird-debugsource-17.0.2-33.47.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaThunderbird-devel-17.0.2-33.47.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaThunderbird-devel-debuginfo-17.0.2-33.47.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaThunderbird-translations-common-17.0.2-33.47.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaThunderbird-translations-other-17.0.2-33.47.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"enigmail-1.5.0+17.0.2-33.47.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"enigmail-debuginfo-1.5.0+17.0.2-33.47.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libfreebl3-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libfreebl3-debuginfo-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libsoftokn3-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libsoftokn3-debuginfo-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-js-17.0.2-2.53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-js-debuginfo-17.0.2-2.53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nspr-4.9.4-3.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nspr-debuginfo-4.9.4-3.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nspr-debugsource-4.9.4-3.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nspr-devel-4.9.4-3.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nss-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nss-certs-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nss-certs-debuginfo-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nss-debuginfo-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nss-debugsource-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nss-devel-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nss-sysinit-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nss-sysinit-debuginfo-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nss-tools-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nss-tools-debuginfo-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"seamonkey-2.15-2.49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"seamonkey-debuginfo-2.15-2.49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"seamonkey-debugsource-2.15-2.49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"seamonkey-dom-inspector-2.15-2.49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"seamonkey-irc-2.15-2.49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"seamonkey-translations-common-2.15-2.49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"seamonkey-translations-other-2.15-2.49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"seamonkey-venkman-2.15-2.49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"xulrunner-17.0.2-2.53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"xulrunner-buildsymbols-17.0.2-2.53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"xulrunner-debuginfo-17.0.2-2.53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"xulrunner-debugsource-17.0.2-2.53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"xulrunner-devel-17.0.2-2.53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"xulrunner-devel-debuginfo-17.0.2-2.53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"libfreebl3-32bit-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"libfreebl3-debuginfo-32bit-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"libsoftokn3-32bit-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"libsoftokn3-debuginfo-32bit-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"mozilla-js-32bit-17.0.2-2.53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"mozilla-js-debuginfo-32bit-17.0.2-2.53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"mozilla-nspr-32bit-4.9.4-3.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"mozilla-nspr-debuginfo-32bit-4.9.4-3.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"mozilla-nss-32bit-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"mozilla-nss-certs-32bit-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"mozilla-nss-certs-debuginfo-32bit-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"mozilla-nss-debuginfo-32bit-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"mozilla-nss-sysinit-32bit-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"mozilla-nss-sysinit-debuginfo-32bit-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"xulrunner-32bit-17.0.2-2.53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"xulrunner-debuginfo-32bit-17.0.2-2.53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaFirefox-18.0-2.29.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaFirefox-branding-upstream-18.0-2.29.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaFirefox-buildsymbols-18.0-2.29.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaFirefox-debuginfo-18.0-2.29.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaFirefox-debugsource-18.0-2.29.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaFirefox-devel-18.0-2.29.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaFirefox-translations-common-18.0-2.29.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaFirefox-translations-other-18.0-2.29.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaThunderbird-17.0.2-49.27.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaThunderbird-buildsymbols-17.0.2-49.27.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaThunderbird-debuginfo-17.0.2-49.27.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaThunderbird-debugsource-17.0.2-49.27.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaThunderbird-devel-17.0.2-49.27.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaThunderbird-devel-debuginfo-17.0.2-49.27.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaThunderbird-translations-common-17.0.2-49.27.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaThunderbird-translations-other-17.0.2-49.27.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"enigmail-1.5.0+17.0.2-49.27.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"enigmail-debuginfo-1.5.0+17.0.2-49.27.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"libfreebl3-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"libfreebl3-debuginfo-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"libsoftokn3-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"libsoftokn3-debuginfo-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-js-17.0.2-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-js-debuginfo-17.0.2-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-nspr-4.9.4-1.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-nspr-debuginfo-4.9.4-1.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-nspr-debugsource-4.9.4-1.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-nspr-devel-4.9.4-1.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-nss-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-nss-certs-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-nss-certs-debuginfo-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-nss-debuginfo-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-nss-debugsource-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-nss-devel-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-nss-sysinit-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-nss-sysinit-debuginfo-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-nss-tools-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-nss-tools-debuginfo-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"seamonkey-2.15-2.30.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"seamonkey-debuginfo-2.15-2.30.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"seamonkey-debugsource-2.15-2.30.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"seamonkey-dom-inspector-2.15-2.30.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"seamonkey-irc-2.15-2.30.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"seamonkey-translations-common-2.15-2.30.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"seamonkey-translations-other-2.15-2.30.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"seamonkey-venkman-2.15-2.30.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"xulrunner-17.0.2-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"xulrunner-buildsymbols-17.0.2-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"xulrunner-debuginfo-17.0.2-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"xulrunner-debugsource-17.0.2-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"xulrunner-devel-17.0.2-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"xulrunner-devel-debuginfo-17.0.2-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"libfreebl3-32bit-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"libfreebl3-debuginfo-32bit-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"libsoftokn3-32bit-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"libsoftokn3-debuginfo-32bit-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"mozilla-js-32bit-17.0.2-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"mozilla-js-debuginfo-32bit-17.0.2-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"mozilla-nspr-32bit-4.9.4-1.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"mozilla-nspr-debuginfo-32bit-4.9.4-1.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"mozilla-nss-32bit-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"mozilla-nss-certs-32bit-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"mozilla-nss-certs-debuginfo-32bit-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"mozilla-nss-debuginfo-32bit-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"mozilla-nss-sysinit-32bit-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"mozilla-nss-sysinit-debuginfo-32bit-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"xulrunner-32bit-17.0.2-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"xulrunner-debuginfo-32bit-17.0.2-2.26.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MozillaFirefox / MozillaFirefox-branding-upstream / etc\");\n}\n", "naslFamily": "SuSE Local Security Checks", "cpe": ["p-cpe:/a:novell:opensuse:MozillaFirefox", "p-cpe:/a:novell:opensuse:MozillaFirefox-branding-upstream", "p-cpe:/a:novell:opensuse:MozillaFirefox-buildsymbols", "p-cpe:/a:novell:opensuse:MozillaFirefox-debuginfo", "p-cpe:/a:novell:opensuse:MozillaFirefox-debugsource", "p-cpe:/a:novell:opensuse:MozillaFirefox-devel", "p-cpe:/a:novell:opensuse:MozillaFirefox-translations-common", "p-cpe:/a:novell:opensuse:MozillaFirefox-translations-other", "p-cpe:/a:novell:opensuse:MozillaThunderbird", "p-cpe:/a:novell:opensuse:MozillaThunderbird-buildsymbols", "p-cpe:/a:novell:opensuse:MozillaThunderbird-debuginfo", "p-cpe:/a:novell:opensuse:MozillaThunderbird-debugsource", "p-cpe:/a:novell:opensuse:MozillaThunderbird-devel", "p-cpe:/a:novell:opensuse:MozillaThunderbird-devel-debuginfo", "p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-common", "p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-other", "p-cpe:/a:novell:opensuse:enigmail", "p-cpe:/a:novell:opensuse:enigmail-debuginfo", "p-cpe:/a:novell:opensuse:libfreebl3", "p-cpe:/a:novell:opensuse:libfreebl3-32bit", "p-cpe:/a:novell:opensuse:libfreebl3-debuginfo", "p-cpe:/a:novell:opensuse:libfreebl3-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libsoftokn3", "p-cpe:/a:novell:opensuse:libsoftokn3-32bit", "p-cpe:/a:novell:opensuse:libsoftokn3-debuginfo", "p-cpe:/a:novell:opensuse:libsoftokn3-debuginfo-32bit", "p-cpe:/a:novell:opensuse:mozilla-js", "p-cpe:/a:novell:opensuse:mozilla-js-32bit", "p-cpe:/a:novell:opensuse:mozilla-js-debuginfo", "p-cpe:/a:novell:opensuse:mozilla-js-debuginfo-32bit", "p-cpe:/a:novell:opensuse:mozilla-nspr", "p-cpe:/a:novell:opensuse:mozilla-nspr-32bit", "p-cpe:/a:novell:opensuse:mozilla-nspr-debuginfo", "p-cpe:/a:novell:opensuse:mozilla-nspr-debuginfo-32bit", "p-cpe:/a:novell:opensuse:mozilla-nspr-debugsource", "p-cpe:/a:novell:opensuse:mozilla-nspr-devel", "p-cpe:/a:novell:opensuse:mozilla-nss", "p-cpe:/a:novell:opensuse:mozilla-nss-32bit", "p-cpe:/a:novell:opensuse:mozilla-nss-certs", "p-cpe:/a:novell:opensuse:mozilla-nss-certs-32bit", "p-cpe:/a:novell:opensuse:mozilla-nss-certs-debuginfo", "p-cpe:/a:novell:opensuse:mozilla-nss-certs-debuginfo-32bit", "p-cpe:/a:novell:opensuse:mozilla-nss-debuginfo", "p-cpe:/a:novell:opensuse:mozilla-nss-debuginfo-32bit", "p-cpe:/a:novell:opensuse:mozilla-nss-debugsource", "p-cpe:/a:novell:opensuse:mozilla-nss-devel", "p-cpe:/a:novell:opensuse:mozilla-nss-sysinit", "p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-32bit", "p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-debuginfo", "p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-debuginfo-32bit", "p-cpe:/a:novell:opensuse:mozilla-nss-tools", "p-cpe:/a:novell:opensuse:mozilla-nss-tools-debuginfo", "p-cpe:/a:novell:opensuse:seamonkey", "p-cpe:/a:novell:opensuse:seamonkey-debuginfo", "p-cpe:/a:novell:opensuse:seamonkey-debugsource", "p-cpe:/a:novell:opensuse:seamonkey-dom-inspector", "p-cpe:/a:novell:opensuse:seamonkey-irc", "p-cpe:/a:novell:opensuse:seamonkey-translations-common", "p-cpe:/a:novell:opensuse:seamonkey-translations-other", "p-cpe:/a:novell:opensuse:seamonkey-venkman", "p-cpe:/a:novell:opensuse:xulrunner", "p-cpe:/a:novell:opensuse:xulrunner-32bit", "p-cpe:/a:novell:opensuse:xulrunner-buildsymbols", "p-cpe:/a:novell:opensuse:xulrunner-debuginfo", "p-cpe:/a:novell:opensuse:xulrunner-debuginfo-32bit", "p-cpe:/a:novell:opensuse:xulrunner-debugsource", "p-cpe:/a:novell:opensuse:xulrunner-devel", "p-cpe:/a:novell:opensuse:xulrunner-devel-debuginfo", "cpe:/o:novell:opensuse:12.1", "cpe:/o:novell:opensuse:12.2"], "solution": "Update the affected firefox / seamonkey / thunderbird packages.", "nessusSeverity": "Critical", "cvssScoreSource": "", "vpr": {"risk factor": "Critical", "score": "9.2"}, "exploitAvailable": true, "exploitEase": "Exploits are available", "patchPublicationDate": "2013-01-09T00:00:00", "vulnerabilityPublicationDate": null, "exploitableWith": ["Core Impact", "Metasploit(Firefox 17.0.1 Flash Privileged Code Injection)"]}, "lastseen": "2021-09-07T02:15:56", "differentElements": ["vpr"], "edition": 12}, {"bulletin": {"id": "OPENSUSE-2013-17.NASL", "hash": "4f748c20d8303e4c2afe9e37e3cf83ce", "type": "nessus", "bulletinFamily": "scanner", "title": "openSUSE Security Update : firefox / seamonkey / thunderbird (openSUSE-SU-2013:0149-1)", "description": "The Mozilla January 8th 2013 security release contains updates :\n\nMozilla Firefox was updated to version 18.0. Mozilla SeaMonkey was updated to version 2.15. Mozilla Thunderbird was updated to version 17.0.2. Mozilla XULRunner was updated to version 17.0.2.\n\n - MFSA 2013-01/CVE-2013-0749/CVE-2013-0769/CVE-2013-0770 Miscellaneous memory safety hazards\n\n - MFSA 2013-02/CVE-2013-0760/CVE-2013-0762/CVE-2013-0766/CVE-20 13-0767 CVE-2013-0761/CVE-2013-0763/CVE-2013-0771/CVE-2012-5829 Use-after-free and buffer overflow issues found using Address Sanitizer\n\n - MFSA 2013-03/CVE-2013-0768 (bmo#815795) Buffer Overflow in Canvas\n\n - MFSA 2013-04/CVE-2012-0759 (bmo#802026) URL spoofing in addressbar during page loads\n\n - MFSA 2013-05/CVE-2013-0744 (bmo#814713) Use-after-free when displaying table with many columns and column groups\n\n - MFSA 2013-06/CVE-2013-0751 (bmo#790454) Touch events are shared across iframes\n\n - MFSA 2013-07/CVE-2013-0764 (bmo#804237) Crash due to handling of SSL on threads\n\n - MFSA 2013-08/CVE-2013-0745 (bmo#794158) AutoWrapperChanger fails to keep objects alive during garbage collection\n\n - MFSA 2013-09/CVE-2013-0746 (bmo#816842) Compartment mismatch with quickstubs returned values\n\n - MFSA 2013-10/CVE-2013-0747 (bmo#733305) Event manipulation in plugin handler to bypass same-origin policy\n\n - MFSA 2013-11/CVE-2013-0748 (bmo#806031) Address space layout leaked in XBL objects\n\n - MFSA 2013-12/CVE-2013-0750 (bmo#805121) Buffer overflow in JavaScript string concatenation\n\n - MFSA 2013-13/CVE-2013-0752 (bmo#805024) Memory corruption in XBL with XML bindings containing SVG\n\n - MFSA 2013-14/CVE-2013-0757 (bmo#813901) Chrome Object Wrapper (COW) bypass through changing prototype\n\n - MFSA 2013-15/CVE-2013-0758 (bmo#813906) Privilege escalation through plugin objects\n\n - MFSA 2013-16/CVE-2013-0753 (bmo#814001) Use-after-free in serializeToStream\n\n - MFSA 2013-17/CVE-2013-0754 (bmo#814026) Use-after-free in ListenerManager\n\n - MFSA 2013-18/CVE-2013-0755 (bmo#814027) Use-after-free in Vibrate\n\n - MFSA 2013-19/CVE-2013-0756 (bmo#814029) Use-after-free in JavaScript Proxy objects\n\nMozilla NSPR was updated to 4.9.4, containing some small bugfixes and new features.\n\nMozilla NSS was updated to 3.14.1 containing various new features, security fix and bugfixes :\n\n - MFSA 2013-20/CVE-2013-0743 (bmo#825022, bnc#796628) revoke mis-issued intermediate certificates from TURKTRUST\n\nCryptographic changes done :\n\n - Support for TLS 1.1 (RFC 4346)\n\n - Experimental support for DTLS 1.0 (RFC 4347) and DTLS-SRTP (RFC 5764)\n\n - Support for AES-CTR, AES-CTS, and AES-GCM\n\n - Support for Keying Material Exporters for TLS (RFC 5705)\n\n - Support for certificate signatures using the MD5 hash algorithm is now disabled by default\n\n - The NSS license has changed to MPL 2.0. Previous releases were released under a MPL 1.1/GPL 2.0/LGPL 2.1 tri-license. For more information about MPL 2.0, please see http://www.mozilla.org/MPL/2.0/FAQ.html. For an additional explanation on GPL/LGPL compatibility, see security/nss/COPYING in the source code.\n\n - Export and DES cipher suites are disabled by default.\n Non-ECC AES and Triple DES cipher suites are enabled by default\n\nPlease see http://www.mozilla.org/security/announce/ for more information.", "published": "2014-06-13T00:00:00", "modified": "2021-01-19T00:00:00", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {"score": null, "vector": null}, "href": "https://www.tenable.com/plugins/nessus/74918", "reporter": "This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0766", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0759", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0767", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0752", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5829", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0756", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0746", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0747", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0758", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0744", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0759", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0770", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0749", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0757", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0768", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0769", "https://lists.opensuse.org/opensuse-updates/2013-01/msg00040.html", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0762", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0745", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0764", "https://www.mozilla.org/en-US/MPL/2.0/FAQ.html.", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0750", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0751", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0760", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0761", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0754", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0753", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0755", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0748", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0763", "https://bugzilla.novell.com/show_bug.cgi?id=796628", "https://www.mozilla.org/en-US/security/advisories/", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0771"], "cvelist": ["CVE-2012-0759", "CVE-2012-5829", "CVE-2013-0744", "CVE-2013-0745", "CVE-2013-0746", "CVE-2013-0747", "CVE-2013-0748", "CVE-2013-0749", "CVE-2013-0750", "CVE-2013-0751", "CVE-2013-0752", "CVE-2013-0753", "CVE-2013-0754", "CVE-2013-0755", "CVE-2013-0756", "CVE-2013-0757", "CVE-2013-0758", "CVE-2013-0759", "CVE-2013-0760", "CVE-2013-0761", "CVE-2013-0762", "CVE-2013-0763", "CVE-2013-0764", "CVE-2013-0766", "CVE-2013-0767", "CVE-2013-0768", "CVE-2013-0769", "CVE-2013-0770", "CVE-2013-0771"], "immutableFields": [], "lastseen": "2021-10-06T05:04:50", "history": [], "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "nessus", "idList": ["6668.PRM", "MACOSX_FIREFOX_17_0_1.NASL", "MOZILLA_THUNDERBIRD_1702.NASL", "CENTOS_RHSA-2013-0144.NASL", "MOZILLA_THUNDERBIRD_10012.NASL", "SUSE_11_FIREFOX-201301-130110.NASL", "6669.PRM", "UBUNTU_USN-1681-1.NASL", "MACOSX_FIREFOX_10_0_12.NASL", "MOZILLA_FIREFOX_1701.NASL", "MOZILLA_FIREFOX_180.NASL", "6670.PRM", "REDHAT-RHSA-2013-0144.NASL", "FREEBSD_PKG_A4ED66325AA911E28FCBC8600054B392.NASL", "801376.PRM", "MACOSX_FIREFOX_17_0_2.NASL", "UBUNTU_USN-1681-2.NASL", "SEAMONKEY_215.NASL", "MOZILLA_FIREFOX_1702.NASL", "UBUNTU_USN-1681-3.NASL", "MACOSX_THUNDERBIRD_10_0_12.NASL", "REDHAT-RHSA-2013-0145.NASL", "CENTOS_RHSA-2013-0145.NASL", "MACOSX_FIREFOX_18_0.NASL", "ORACLELINUX_ELSA-2013-0145.NASL", "SL_20130108_THUNDERBIRD_ON_SL5_X.NASL", "801345.PRM", "ORACLELINUX_ELSA-2013-0144.NASL", "MOZILLA_FIREFOX_10012.NASL", "SUSE_FIREFOX-201301-8426.NASL", "MACOSX_THUNDERBIRD_17_0_2.NASL", "800108.PRM", "UBUNTU_USN-1681-4.NASL", "SL_20130108_FIREFOX_ON_SL5_X.NASL", "801308.PRM", "SUSE_SU-2013-0306-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310870885", "OPENVAS:881553", "OPENVAS:1361412562310850391", "OPENVAS:881562", "OPENVAS:1361412562310803205", "OPENVAS:1361412562310841289", "OPENVAS:803201", "OPENVAS:1361412562310803099", "OPENVAS:1361412562310881553", "OPENVAS:1361412562310123766", "OPENVAS:850391", "OPENVAS:803205", "OPENVAS:841273", "OPENVAS:803200", "OPENVAS:1361412562310841272", "OPENVAS:881555", "OPENVAS:870881", "OPENVAS:881577", "OPENVAS:881565", "OPENVAS:1361412562310803200", "OPENVAS:1361412562310803204", "OPENVAS:1361412562310881562", "OPENVAS:1361412562310881554", "OPENVAS:841289", "OPENVAS:1361412562310841307", "OPENVAS:1361412562310841273", "OPENVAS:1361412562310123765", "OPENVAS:1361412562310881577", "OPENVAS:1361412562310803098", "OPENVAS:803099", "OPENVAS:803098", "OPENVAS:803202", "OPENVAS:1361412562310803201", "OPENVAS:1361412562310881565", "OPENVAS:1361412562310881555", "OPENVAS:841307", "OPENVAS:803204", "OPENVAS:870885", "OPENVAS:881554", "OPENVAS:1361412562310803203", "OPENVAS:841272", "OPENVAS:1361412562310870881"]}, {"type": "suse", "idList": ["SUSE-SU-2013:0292-1", "SUSE-SU-2013:0048-1", "OPENSUSE-SU-2013:0131-1", "SUSE-SU-2013:0306-1", "SUSE-SU-2013:0049-1", "OPENSUSE-SU-2013:0149-1"]}, {"type": "freebsd", "idList": ["A4ED6632-5AA9-11E2-8FCB-C8600054B392"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:12816"]}, {"type": "ubuntu", "idList": ["USN-1681-3", "USN-1681-1", "USN-1681-2", "USN-1681-4"]}, {"type": "centos", "idList": ["CESA-2013:0145", "CESA-2013:0144"]}, {"type": "oraclelinux", "idList": ["ELSA-2013-0144", "ELSA-2013-0145"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/LINUXRPM-RHSA-2013-0144/", "MSF:ILITIES/LINUXRPM-RHSA-2013-0145/"]}, {"type": "redhat", "idList": ["RHSA-2013:0144", "RHSA-2013:0145"]}, {"type": "mozilla", "idList": ["MFSA2013-02"]}], "modified": "2021-10-06T05:04:50", "rev": 2}, "score": {"value": 10.0, "vector": "NONE", "modified": "2021-10-06T05:04:50", "rev": 2}}, "objectVersion": "1.6", "pluginID": "74918", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2013-17.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(74918);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2012-0759\", \"CVE-2012-5829\", \"CVE-2013-0744\", \"CVE-2013-0745\", \"CVE-2013-0746\", \"CVE-2013-0747\", \"CVE-2013-0748\", \"CVE-2013-0749\", \"CVE-2013-0750\", \"CVE-2013-0751\", \"CVE-2013-0752\", \"CVE-2013-0753\", \"CVE-2013-0754\", \"CVE-2013-0755\", \"CVE-2013-0756\", \"CVE-2013-0757\", \"CVE-2013-0758\", \"CVE-2013-0759\", \"CVE-2013-0760\", \"CVE-2013-0761\", \"CVE-2013-0762\", \"CVE-2013-0763\", \"CVE-2013-0764\", \"CVE-2013-0766\", \"CVE-2013-0767\", \"CVE-2013-0768\", \"CVE-2013-0769\", \"CVE-2013-0770\", \"CVE-2013-0771\");\n\n script_name(english:\"openSUSE Security Update : firefox / seamonkey / thunderbird (openSUSE-SU-2013:0149-1)\");\n script_summary(english:\"Check for the openSUSE-2013-17 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Mozilla January 8th 2013 security release contains updates :\n\nMozilla Firefox was updated to version 18.0. Mozilla SeaMonkey was\nupdated to version 2.15. Mozilla Thunderbird was updated to version\n17.0.2. Mozilla XULRunner was updated to version 17.0.2.\n\n - MFSA 2013-01/CVE-2013-0749/CVE-2013-0769/CVE-2013-0770\n Miscellaneous memory safety hazards\n\n - MFSA\n 2013-02/CVE-2013-0760/CVE-2013-0762/CVE-2013-0766/CVE-20\n 13-0767\n CVE-2013-0761/CVE-2013-0763/CVE-2013-0771/CVE-2012-5829\n Use-after-free and buffer overflow issues found using\n Address Sanitizer\n\n - MFSA 2013-03/CVE-2013-0768 (bmo#815795) Buffer Overflow\n in Canvas\n\n - MFSA 2013-04/CVE-2012-0759 (bmo#802026) URL spoofing in\n addressbar during page loads\n\n - MFSA 2013-05/CVE-2013-0744 (bmo#814713) Use-after-free\n when displaying table with many columns and column\n groups\n\n - MFSA 2013-06/CVE-2013-0751 (bmo#790454) Touch events are\n shared across iframes\n\n - MFSA 2013-07/CVE-2013-0764 (bmo#804237) Crash due to\n handling of SSL on threads\n\n - MFSA 2013-08/CVE-2013-0745 (bmo#794158)\n AutoWrapperChanger fails to keep objects alive during\n garbage collection\n\n - MFSA 2013-09/CVE-2013-0746 (bmo#816842) Compartment\n mismatch with quickstubs returned values\n\n - MFSA 2013-10/CVE-2013-0747 (bmo#733305) Event\n manipulation in plugin handler to bypass same-origin\n policy\n\n - MFSA 2013-11/CVE-2013-0748 (bmo#806031) Address space\n layout leaked in XBL objects\n\n - MFSA 2013-12/CVE-2013-0750 (bmo#805121) Buffer overflow\n in JavaScript string concatenation\n\n - MFSA 2013-13/CVE-2013-0752 (bmo#805024) Memory\n corruption in XBL with XML bindings containing SVG\n\n - MFSA 2013-14/CVE-2013-0757 (bmo#813901) Chrome Object\n Wrapper (COW) bypass through changing prototype\n\n - MFSA 2013-15/CVE-2013-0758 (bmo#813906) Privilege\n escalation through plugin objects\n\n - MFSA 2013-16/CVE-2013-0753 (bmo#814001) Use-after-free\n in serializeToStream\n\n - MFSA 2013-17/CVE-2013-0754 (bmo#814026) Use-after-free\n in ListenerManager\n\n - MFSA 2013-18/CVE-2013-0755 (bmo#814027) Use-after-free\n in Vibrate\n\n - MFSA 2013-19/CVE-2013-0756 (bmo#814029) Use-after-free\n in JavaScript Proxy objects\n\nMozilla NSPR was updated to 4.9.4, containing some small bugfixes and\nnew features.\n\nMozilla NSS was updated to 3.14.1 containing various new features,\nsecurity fix and bugfixes :\n\n - MFSA 2013-20/CVE-2013-0743 (bmo#825022, bnc#796628)\n revoke mis-issued intermediate certificates from\n TURKTRUST\n\nCryptographic changes done :\n\n - Support for TLS 1.1 (RFC 4346)\n\n - Experimental support for DTLS 1.0 (RFC 4347) and\n DTLS-SRTP (RFC 5764)\n\n - Support for AES-CTR, AES-CTS, and AES-GCM\n\n - Support for Keying Material Exporters for TLS (RFC 5705)\n\n - Support for certificate signatures using the MD5 hash\n algorithm is now disabled by default\n\n - The NSS license has changed to MPL 2.0. Previous\n releases were released under a MPL 1.1/GPL 2.0/LGPL 2.1\n tri-license. For more information about MPL 2.0, please\n see http://www.mozilla.org/MPL/2.0/FAQ.html. For an\n additional explanation on GPL/LGPL compatibility, see\n security/nss/COPYING in the source code.\n\n - Export and DES cipher suites are disabled by default.\n Non-ECC AES and Triple DES cipher suites are enabled by\n default\n\nPlease see http://www.mozilla.org/security/announce/ for more\ninformation.\"\n );\n # http://www.mozilla.org/MPL/2.0/FAQ.html.\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/MPL/2.0/FAQ.html.\"\n );\n # http://www.mozilla.org/security/announce/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=796628\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2013-01/msg00040.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected firefox / seamonkey / thunderbird packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Firefox 17.0.1 Flash Privileged Code Injection');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-branding-upstream\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-buildsymbols\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-buildsymbols\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:enigmail\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:enigmail-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreebl3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreebl3-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreebl3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreebl3-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsoftokn3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsoftokn3-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsoftokn3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsoftokn3-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-js\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-js-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-js-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-js-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nspr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nspr-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nspr-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nspr-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nspr-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nspr-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-certs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-certs-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-certs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-certs-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-dom-inspector\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-irc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-venkman\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xulrunner\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xulrunner-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xulrunner-buildsymbols\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xulrunner-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xulrunner-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xulrunner-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xulrunner-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xulrunner-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/01/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.1|SUSE12\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.1 / 12.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaFirefox-18.0-2.58.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaFirefox-branding-upstream-18.0-2.58.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaFirefox-buildsymbols-18.0-2.58.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaFirefox-debuginfo-18.0-2.58.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaFirefox-debugsource-18.0-2.58.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaFirefox-devel-18.0-2.58.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaFirefox-translations-common-18.0-2.58.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaFirefox-translations-other-18.0-2.58.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaThunderbird-17.0.2-33.47.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaThunderbird-buildsymbols-17.0.2-33.47.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaThunderbird-debuginfo-17.0.2-33.47.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaThunderbird-debugsource-17.0.2-33.47.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaThunderbird-devel-17.0.2-33.47.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaThunderbird-devel-debuginfo-17.0.2-33.47.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaThunderbird-translations-common-17.0.2-33.47.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaThunderbird-translations-other-17.0.2-33.47.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"enigmail-1.5.0+17.0.2-33.47.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"enigmail-debuginfo-1.5.0+17.0.2-33.47.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libfreebl3-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libfreebl3-debuginfo-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libsoftokn3-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libsoftokn3-debuginfo-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-js-17.0.2-2.53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-js-debuginfo-17.0.2-2.53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nspr-4.9.4-3.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nspr-debuginfo-4.9.4-3.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nspr-debugsource-4.9.4-3.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nspr-devel-4.9.4-3.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nss-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nss-certs-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nss-certs-debuginfo-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nss-debuginfo-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nss-debugsource-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nss-devel-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nss-sysinit-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nss-sysinit-debuginfo-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nss-tools-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nss-tools-debuginfo-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"seamonkey-2.15-2.49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"seamonkey-debuginfo-2.15-2.49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"seamonkey-debugsource-2.15-2.49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"seamonkey-dom-inspector-2.15-2.49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"seamonkey-irc-2.15-2.49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"seamonkey-translations-common-2.15-2.49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"seamonkey-translations-other-2.15-2.49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"seamonkey-venkman-2.15-2.49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"xulrunner-17.0.2-2.53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"xulrunner-buildsymbols-17.0.2-2.53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"xulrunner-debuginfo-17.0.2-2.53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"xulrunner-debugsource-17.0.2-2.53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"xulrunner-devel-17.0.2-2.53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"xulrunner-devel-debuginfo-17.0.2-2.53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"libfreebl3-32bit-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"libfreebl3-debuginfo-32bit-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"libsoftokn3-32bit-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"libsoftokn3-debuginfo-32bit-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"mozilla-js-32bit-17.0.2-2.53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"mozilla-js-debuginfo-32bit-17.0.2-2.53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"mozilla-nspr-32bit-4.9.4-3.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"mozilla-nspr-debuginfo-32bit-4.9.4-3.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"mozilla-nss-32bit-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"mozilla-nss-certs-32bit-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"mozilla-nss-certs-debuginfo-32bit-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"mozilla-nss-debuginfo-32bit-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"mozilla-nss-sysinit-32bit-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"mozilla-nss-sysinit-debuginfo-32bit-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"xulrunner-32bit-17.0.2-2.53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"xulrunner-debuginfo-32bit-17.0.2-2.53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaFirefox-18.0-2.29.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaFirefox-branding-upstream-18.0-2.29.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaFirefox-buildsymbols-18.0-2.29.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaFirefox-debuginfo-18.0-2.29.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaFirefox-debugsource-18.0-2.29.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaFirefox-devel-18.0-2.29.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaFirefox-translations-common-18.0-2.29.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaFirefox-translations-other-18.0-2.29.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaThunderbird-17.0.2-49.27.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaThunderbird-buildsymbols-17.0.2-49.27.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaThunderbird-debuginfo-17.0.2-49.27.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaThunderbird-debugsource-17.0.2-49.27.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaThunderbird-devel-17.0.2-49.27.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaThunderbird-devel-debuginfo-17.0.2-49.27.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaThunderbird-translations-common-17.0.2-49.27.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaThunderbird-translations-other-17.0.2-49.27.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"enigmail-1.5.0+17.0.2-49.27.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"enigmail-debuginfo-1.5.0+17.0.2-49.27.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"libfreebl3-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"libfreebl3-debuginfo-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"libsoftokn3-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"libsoftokn3-debuginfo-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-js-17.0.2-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-js-debuginfo-17.0.2-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-nspr-4.9.4-1.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-nspr-debuginfo-4.9.4-1.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-nspr-debugsource-4.9.4-1.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-nspr-devel-4.9.4-1.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-nss-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-nss-certs-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-nss-certs-debuginfo-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-nss-debuginfo-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-nss-debugsource-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-nss-devel-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-nss-sysinit-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-nss-sysinit-debuginfo-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-nss-tools-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-nss-tools-debuginfo-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"seamonkey-2.15-2.30.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"seamonkey-debuginfo-2.15-2.30.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"seamonkey-debugsource-2.15-2.30.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"seamonkey-dom-inspector-2.15-2.30.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"seamonkey-irc-2.15-2.30.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"seamonkey-translations-common-2.15-2.30.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"seamonkey-translations-other-2.15-2.30.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"seamonkey-venkman-2.15-2.30.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"xulrunner-17.0.2-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"xulrunner-buildsymbols-17.0.2-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"xulrunner-debuginfo-17.0.2-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"xulrunner-debugsource-17.0.2-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"xulrunner-devel-17.0.2-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"xulrunner-devel-debuginfo-17.0.2-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"libfreebl3-32bit-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"libfreebl3-debuginfo-32bit-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"libsoftokn3-32bit-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"libsoftokn3-debuginfo-32bit-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"mozilla-js-32bit-17.0.2-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"mozilla-js-debuginfo-32bit-17.0.2-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"mozilla-nspr-32bit-4.9.4-1.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"mozilla-nspr-debuginfo-32bit-4.9.4-1.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"mozilla-nss-32bit-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"mozilla-nss-certs-32bit-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"mozilla-nss-certs-debuginfo-32bit-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"mozilla-nss-debuginfo-32bit-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"mozilla-nss-sysinit-32bit-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"mozilla-nss-sysinit-debuginfo-32bit-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"xulrunner-32bit-17.0.2-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"xulrunner-debuginfo-32bit-17.0.2-2.26.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MozillaFirefox / MozillaFirefox-branding-upstream / etc\");\n}\n", "naslFamily": "SuSE Local Security Checks", "cpe": ["p-cpe:/a:novell:opensuse:MozillaFirefox", "p-cpe:/a:novell:opensuse:MozillaFirefox-branding-upstream", "p-cpe:/a:novell:opensuse:MozillaFirefox-buildsymbols", "p-cpe:/a:novell:opensuse:MozillaFirefox-debuginfo", "p-cpe:/a:novell:opensuse:MozillaFirefox-debugsource", "p-cpe:/a:novell:opensuse:MozillaFirefox-devel", "p-cpe:/a:novell:opensuse:MozillaFirefox-translations-common", "p-cpe:/a:novell:opensuse:MozillaFirefox-translations-other", "p-cpe:/a:novell:opensuse:MozillaThunderbird", "p-cpe:/a:novell:opensuse:MozillaThunderbird-buildsymbols", "p-cpe:/a:novell:opensuse:MozillaThunderbird-debuginfo", "p-cpe:/a:novell:opensuse:MozillaThunderbird-debugsource", "p-cpe:/a:novell:opensuse:MozillaThunderbird-devel", "p-cpe:/a:novell:opensuse:MozillaThunderbird-devel-debuginfo", "p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-common", "p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-other", "p-cpe:/a:novell:opensuse:enigmail", "p-cpe:/a:novell:opensuse:enigmail-debuginfo", "p-cpe:/a:novell:opensuse:libfreebl3", "p-cpe:/a:novell:opensuse:libfreebl3-32bit", "p-cpe:/a:novell:opensuse:libfreebl3-debuginfo", "p-cpe:/a:novell:opensuse:libfreebl3-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libsoftokn3", "p-cpe:/a:novell:opensuse:libsoftokn3-32bit", "p-cpe:/a:novell:opensuse:libsoftokn3-debuginfo", "p-cpe:/a:novell:opensuse:libsoftokn3-debuginfo-32bit", "p-cpe:/a:novell:opensuse:mozilla-js", "p-cpe:/a:novell:opensuse:mozilla-js-32bit", "p-cpe:/a:novell:opensuse:mozilla-js-debuginfo", "p-cpe:/a:novell:opensuse:mozilla-js-debuginfo-32bit", "p-cpe:/a:novell:opensuse:mozilla-nspr", "p-cpe:/a:novell:opensuse:mozilla-nspr-32bit", "p-cpe:/a:novell:opensuse:mozilla-nspr-debuginfo", "p-cpe:/a:novell:opensuse:mozilla-nspr-debuginfo-32bit", "p-cpe:/a:novell:opensuse:mozilla-nspr-debugsource", "p-cpe:/a:novell:opensuse:mozilla-nspr-devel", "p-cpe:/a:novell:opensuse:mozilla-nss", "p-cpe:/a:novell:opensuse:mozilla-nss-32bit", "p-cpe:/a:novell:opensuse:mozilla-nss-certs", "p-cpe:/a:novell:opensuse:mozilla-nss-certs-32bit", "p-cpe:/a:novell:opensuse:mozilla-nss-certs-debuginfo", "p-cpe:/a:novell:opensuse:mozilla-nss-certs-debuginfo-32bit", "p-cpe:/a:novell:opensuse:mozilla-nss-debuginfo", "p-cpe:/a:novell:opensuse:mozilla-nss-debuginfo-32bit", "p-cpe:/a:novell:opensuse:mozilla-nss-debugsource", "p-cpe:/a:novell:opensuse:mozilla-nss-devel", "p-cpe:/a:novell:opensuse:mozilla-nss-sysinit", "p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-32bit", "p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-debuginfo", "p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-debuginfo-32bit", "p-cpe:/a:novell:opensuse:mozilla-nss-tools", "p-cpe:/a:novell:opensuse:mozilla-nss-tools-debuginfo", "p-cpe:/a:novell:opensuse:seamonkey", "p-cpe:/a:novell:opensuse:seamonkey-debuginfo", "p-cpe:/a:novell:opensuse:seamonkey-debugsource", "p-cpe:/a:novell:opensuse:seamonkey-dom-inspector", "p-cpe:/a:novell:opensuse:seamonkey-irc", "p-cpe:/a:novell:opensuse:seamonkey-translations-common", "p-cpe:/a:novell:opensuse:seamonkey-translations-other", "p-cpe:/a:novell:opensuse:seamonkey-venkman", "p-cpe:/a:novell:opensuse:xulrunner", "p-cpe:/a:novell:opensuse:xulrunner-32bit", "p-cpe:/a:novell:opensuse:xulrunner-buildsymbols", "p-cpe:/a:novell:opensuse:xulrunner-debuginfo", "p-cpe:/a:novell:opensuse:xulrunner-debuginfo-32bit", "p-cpe:/a:novell:opensuse:xulrunner-debugsource", "p-cpe:/a:novell:opensuse:xulrunner-devel", "p-cpe:/a:novell:opensuse:xulrunner-devel-debuginfo", "cpe:/o:novell:opensuse:12.1", "cpe:/o:novell:opensuse:12.2"], "solution": "Update the affected firefox / seamonkey / thunderbird packages.", "nessusSeverity": "Critical", "cvssScoreSource": "", "vpr": {"risk factor": "Critical", "score": "9.4"}, "exploitAvailable": true, "exploitEase": "Exploits are available", "patchPublicationDate": "2013-01-09T00:00:00", "vulnerabilityPublicationDate": null, "exploitableWith": ["Core Impact", "Metasploit(Firefox 17.0.1 Flash Privileged Code Injection)"]}, "lastseen": "2021-10-06T05:04:50", "differentElements": ["vpr"], "edition": 13}], "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "nessus", "idList": ["MOZILLA_FIREFOX_1701.NASL", "SUSE_11_FIREFOX-201301-130110.NASL", "MOZILLA_FIREFOX_1702.NASL", "MACOSX_FIREFOX_10_0_12.NASL", "6669.PRM", "MOZILLA_FIREFOX_180.NASL", "CENTOS_RHSA-2013-0145.NASL", "MOZILLA_FIREFOX_10012.NASL", "6668.PRM", "SUSE_SU-2013-0306-1.NASL", "SUSE_FIREFOX-201301-8426.NASL", "UBUNTU_USN-1681-1.NASL", "MACOSX_FIREFOX_18_0.NASL", "800108.PRM", "UBUNTU_USN-1681-4.NASL", "ORACLELINUX_ELSA-2013-0145.NASL", "MACOSX_THUNDERBIRD_10_0_12.NASL", "REDHAT-RHSA-2013-0145.NASL", "CENTOS_RHSA-2013-0144.NASL", "FREEBSD_PKG_A4ED66325AA911E28FCBC8600054B392.NASL", "MACOSX_THUNDERBIRD_17_0_2.NASL", "801345.PRM", "SL_20130108_FIREFOX_ON_SL5_X.NASL", "MACOSX_FIREFOX_17_0_1.NASL", "MOZILLA_THUNDERBIRD_1702.NASL", "SEAMONKEY_215.NASL", "SL_20130108_THUNDERBIRD_ON_SL5_X.NASL", "UBUNTU_USN-1681-3.NASL", "ORACLELINUX_ELSA-2013-0144.NASL", "801376.PRM", "MACOSX_FIREFOX_17_0_2.NASL", "UBUNTU_USN-1681-2.NASL", "801308.PRM", "MOZILLA_THUNDERBIRD_10012.NASL", "REDHAT-RHSA-2013-0144.NASL", "6670.PRM"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310881577", "OPENVAS:1361412562310803201", "OPENVAS:870885", "OPENVAS:881555", "OPENVAS:841272", "OPENVAS:1361412562310870885", "OPENVAS:1361412562310803200", "OPENVAS:803202", "OPENVAS:1361412562310881553", "OPENVAS:881554", "OPENVAS:1361412562310881562", "OPENVAS:1361412562310803203", "OPENVAS:803205", "OPENVAS:1361412562310841307", "OPENVAS:1361412562310803098", "OPENVAS:1361412562310123766", "OPENVAS:1361412562310841273", "OPENVAS:803098", "OPENVAS:1361412562310803204", "OPENVAS:803204", "OPENVAS:1361412562310850391", "OPENVAS:1361412562310881555", "OPENVAS:881565", "OPENVAS:841273", "OPENVAS:1361412562310803205", "OPENVAS:881562", "OPENVAS:1361412562310841272", "OPENVAS:1361412562310803099", "OPENVAS:803201", "OPENVAS:870881", "OPENVAS:841289", "OPENVAS:1361412562310841289", "OPENVAS:803099", "OPENVAS:1361412562310881554", "OPENVAS:1361412562310123765", "OPENVAS:803200", "OPENVAS:850391", "OPENVAS:1361412562310870881", "OPENVAS:881553", "OPENVAS:1361412562310881565", "OPENVAS:841307", "OPENVAS:881577"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2013:0131-1", "SUSE-SU-2013:0292-1", "OPENSUSE-SU-2013:0149-1", "SUSE-SU-2013:0048-1", "SUSE-SU-2013:0306-1", "SUSE-SU-2013:0049-1"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:12816"]}, {"type": "freebsd", "idList": ["A4ED6632-5AA9-11E2-8FCB-C8600054B392"]}, {"type": "ubuntu", "idList": ["USN-1681-1", "USN-1681-4", "USN-1681-2", "USN-1681-3"]}, {"type": "centos", "idList": ["CESA-2013:0145", "CESA-2013:0144"]}, {"type": "oraclelinux", "idList": ["ELSA-2013-0144", "ELSA-2013-0145"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/LINUXRPM-RHSA-2013-0145/", "MSF:ILITIES/LINUXRPM-RHSA-2013-0144/"]}, {"type": "redhat", "idList": ["RHSA-2013:0144", "RHSA-2013:0145"]}, {"type": "mozilla", "idList": ["MFSA2013-02"]}], "modified": "2021-10-14T02:40:24", "rev": 2}, "score": {"value": 10.0, "vector": "NONE", "modified": "2021-10-14T02:40:24", "rev": 2}}, "objectVersion": "1.6", "pluginID": "74918", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2013-17.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(74918);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2012-0759\", \"CVE-2012-5829\", \"CVE-2013-0744\", \"CVE-2013-0745\", \"CVE-2013-0746\", \"CVE-2013-0747\", \"CVE-2013-0748\", \"CVE-2013-0749\", \"CVE-2013-0750\", \"CVE-2013-0751\", \"CVE-2013-0752\", \"CVE-2013-0753\", \"CVE-2013-0754\", \"CVE-2013-0755\", \"CVE-2013-0756\", \"CVE-2013-0757\", \"CVE-2013-0758\", \"CVE-2013-0759\", \"CVE-2013-0760\", \"CVE-2013-0761\", \"CVE-2013-0762\", \"CVE-2013-0763\", \"CVE-2013-0764\", \"CVE-2013-0766\", \"CVE-2013-0767\", \"CVE-2013-0768\", \"CVE-2013-0769\", \"CVE-2013-0770\", \"CVE-2013-0771\");\n\n script_name(english:\"openSUSE Security Update : firefox / seamonkey / thunderbird (openSUSE-SU-2013:0149-1)\");\n script_summary(english:\"Check for the openSUSE-2013-17 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Mozilla January 8th 2013 security release contains updates :\n\nMozilla Firefox was updated to version 18.0. Mozilla SeaMonkey was\nupdated to version 2.15. Mozilla Thunderbird was updated to version\n17.0.2. Mozilla XULRunner was updated to version 17.0.2.\n\n - MFSA 2013-01/CVE-2013-0749/CVE-2013-0769/CVE-2013-0770\n Miscellaneous memory safety hazards\n\n - MFSA\n 2013-02/CVE-2013-0760/CVE-2013-0762/CVE-2013-0766/CVE-20\n 13-0767\n CVE-2013-0761/CVE-2013-0763/CVE-2013-0771/CVE-2012-5829\n Use-after-free and buffer overflow issues found using\n Address Sanitizer\n\n - MFSA 2013-03/CVE-2013-0768 (bmo#815795) Buffer Overflow\n in Canvas\n\n - MFSA 2013-04/CVE-2012-0759 (bmo#802026) URL spoofing in\n addressbar during page loads\n\n - MFSA 2013-05/CVE-2013-0744 (bmo#814713) Use-after-free\n when displaying table with many columns and column\n groups\n\n - MFSA 2013-06/CVE-2013-0751 (bmo#790454) Touch events are\n shared across iframes\n\n - MFSA 2013-07/CVE-2013-0764 (bmo#804237) Crash due to\n handling of SSL on threads\n\n - MFSA 2013-08/CVE-2013-0745 (bmo#794158)\n AutoWrapperChanger fails to keep objects alive during\n garbage collection\n\n - MFSA 2013-09/CVE-2013-0746 (bmo#816842) Compartment\n mismatch with quickstubs returned values\n\n - MFSA 2013-10/CVE-2013-0747 (bmo#733305) Event\n manipulation in plugin handler to bypass same-origin\n policy\n\n - MFSA 2013-11/CVE-2013-0748 (bmo#806031) Address space\n layout leaked in XBL objects\n\n - MFSA 2013-12/CVE-2013-0750 (bmo#805121) Buffer overflow\n in JavaScript string concatenation\n\n - MFSA 2013-13/CVE-2013-0752 (bmo#805024) Memory\n corruption in XBL with XML bindings containing SVG\n\n - MFSA 2013-14/CVE-2013-0757 (bmo#813901) Chrome Object\n Wrapper (COW) bypass through changing prototype\n\n - MFSA 2013-15/CVE-2013-0758 (bmo#813906) Privilege\n escalation through plugin objects\n\n - MFSA 2013-16/CVE-2013-0753 (bmo#814001) Use-after-free\n in serializeToStream\n\n - MFSA 2013-17/CVE-2013-0754 (bmo#814026) Use-after-free\n in ListenerManager\n\n - MFSA 2013-18/CVE-2013-0755 (bmo#814027) Use-after-free\n in Vibrate\n\n - MFSA 2013-19/CVE-2013-0756 (bmo#814029) Use-after-free\n in JavaScript Proxy objects\n\nMozilla NSPR was updated to 4.9.4, containing some small bugfixes and\nnew features.\n\nMozilla NSS was updated to 3.14.1 containing various new features,\nsecurity fix and bugfixes :\n\n - MFSA 2013-20/CVE-2013-0743 (bmo#825022, bnc#796628)\n revoke mis-issued intermediate certificates from\n TURKTRUST\n\nCryptographic changes done :\n\n - Support for TLS 1.1 (RFC 4346)\n\n - Experimental support for DTLS 1.0 (RFC 4347) and\n DTLS-SRTP (RFC 5764)\n\n - Support for AES-CTR, AES-CTS, and AES-GCM\n\n - Support for Keying Material Exporters for TLS (RFC 5705)\n\n - Support for certificate signatures using the MD5 hash\n algorithm is now disabled by default\n\n - The NSS license has changed to MPL 2.0. Previous\n releases were released under a MPL 1.1/GPL 2.0/LGPL 2.1\n tri-license. For more information about MPL 2.0, please\n see http://www.mozilla.org/MPL/2.0/FAQ.html. For an\n additional explanation on GPL/LGPL compatibility, see\n security/nss/COPYING in the source code.\n\n - Export and DES cipher suites are disabled by default.\n Non-ECC AES and Triple DES cipher suites are enabled by\n default\n\nPlease see http://www.mozilla.org/security/announce/ for more\ninformation.\"\n );\n # http://www.mozilla.org/MPL/2.0/FAQ.html.\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/MPL/2.0/FAQ.html.\"\n );\n # http://www.mozilla.org/security/announce/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=796628\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2013-01/msg00040.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected firefox / seamonkey / thunderbird packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Firefox 17.0.1 Flash Privileged Code Injection');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-branding-upstream\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-buildsymbols\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-buildsymbols\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:enigmail\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:enigmail-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreebl3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreebl3-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreebl3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreebl3-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsoftokn3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsoftokn3-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsoftokn3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsoftokn3-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-js\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-js-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-js-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-js-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nspr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nspr-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nspr-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nspr-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nspr-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nspr-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-certs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-certs-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-certs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-certs-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-dom-inspector\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-irc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-venkman\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xulrunner\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xulrunner-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xulrunner-buildsymbols\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xulrunner-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xulrunner-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xulrunner-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xulrunner-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xulrunner-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/01/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.1|SUSE12\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.1 / 12.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaFirefox-18.0-2.58.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaFirefox-branding-upstream-18.0-2.58.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaFirefox-buildsymbols-18.0-2.58.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaFirefox-debuginfo-18.0-2.58.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaFirefox-debugsource-18.0-2.58.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaFirefox-devel-18.0-2.58.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaFirefox-translations-common-18.0-2.58.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaFirefox-translations-other-18.0-2.58.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaThunderbird-17.0.2-33.47.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaThunderbird-buildsymbols-17.0.2-33.47.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaThunderbird-debuginfo-17.0.2-33.47.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaThunderbird-debugsource-17.0.2-33.47.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaThunderbird-devel-17.0.2-33.47.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaThunderbird-devel-debuginfo-17.0.2-33.47.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaThunderbird-translations-common-17.0.2-33.47.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaThunderbird-translations-other-17.0.2-33.47.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"enigmail-1.5.0+17.0.2-33.47.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"enigmail-debuginfo-1.5.0+17.0.2-33.47.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libfreebl3-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libfreebl3-debuginfo-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libsoftokn3-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libsoftokn3-debuginfo-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-js-17.0.2-2.53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-js-debuginfo-17.0.2-2.53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nspr-4.9.4-3.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nspr-debuginfo-4.9.4-3.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nspr-debugsource-4.9.4-3.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nspr-devel-4.9.4-3.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nss-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nss-certs-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nss-certs-debuginfo-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nss-debuginfo-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nss-debugsource-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nss-devel-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nss-sysinit-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nss-sysinit-debuginfo-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nss-tools-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nss-tools-debuginfo-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"seamonkey-2.15-2.49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"seamonkey-debuginfo-2.15-2.49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"seamonkey-debugsource-2.15-2.49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"seamonkey-dom-inspector-2.15-2.49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"seamonkey-irc-2.15-2.49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"seamonkey-translations-common-2.15-2.49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"seamonkey-translations-other-2.15-2.49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"seamonkey-venkman-2.15-2.49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"xulrunner-17.0.2-2.53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"xulrunner-buildsymbols-17.0.2-2.53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"xulrunner-debuginfo-17.0.2-2.53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"xulrunner-debugsource-17.0.2-2.53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"xulrunner-devel-17.0.2-2.53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"xulrunner-devel-debuginfo-17.0.2-2.53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"libfreebl3-32bit-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"libfreebl3-debuginfo-32bit-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"libsoftokn3-32bit-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"libsoftokn3-debuginfo-32bit-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"mozilla-js-32bit-17.0.2-2.53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"mozilla-js-debuginfo-32bit-17.0.2-2.53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"mozilla-nspr-32bit-4.9.4-3.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"mozilla-nspr-debuginfo-32bit-4.9.4-3.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"mozilla-nss-32bit-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"mozilla-nss-certs-32bit-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"mozilla-nss-certs-debuginfo-32bit-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"mozilla-nss-debuginfo-32bit-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"mozilla-nss-sysinit-32bit-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"mozilla-nss-sysinit-debuginfo-32bit-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"xulrunner-32bit-17.0.2-2.53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"xulrunner-debuginfo-32bit-17.0.2-2.53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaFirefox-18.0-2.29.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaFirefox-branding-upstream-18.0-2.29.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaFirefox-buildsymbols-18.0-2.29.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaFirefox-debuginfo-18.0-2.29.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaFirefox-debugsource-18.0-2.29.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaFirefox-devel-18.0-2.29.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaFirefox-translations-common-18.0-2.29.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaFirefox-translations-other-18.0-2.29.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaThunderbird-17.0.2-49.27.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaThunderbird-buildsymbols-17.0.2-49.27.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaThunderbird-debuginfo-17.0.2-49.27.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaThunderbird-debugsource-17.0.2-49.27.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaThunderbird-devel-17.0.2-49.27.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaThunderbird-devel-debuginfo-17.0.2-49.27.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaThunderbird-translations-common-17.0.2-49.27.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaThunderbird-translations-other-17.0.2-49.27.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"enigmail-1.5.0+17.0.2-49.27.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"enigmail-debuginfo-1.5.0+17.0.2-49.27.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"libfreebl3-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"libfreebl3-debuginfo-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"libsoftokn3-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"libsoftokn3-debuginfo-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-js-17.0.2-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-js-debuginfo-17.0.2-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-nspr-4.9.4-1.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-nspr-debuginfo-4.9.4-1.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-nspr-debugsource-4.9.4-1.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-nspr-devel-4.9.4-1.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-nss-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-nss-certs-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-nss-certs-debuginfo-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-nss-debuginfo-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-nss-debugsource-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-nss-devel-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-nss-sysinit-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-nss-sysinit-debuginfo-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-nss-tools-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-nss-tools-debuginfo-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"seamonkey-2.15-2.30.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"seamonkey-debuginfo-2.15-2.30.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"seamonkey-debugsource-2.15-2.30.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"seamonkey-dom-inspector-2.15-2.30.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"seamonkey-irc-2.15-2.30.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"seamonkey-translations-common-2.15-2.30.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"seamonkey-translations-other-2.15-2.30.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"seamonkey-venkman-2.15-2.30.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"xulrunner-17.0.2-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"xulrunner-buildsymbols-17.0.2-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"xulrunner-debuginfo-17.0.2-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"xulrunner-debugsource-17.0.2-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"xulrunner-devel-17.0.2-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"xulrunner-devel-debuginfo-17.0.2-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"libfreebl3-32bit-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"libfreebl3-debuginfo-32bit-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"libsoftokn3-32bit-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"libsoftokn3-debuginfo-32bit-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"mozilla-js-32bit-17.0.2-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"mozilla-js-debuginfo-32bit-17.0.2-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"mozilla-nspr-32bit-4.9.4-1.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"mozilla-nspr-debuginfo-32bit-4.9.4-1.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"mozilla-nss-32bit-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"mozilla-nss-certs-32bit-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"mozilla-nss-certs-debuginfo-32bit-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"mozilla-nss-debuginfo-32bit-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"mozilla-nss-sysinit-32bit-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"mozilla-nss-sysinit-debuginfo-32bit-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"xulrunner-32bit-17.0.2-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"xulrunner-debuginfo-32bit-17.0.2-2.26.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MozillaFirefox / MozillaFirefox-branding-upstream / etc\");\n}\n", "naslFamily": "SuSE Local Security Checks", "cpe": ["p-cpe:/a:novell:opensuse:MozillaFirefox", "p-cpe:/a:novell:opensuse:MozillaFirefox-branding-upstream", "p-cpe:/a:novell:opensuse:MozillaFirefox-buildsymbols", "p-cpe:/a:novell:opensuse:MozillaFirefox-debuginfo", "p-cpe:/a:novell:opensuse:MozillaFirefox-debugsource", "p-cpe:/a:novell:opensuse:MozillaFirefox-devel", "p-cpe:/a:novell:opensuse:MozillaFirefox-translations-common", "p-cpe:/a:novell:opensuse:MozillaFirefox-translations-other", "p-cpe:/a:novell:opensuse:MozillaThunderbird", "p-cpe:/a:novell:opensuse:MozillaThunderbird-buildsymbols", "p-cpe:/a:novell:opensuse:MozillaThunderbird-debuginfo", "p-cpe:/a:novell:opensuse:MozillaThunderbird-debugsource", "p-cpe:/a:novell:opensuse:MozillaThunderbird-devel", "p-cpe:/a:novell:opensuse:MozillaThunderbird-devel-debuginfo", "p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-common", "p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-other", "p-cpe:/a:novell:opensuse:enigmail", "p-cpe:/a:novell:opensuse:enigmail-debuginfo", "p-cpe:/a:novell:opensuse:libfreebl3", "p-cpe:/a:novell:opensuse:libfreebl3-32bit", "p-cpe:/a:novell:opensuse:libfreebl3-debuginfo", "p-cpe:/a:novell:opensuse:libfreebl3-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libsoftokn3", "p-cpe:/a:novell:opensuse:libsoftokn3-32bit", "p-cpe:/a:novell:opensuse:libsoftokn3-debuginfo", "p-cpe:/a:novell:opensuse:libsoftokn3-debuginfo-32bit", "p-cpe:/a:novell:opensuse:mozilla-js", "p-cpe:/a:novell:opensuse:mozilla-js-32bit", "p-cpe:/a:novell:opensuse:mozilla-js-debuginfo", "p-cpe:/a:novell:opensuse:mozilla-js-debuginfo-32bit", "p-cpe:/a:novell:opensuse:mozilla-nspr", "p-cpe:/a:novell:opensuse:mozilla-nspr-32bit", "p-cpe:/a:novell:opensuse:mozilla-nspr-debuginfo", "p-cpe:/a:novell:opensuse:mozilla-nspr-debuginfo-32bit", "p-cpe:/a:novell:opensuse:mozilla-nspr-debugsource", "p-cpe:/a:novell:opensuse:mozilla-nspr-devel", "p-cpe:/a:novell:opensuse:mozilla-nss", "p-cpe:/a:novell:opensuse:mozilla-nss-32bit", "p-cpe:/a:novell:opensuse:mozilla-nss-certs", "p-cpe:/a:novell:opensuse:mozilla-nss-certs-32bit", "p-cpe:/a:novell:opensuse:mozilla-nss-certs-debuginfo", "p-cpe:/a:novell:opensuse:mozilla-nss-certs-debuginfo-32bit", "p-cpe:/a:novell:opensuse:mozilla-nss-debuginfo", "p-cpe:/a:novell:opensuse:mozilla-nss-debuginfo-32bit", "p-cpe:/a:novell:opensuse:mozilla-nss-debugsource", "p-cpe:/a:novell:opensuse:mozilla-nss-devel", "p-cpe:/a:novell:opensuse:mozilla-nss-sysinit", "p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-32bit", "p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-debuginfo", "p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-debuginfo-32bit", "p-cpe:/a:novell:opensuse:mozilla-nss-tools", "p-cpe:/a:novell:opensuse:mozilla-nss-tools-debuginfo", "p-cpe:/a:novell:opensuse:seamonkey", "p-cpe:/a:novell:opensuse:seamonkey-debuginfo", "p-cpe:/a:novell:opensuse:seamonkey-debugsource", "p-cpe:/a:novell:opensuse:seamonkey-dom-inspector", "p-cpe:/a:novell:opensuse:seamonkey-irc", "p-cpe:/a:novell:opensuse:seamonkey-translations-common", "p-cpe:/a:novell:opensuse:seamonkey-translations-other", "p-cpe:/a:novell:opensuse:seamonkey-venkman", "p-cpe:/a:novell:opensuse:xulrunner", "p-cpe:/a:novell:opensuse:xulrunner-32bit", "p-cpe:/a:novell:opensuse:xulrunner-buildsymbols", "p-cpe:/a:novell:opensuse:xulrunner-debuginfo", "p-cpe:/a:novell:opensuse:xulrunner-debuginfo-32bit", "p-cpe:/a:novell:opensuse:xulrunner-debugsource", "p-cpe:/a:novell:opensuse:xulrunner-devel", "p-cpe:/a:novell:opensuse:xulrunner-devel-debuginfo", "cpe:/o:novell:opensuse:12.1", "cpe:/o:novell:opensuse:12.2"], "solution": "Update the affected firefox / seamonkey / thunderbird packages.", "nessusSeverity": "Critical", "cvssScoreSource": "", "vpr": {"risk factor": "Critical", "score": "9.5"}, "exploitAvailable": true, "exploitEase": "Exploits are available", "patchPublicationDate": "2013-01-09T00:00:00", "vulnerabilityPublicationDate": null, "exploitableWith": ["Core Impact", "Metasploit(Firefox 17.0.1 Flash Privileged Code Injection)"], "_object_type": "robots.models.nessus.NessusBulletin", "_object_types": ["robots.models.base.Bulletin", "robots.models.nessus.NessusBulletin"]}], "openvas": [{"id": "OPENVAS:1361412562310802398", "hash": "bd927fa6ab3c64f4750c0a0560a703f1", "type": "openvas", "bulletinFamily": "scanner", "title": "Adobe Shockwave Player Multiple Vulnerabilities - Feb 2012 (Windows)", "description": "This host is installed with Adobe Shockwave Player and is prone\n to multiple vulnerabilities.", "published": "2012-02-17T00:00:00", "modified": "2019-05-17T00:00:00", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310802398", "reporter": "Copyright (c) 2012 Greenbone Networks GmbH", "references": ["http://secunia.com/advisories/47932/", "http://www.adobe.com/support/security/bulletins/apsb12-02.html", "http://get.adobe.com/shockwave/otherversions/", "http://www.securitytracker.com/id/1026675"], "cvelist": ["CVE-2012-0763", "CVE-2012-0758", "CVE-2012-0757", "CVE-2012-0764", "CVE-2012-0760", "CVE-2012-0759", "CVE-2012-0762", "CVE-2012-0761", "CVE-2012-0771", "CVE-2012-0766"], "lastseen": "2019-05-29T18:38:35", "history": [{"bulletin": {"id": "OPENVAS:1361412562310802398", "hash": "3340198b25388492c561da20ed79640698bf6fac1f9ddbc67f3819ac1f6b406c", "type": "openvas", "bulletinFamily": "scanner", "title": "Adobe Shockwave Player Multiple Vulnerabilities - Feb 2012 (Windows)", "description": "This host is installed with Adobe Shockwave Player and is prone\n to multiple vulnerabilities.", "published": "2012-02-17T00:00:00", "modified": "2019-05-17T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310802398", "reporter": "Copyright (c) 2012 Greenbone Networks GmbH", "references": ["http://secunia.com/advisories/47932/", "http://www.adobe.com/support/security/bulletins/apsb12-02.html", "http://get.adobe.com/shockwave/otherversions/", "http://www.securitytracker.com/id/1026675"], "cvelist": ["CVE-2012-0763", "CVE-2012-0758", "CVE-2012-0757", "CVE-2012-0764", "CVE-2012-0760", "CVE-2012-0759", "CVE-2012-0762", "CVE-2012-0761", "CVE-2012-0771", "CVE-2012-0766"], "lastseen": "2019-05-20T14:46:37", "history": [], "viewCount": 0, "enchantments": {"dependencies": {"modified": "2019-05-20T14:46:37", "references": [{"idList": ["CVE-2012-0763", "CVE-2012-0758", "CVE-2012-0757", "CVE-2012-0764", "CVE-2012-0760", "CVE-2012-0759", "CVE-2012-0762", "CVE-2012-0761", "CVE-2012-0771", "CVE-2012-0766"], "type": "cve"}, {"idList": ["OPENSUSE-SU-2013:0131-1", "OPENSUSE-SU-2014:1100-1", "OPENSUSE-SU-2013:0149-1"], "type": "suse"}, {"idList": ["SECURITYVULNS:DOC:27687", "SECURITYVULNS:DOC:27689", "SECURITYVULNS:VULN:12208", "SECURITYVULNS:DOC:27690", "SECURITYVULNS:VULN:12207"], "type": "securityvulns"}, {"idList": ["OPENVAS:802805", "OPENVAS:802803", "OPENVAS:1361412562310802399", "OPENVAS:1361412562310802803", "OPENVAS:802399", "OPENVAS:802804", "OPENVAS:1361412562310850391", "OPENVAS:1361412562310802804", "OPENVAS:1361412562310802805", "OPENVAS:802398"], "type": "openvas"}, {"idList": ["OPENSUSE-2013-17.NASL", "MACOSX_SHOCKWAVE_PLAYER_APSB12-02.NASL", "SHOCKWAVE_PLAYER_APSB12-02.NASL"], "type": "nessus"}, {"idList": ["SSV:30122"], "type": "seebug"}]}, "score": {"value": 6.8, "vector": "NONE"}}, "objectVersion": "1.4", "pluginID": "1361412562310802398", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Shockwave Player Multiple Vulnerabilities - Feb 2012 (Windows)\n#\n# Authors:\n# Rachana Shetty <srachana@secpod.com>\n#\n# Updated By: Rajat Mishra <rajatm@secpod.com> on 2018-02-19\n# - Updated to include Installation path in the report.\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:shockwave_player\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.802398\");\n script_version(\"2019-05-17T10:45:27+0000\");\n script_cve_id(\"CVE-2012-0757\", \"CVE-2012-0759\", \"CVE-2012-0760\", \"CVE-2012-0761\",\n \"CVE-2012-0762\", \"CVE-2012-0763\", \"CVE-2012-0764\", \"CVE-2012-0766\",\n \"CVE-2012-0758\", \"CVE-2012-0771\");\n script_bugtraq_id(51999, 52006, 52000, 52001, 52002, 52003, 52004, 52005, 52007);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-05-17 10:45:27 +0000 (Fri, 17 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2012-02-17 12:55:43 +0530 (Fri, 17 Feb 2012)\");\n script_name(\"Adobe Shockwave Player Multiple Vulnerabilities - Feb 2012 (Windows)\");\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/47932/\");\n script_xref(name:\"URL\", value:\"http://www.securitytracker.com/id/1026675\");\n script_xref(name:\"URL\", value:\"http://www.adobe.com/support/security/bulletins/apsb12-02.html\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_dependencies(\"secpod_adobe_shockwave_player_detect.nasl\");\n script_mandatory_keys(\"Adobe/ShockwavePlayer/Ver\");\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attackers to cause denial of service or\n execute arbitrary code by tricking a user into visiting a specially crafted\n web page.\");\n script_tag(name:\"affected\", value:\"Adobe Shockwave Player Versions 11.6.3.633 and prior on Windows.\");\n script_tag(name:\"insight\", value:\"The flaws are due to memory corruptions errors in Shockwave 3D Asset\n component when processing malformed file.\");\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Shockwave Player version 11.6.4.634 or later.\");\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Shockwave Player and is prone\n to multiple vulnerabilities.\");\n script_xref(name:\"URL\", value:\"http://get.adobe.com/shockwave/otherversions/\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif(!infos = get_app_version_and_location(cpe:CPE, exit_no_version:TRUE )) exit(0);\nvers = infos['version'];\npath = infos['location'];\n\n\nif(version_is_less(version:vers, test_version:\"11.6.4.634\"))\n{\n report = report_fixed_ver(installed_version:vers, fixed_version:\"11.6.4.634\", install_path:path);\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "naslFamily": "General"}, "differentElements": ["cvss"], "edition": 8, "lastseen": "2019-05-20T14:46:37"}, {"bulletin": {"id": "OPENVAS:1361412562310802398", "hash": "7df62d5a36b58fbeecdc953f04d87f5aed7ac38927151e886efceaa283fbfe89", "type": "openvas", "bulletinFamily": "scanner", "title": "Adobe Shockwave Player Multiple Vulnerabilities - Feb 2012 (Windows)", "description": "This host is installed with Adobe Shockwave Player and is prone\n to multiple vulnerabilities.", "published": "2012-02-17T00:00:00", "modified": "2018-08-20T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310802398", "reporter": "Copyright (c) 2012 Greenbone Networks GmbH", "references": ["http://secunia.com/advisories/47932/", "http://www.adobe.com/support/security/bulletins/apsb12-02.html", "http://www.securitytracker.com/id/1026675"], "cvelist": ["CVE-2012-0763", "CVE-2012-0758", "CVE-2012-0757", "CVE-2012-0764", "CVE-2012-0760", "CVE-2012-0759", "CVE-2012-0762", "CVE-2012-0761", "CVE-2012-0771", "CVE-2012-0766"], "lastseen": "2018-08-30T19:25:28", "history": [], "viewCount": 0, "enchantments": {"score": {"value": 6.8, "vector": "NONE"}}, "objectVersion": "1.4", "pluginID": "1361412562310802398", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_adobe_shockwave_player_mult_vuln_win_feb12.nasl 11058 2018-08-20 14:18:06Z asteins $\n#\n# Adobe Shockwave Player Multiple Vulnerabilities - Feb 2012 (Windows)\n#\n# Authors:\n# Rachana Shetty <srachana@secpod.com>\n#\n# Updated By: Rajat Mishra <rajatm@secpod.com> on 2018-02-19\n# - Updated to include Installation path in the report.\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:shockwave_player\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.802398\");\n script_version(\"$Revision: 11058 $\");\n script_cve_id(\"CVE-2012-0757\", \"CVE-2012-0759\", \"CVE-2012-0760\", \"CVE-2012-0761\",\n \"CVE-2012-0762\", \"CVE-2012-0763\", \"CVE-2012-0764\", \"CVE-2012-0766\",\n \"CVE-2012-0758\", \"CVE-2012-0771\");\n script_bugtraq_id(51999, 52006, 52000, 52001, 52002, 52003, 52004, 52005, 52007);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-08-20 16:18:06 +0200 (Mon, 20 Aug 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-17 12:55:43 +0530 (Fri, 17 Feb 2012)\");\n script_name(\"Adobe Shockwave Player Multiple Vulnerabilities - Feb 2012 (Windows)\");\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/47932/\");\n script_xref(name:\"URL\", value:\"http://www.securitytracker.com/id/1026675\");\n script_xref(name:\"URL\", value:\"http://www.adobe.com/support/security/bulletins/apsb12-02.html\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_dependencies(\"secpod_adobe_shockwave_player_detect.nasl\");\n script_mandatory_keys(\"Adobe/ShockwavePlayer/Ver\");\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attackers to cause denial of service or\n execute arbitrary code by tricking a user into visiting a specially crafted\n web page.\n Impact Level: System/Application\");\n script_tag(name:\"affected\", value:\"Adobe Shockwave Player Versions 11.6.3.633 and prior on Windows.\");\n script_tag(name:\"insight\", value:\"The flaws are due to memory corruptions errors in Shockwave 3D Asset\n component when processing malformed file.\");\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Shockwave Player version 11.6.4.634 or later,\n For updates refer to http://get.adobe.com/shockwave/otherversions/\");\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Shockwave Player and is prone\n to multiple vulnerabilities.\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\ninfos = get_app_version_and_location(cpe:CPE, exit_no_version:TRUE );\nvers = infos['version'];\npath = infos['location'];\n\n\nif(version_is_less(version:vers, test_version:\"11.6.4.634\"))\n{\n report = report_fixed_ver(installed_version:vers, fixed_version:\"11.6.4.634\", install_path:path);\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "naslFamily": "General"}, "differentElements": ["cvss"], "edition": 3, "lastseen": "2018-08-30T19:25:28"}, {"bulletin": {"id": "OPENVAS:1361412562310802398", "hash": "ab588df67738c9ca88bbfffd2bcfddf9462370e42517be4420e0f01d5554bdcc", "type": "openvas", "bulletinFamily": "scanner", "title": "Adobe Shockwave Player Multiple Vulnerabilities - Feb 2012 (Windows)", "description": "This host is installed with Adobe Shockwave Player and is prone\n to multiple vulnerabilities.", "published": "2012-02-17T00:00:00", "modified": "2018-04-06T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310802398", "reporter": "Copyright (c) 2012 Greenbone Networks GmbH", "references": ["http://secunia.com/advisories/47932/", "http://www.adobe.com/support/security/bulletins/apsb12-02.html", "http://www.securitytracker.com/id/1026675"], "cvelist": ["CVE-2012-0763", "CVE-2012-0758", "CVE-2012-0757", "CVE-2012-0764", "CVE-2012-0760", "CVE-2012-0759", "CVE-2012-0762", "CVE-2012-0761", "CVE-2012-0771", "CVE-2012-0766"], "lastseen": "2018-04-06T11:20:19", "history": [], "viewCount": 0, "enchantments": {"score": {"value": 6.8, "vector": "NONE"}}, "objectVersion": "1.4", "pluginID": "1361412562310802398", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_adobe_shockwave_player_mult_vuln_win_feb12.nasl 9352 2018-04-06 07:13:02Z cfischer $\n#\n# Adobe Shockwave Player Multiple Vulnerabilities - Feb 2012 (Windows)\n#\n# Authors:\n# Rachana Shetty <srachana@secpod.com>\n#\n# Updated By: Rajat Mishra <rajatm@secpod.com> on 2018-02-19\n# - Updated to include Installation path in the report.\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:shockwave_player\";\n\ntag_impact = \"Successful exploitation will allow attackers to cause denial of service or\n execute arbitrary code by tricking a user into visiting a specially crafted\n web page.\n Impact Level: System/Application\";\ntag_affected = \"Adobe Shockwave Player Versions 11.6.3.633 and prior on Windows.\";\ntag_insight = \"The flaws are due to memory corruptions errors in Shockwave 3D Asset\n component when processing malformed file.\";\ntag_solution = \"Upgrade to Adobe Shockwave Player version 11.6.4.634 or later,\n For updates refer to http://get.adobe.com/shockwave/otherversions/\";\ntag_summary = \"This host is installed with Adobe Shockwave Player and is prone\n to multiple vulnerabilities.\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.802398\");\n script_version(\"$Revision: 9352 $\");\n script_cve_id(\"CVE-2012-0757\", \"CVE-2012-0759\", \"CVE-2012-0760\", \"CVE-2012-0761\",\n \"CVE-2012-0762\", \"CVE-2012-0763\", \"CVE-2012-0764\", \"CVE-2012-0766\",\n \"CVE-2012-0758\", \"CVE-2012-0771\");\n script_bugtraq_id(51999, 52006, 52000, 52001, 52002, 52003, 52004, 52005, 52007);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:13:02 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-17 12:55:43 +0530 (Fri, 17 Feb 2012)\");\n script_name(\"Adobe Shockwave Player Multiple Vulnerabilities - Feb 2012 (Windows)\");\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/47932/\");\n script_xref(name : \"URL\" , value : \"http://www.securitytracker.com/id/1026675\");\n script_xref(name : \"URL\" , value : \"http://www.adobe.com/support/security/bulletins/apsb12-02.html\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"secpod_adobe_shockwave_player_detect.nasl\");\n script_mandatory_keys(\"Adobe/ShockwavePlayer/Ver\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\n## Variables Initialization\nvers = \"\";\n\ninfos = get_app_version_and_location(cpe:CPE, exit_no_version:TRUE );\nvers = infos['version'];\npath = infos['location'];\n\n\n## Check for Adobe Shockwave Player versions prior to 11.6.4.634\nif(version_is_less(version:vers, test_version:\"11.6.4.634\"))\n{\n report = report_fixed_ver(installed_version:vers, fixed_version:\"11.6.4.634\", install_path:path);\n security_message(data:report);\n exit(0);\n}\nexit(0); \n", "naslFamily": "General"}, "differentElements": ["modified", "sourceData"], "edition": 1, "lastseen": "2018-04-06T11:20:19"}, {"bulletin": {"id": "OPENVAS:1361412562310802398", "hash": "27a208a56b65286eb2d1c198cff604b4664bb28a338289ea105b90ca17ea156e", "type": "openvas", "bulletinFamily": "scanner", "title": "Adobe Shockwave Player Multiple Vulnerabilities - Feb 2012 (Windows)", "description": "This host is installed with Adobe Shockwave Player and is prone\n to multiple vulnerabilities.", "published": "2012-02-17T00:00:00", "modified": "2018-09-12T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310802398", "reporter": "Copyright (c) 2012 Greenbone Networks GmbH", "references": ["http://secunia.com/advisories/47932/", "http://www.adobe.com/support/security/bulletins/apsb12-02.html", "http://www.securitytracker.com/id/1026675"], "cvelist": ["CVE-2012-0763", "CVE-2012-0758", "CVE-2012-0757", "CVE-2012-0764", "CVE-2012-0760", "CVE-2012-0759", "CVE-2012-0762", "CVE-2012-0761", "CVE-2012-0771", "CVE-2012-0766"], "lastseen": "2018-09-14T15:42:48", "history": [], "viewCount": 0, "enchantments": {"score": {"value": 6.8, "vector": "NONE"}}, "objectVersion": "1.4", "pluginID": "1361412562310802398", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_adobe_shockwave_player_mult_vuln_win_feb12.nasl 11357 2018-09-12 10:57:05Z asteins $\n#\n# Adobe Shockwave Player Multiple Vulnerabilities - Feb 2012 (Windows)\n#\n# Authors:\n# Rachana Shetty <srachana@secpod.com>\n#\n# Updated By: Rajat Mishra <rajatm@secpod.com> on 2018-02-19\n# - Updated to include Installation path in the report.\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:shockwave_player\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.802398\");\n script_version(\"$Revision: 11357 $\");\n script_cve_id(\"CVE-2012-0757\", \"CVE-2012-0759\", \"CVE-2012-0760\", \"CVE-2012-0761\",\n \"CVE-2012-0762\", \"CVE-2012-0763\", \"CVE-2012-0764\", \"CVE-2012-0766\",\n \"CVE-2012-0758\", \"CVE-2012-0771\");\n script_bugtraq_id(51999, 52006, 52000, 52001, 52002, 52003, 52004, 52005, 52007);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-12 12:57:05 +0200 (Wed, 12 Sep 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-17 12:55:43 +0530 (Fri, 17 Feb 2012)\");\n script_name(\"Adobe Shockwave Player Multiple Vulnerabilities - Feb 2012 (Windows)\");\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/47932/\");\n script_xref(name:\"URL\", value:\"http://www.securitytracker.com/id/1026675\");\n script_xref(name:\"URL\", value:\"http://www.adobe.com/support/security/bulletins/apsb12-02.html\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_dependencies(\"secpod_adobe_shockwave_player_detect.nasl\");\n script_mandatory_keys(\"Adobe/ShockwavePlayer/Ver\");\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attackers to cause denial of service or\n execute arbitrary code by tricking a user into visiting a specially crafted\n web page.\");\n script_tag(name:\"affected\", value:\"Adobe Shockwave Player Versions 11.6.3.633 and prior on Windows.\");\n script_tag(name:\"insight\", value:\"The flaws are due to memory corruptions errors in Shockwave 3D Asset\n component when processing malformed file.\");\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Shockwave Player version 11.6.4.634 or later,\n For updates refer to http://get.adobe.com/shockwave/otherversions/\");\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Shockwave Player and is prone\n to multiple vulnerabilities.\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\ninfos = get_app_version_and_location(cpe:CPE, exit_no_version:TRUE );\nvers = infos['version'];\npath = infos['location'];\n\n\nif(version_is_less(version:vers, test_version:\"11.6.4.634\"))\n{\n report = report_fixed_ver(installed_version:vers, fixed_version:\"11.6.4.634\", install_path:path);\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "naslFamily": "General"}, "differentElements": ["references", "modified", "sourceData"], "edition": 5, "lastseen": "2018-09-14T15:42:48"}, {"bulletin": {"id": "OPENVAS:1361412562310802398", "hash": "fe0c31792aaf3320f9fc380076094d5e50573eded181f85d7cc0d5855ab164fb", "type": "openvas", "bulletinFamily": "scanner", "title": "Adobe Shockwave Player Multiple Vulnerabilities - Feb 2012 (Windows)", "description": "This host is installed with Adobe Shockwave Player and is prone\n to multiple vulnerabilities.", "published": "2012-02-17T00:00:00", "modified": "2018-10-12T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310802398", "reporter": "Copyright (c) 2012 Greenbone Networks GmbH", "references": ["http://secunia.com/advisories/47932/", "http://www.adobe.com/support/security/bulletins/apsb12-02.html", "http://get.adobe.com/shockwave/otherversions/", "http://www.securitytracker.com/id/1026675"], "cvelist": ["CVE-2012-0763", "CVE-2012-0758", "CVE-2012-0757", "CVE-2012-0764", "CVE-2012-0760", "CVE-2012-0759", "CVE-2012-0762", "CVE-2012-0761", "CVE-2012-0771", "CVE-2012-0766"], "lastseen": "2018-10-22T16:42:35", "history": [], "viewCount": 0, "enchantments": {"dependencies": {"modified": "2018-10-22T16:42:35", "references": [{"idList": ["CVE-2012-0763", "CVE-2012-0758", "CVE-2012-0757", "CVE-2012-0764", "CVE-2012-0760", "CVE-2012-0759", "CVE-2012-0762", "CVE-2012-0761", "CVE-2012-0771", "CVE-2012-0766"], "type": "cve"}, {"idList": ["OPENSUSE-SU-2013:0131-1", "OPENSUSE-SU-2014:1100-1", "OPENSUSE-SU-2013:0149-1"], "type": "suse"}, {"idList": ["OPENVAS:802805", "OPENVAS:850391", "OPENVAS:802803", "OPENVAS:1361412562310802399", "OPENVAS:1361412562310802803", "OPENVAS:802399", "OPENVAS:802804", "OPENVAS:1361412562310802804", "OPENVAS:1361412562310802805", "OPENVAS:802398"], "type": "openvas"}, {"idList": ["SECURITYVULNS:DOC:27687", "SECURITYVULNS:DOC:27689", "SECURITYVULNS:VULN:12208", "SECURITYVULNS:DOC:27690", "SECURITYVULNS:VULN:12207"], "type": "securityvulns"}, {"idList": ["OPENSUSE-2013-17.NASL", "MACOSX_SHOCKWAVE_PLAYER_APSB12-02.NASL", "SHOCKWAVE_PLAYER_APSB12-02.NASL"], "type": "nessus"}, {"idList": ["SSV:30122"], "type": "seebug"}]}, "score": {"value": 6.8, "vector": "NONE"}}, "objectVersion": "1.4", "pluginID": "1361412562310802398", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_adobe_shockwave_player_mult_vuln_win_feb12.nasl 11857 2018-10-12 08:25:16Z cfischer $\n#\n# Adobe Shockwave Player Multiple Vulnerabilities - Feb 2012 (Windows)\n#\n# Authors:\n# Rachana Shetty <srachana@secpod.com>\n#\n# Updated By: Rajat Mishra <rajatm@secpod.com> on 2018-02-19\n# - Updated to include Installation path in the report.\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:shockwave_player\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.802398\");\n script_version(\"$Revision: 11857 $\");\n script_cve_id(\"CVE-2012-0757\", \"CVE-2012-0759\", \"CVE-2012-0760\", \"CVE-2012-0761\",\n \"CVE-2012-0762\", \"CVE-2012-0763\", \"CVE-2012-0764\", \"CVE-2012-0766\",\n \"CVE-2012-0758\", \"CVE-2012-0771\");\n script_bugtraq_id(51999, 52006, 52000, 52001, 52002, 52003, 52004, 52005, 52007);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-12 10:25:16 +0200 (Fri, 12 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-17 12:55:43 +0530 (Fri, 17 Feb 2012)\");\n script_name(\"Adobe Shockwave Player Multiple Vulnerabilities - Feb 2012 (Windows)\");\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/47932/\");\n script_xref(name:\"URL\", value:\"http://www.securitytracker.com/id/1026675\");\n script_xref(name:\"URL\", value:\"http://www.adobe.com/support/security/bulletins/apsb12-02.html\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_dependencies(\"secpod_adobe_shockwave_player_detect.nasl\");\n script_mandatory_keys(\"Adobe/ShockwavePlayer/Ver\");\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attackers to cause denial of service or\n execute arbitrary code by tricking a user into visiting a specially crafted\n web page.\");\n script_tag(name:\"affected\", value:\"Adobe Shockwave Player Versions 11.6.3.633 and prior on Windows.\");\n script_tag(name:\"insight\", value:\"The flaws are due to memory corruptions errors in Shockwave 3D Asset\n component when processing malformed file.\");\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Shockwave Player version 11.6.4.634 or later.\");\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Shockwave Player and is prone\n to multiple vulnerabilities.\");\n script_xref(name:\"URL\", value:\"http://get.adobe.com/shockwave/otherversions/\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\ninfos = get_app_version_and_location(cpe:CPE, exit_no_version:TRUE );\nvers = infos['version'];\npath = infos['location'];\n\n\nif(version_is_less(version:vers, test_version:\"11.6.4.634\"))\n{\n report = report_fixed_ver(installed_version:vers, fixed_version:\"11.6.4.634\", install_path:path);\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "naslFamily": "General"}, "differentElements": ["modified", "sourceData"], "edition": 7, "lastseen": "2018-10-22T16:42:35"}], "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "nessus", "idList": ["SHOCKWAVE_PLAYER_APSB12-02.NASL", "MACOSX_SHOCKWAVE_PLAYER_APSB12-02.NASL", "OPENSUSE-2013-17.NASL"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:12208", "SECURITYVULNS:DOC:27689", "SECURITYVULNS:VULN:12207", "SECURITYVULNS:DOC:27687", "SECURITYVULNS:DOC:27690"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310802803", "OPENVAS:802804", "OPENVAS:802803", "OPENVAS:1361412562310802804", "OPENVAS:802399", "OPENVAS:1361412562310802805", "OPENVAS:802805", "OPENVAS:802398", "OPENVAS:1361412562310802399", "OPENVAS:850391"]}, {"type": "seebug", "idList": ["SSV:30122"]}, {"type": "cve", "idList": ["CVE-2012-0764", "CVE-2012-0760", "CVE-2012-0758", "CVE-2012-0766", "CVE-2012-0757", "CVE-2012-0771", "CVE-2012-0759", "CVE-2012-0762", "CVE-2012-0761", "CVE-2012-0763"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2014:1100-1", "OPENSUSE-SU-2013:0131-1", "OPENSUSE-SU-2013:0149-1"]}], "modified": "2019-05-29T18:38:35", "rev": 2}, "score": {"value": 9.6, "vector": "NONE", "modified": "2019-05-29T18:38:35", "rev": 2}}, "objectVersion": "1.4", "pluginID": "1361412562310802398", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Shockwave Player Multiple Vulnerabilities - Feb 2012 (Windows)\n#\n# Authors:\n# Rachana Shetty <srachana@secpod.com>\n#\n# Updated By: Rajat Mishra <rajatm@secpod.com> on 2018-02-19\n# - Updated to include Installation path in the report.\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:shockwave_player\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.802398\");\n script_version(\"2019-05-17T10:45:27+0000\");\n script_cve_id(\"CVE-2012-0757\", \"CVE-2012-0759\", \"CVE-2012-0760\", \"CVE-2012-0761\",\n \"CVE-2012-0762\", \"CVE-2012-0763\", \"CVE-2012-0764\", \"CVE-2012-0766\",\n \"CVE-2012-0758\", \"CVE-2012-0771\");\n script_bugtraq_id(51999, 52006, 52000, 52001, 52002, 52003, 52004, 52005, 52007);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-05-17 10:45:27 +0000 (Fri, 17 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2012-02-17 12:55:43 +0530 (Fri, 17 Feb 2012)\");\n script_name(\"Adobe Shockwave Player Multiple Vulnerabilities - Feb 2012 (Windows)\");\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/47932/\");\n script_xref(name:\"URL\", value:\"http://www.securitytracker.com/id/1026675\");\n script_xref(name:\"URL\", value:\"http://www.adobe.com/support/security/bulletins/apsb12-02.html\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_dependencies(\"secpod_adobe_shockwave_player_detect.nasl\");\n script_mandatory_keys(\"Adobe/ShockwavePlayer/Ver\");\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attackers to cause denial of service or\n execute arbitrary code by tricking a user into visiting a specially crafted\n web page.\");\n script_tag(name:\"affected\", value:\"Adobe Shockwave Player Versions 11.6.3.633 and prior on Windows.\");\n script_tag(name:\"insight\", value:\"The flaws are due to memory corruptions errors in Shockwave 3D Asset\n component when processing malformed file.\");\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Shockwave Player version 11.6.4.634 or later.\");\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Shockwave Player and is prone\n to multiple vulnerabilities.\");\n script_xref(name:\"URL\", value:\"http://get.adobe.com/shockwave/otherversions/\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif(!infos = get_app_version_and_location(cpe:CPE, exit_no_version:TRUE )) exit(0);\nvers = infos['version'];\npath = infos['location'];\n\n\nif(version_is_less(version:vers, test_version:\"11.6.4.634\"))\n{\n report = report_fixed_ver(installed_version:vers, fixed_version:\"11.6.4.634\", install_path:path);\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "naslFamily": "General", "_object_type": "robots.models.openvas.OpenVASBulletin", "_object_types": ["robots.models.base.Bulletin", "robots.models.openvas.OpenVASBulletin"]}, {"id": "OPENVAS:802399", "hash": "9a1661bffadc1a39783c9abb459c23e0", "type": "openvas", "bulletinFamily": "scanner", "title": "Adobe Shockwave Player Multiple Vulnerabilities - Feb 2012 (MAC OS X)", "description": "This host is installed with Adobe Shockwave Player and is prone\n to multiple vulnerabilities.", "published": "2012-02-17T00:00:00", "modified": "2018-02-23T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=802399", "reporter": "Copyright (c) 2012 Greenbone Networks GmbH", "references": ["http://secunia.com/advisories/47932/", "http://www.adobe.com/support/security/bulletins/apsb12-02.html", "http://www.securitytracker.com/id/1026675"], "cvelist": ["CVE-2012-0763", "CVE-2012-0758", "CVE-2012-0757", "CVE-2012-0764", "CVE-2012-0760", "CVE-2012-0759", "CVE-2012-0762", "CVE-2012-0761", "CVE-2012-0771", "CVE-2012-0766"], "lastseen": "2018-02-23T15:40:49", "history": [{"lastseen": "2017-07-02T21:10:38", "bulletin": {"id": "OPENVAS:802399", "hash": "fee76b71a3cfe0ede0db626c9b4de045a17692894295f95761f3244b618053d4", "type": "openvas", "bulletinFamily": "scanner", "title": "Adobe Shockwave Player Multiple Vulnerabilities - Feb 2012 (MAC OS X)", "description": "This host is installed with Adobe Shockwave Player and is prone\n to multiple vulnerabilities.", "published": "2012-02-17T00:00:00", "modified": "2017-04-18T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=802399", "reporter": "Copyright (c) 2012 Greenbone Networks GmbH", "references": ["http://secunia.com/advisories/47932/", "http://www.adobe.com/support/security/bulletins/apsb12-02.html", "http://www.securitytracker.com/id/1026675"], "cvelist": ["CVE-2012-0763", "CVE-2012-0758", "CVE-2012-0757", "CVE-2012-0764", "CVE-2012-0760", "CVE-2012-0759", "CVE-2012-0762", "CVE-2012-0761", "CVE-2012-0766"], "lastseen": "2017-07-02T21:10:38", "history": [], "viewCount": 0, "enchantments": {"score": {"value": 10.0, "modified": "2017-07-02T21:10:38"}}, "objectVersion": "1.4", "pluginID": "802399", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_adobe_shockwave_player_mult_vuln_macosx_feb12.nasl 5963 2017-04-18 09:02:14Z teissa $\n#\n# Adobe Shockwave Player Multiple Vulnerabilities - Feb 2012 (MAC OS X)\n#\n# Authors:\n# Rachana Shetty <srachana@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation will allow attackers to cause denial of service or\n execute arbitrary code by tricking a user into visiting a specially crafted\n web page.\n Impact Level: System/Application\";\ntag_affected = \"Adobe Shockwave Player Versions 11.6.3.633 and prior on Mac OS X\";\ntag_insight = \"The flaws are due to memory corruptions errors in Shockwave 3D Asset\n component when processing malformed file.\";\ntag_solution = \"Upgrade to Adobe Shockwave Player version 11.6.4.634 or later,\n For updates refer to http://get.adobe.com/shockwave/otherversions/\";\ntag_summary = \"This host is installed with Adobe Shockwave Player and is prone\n to multiple vulnerabilities.\";\n\nif(description)\n{\n script_id(802399);\n script_version(\"$Revision: 5963 $\");\n script_cve_id(\"CVE-2012-0757\", \"CVE-2012-0759\", \"CVE-2012-0760\", \"CVE-2012-0761\",\n \"CVE-2012-0762\", \"CVE-2012-0763\", \"CVE-2012-0764\", \"CVE-2012-0766\",\n \"CVE-2012-0758\");\n script_bugtraq_id(51999, 52006, 52000, 52001, 52002, 52003, 52004, 52005, 52007);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-04-18 11:02:14 +0200 (Tue, 18 Apr 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-17 13:34:43 +0530 (Fri, 17 Feb 2012)\");\n script_name(\"Adobe Shockwave Player Multiple Vulnerabilities - Feb 2012 (MAC OS X)\");\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/47932/\");\n script_xref(name : \"URL\" , value : \"http://www.securitytracker.com/id/1026675\");\n script_xref(name : \"URL\" , value : \"http://www.adobe.com/support/security/bulletins/apsb12-02.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"secpod_adobe_shockwave_detect_macosx.nasl\");\n script_require_keys(\"Adobe/Shockwave/MacOSX/Version\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\n## Variables Initialization\nshockVer = NULL;\n\nshockVer = get_kb_item(\"Adobe/Shockwave/MacOSX/Version\");\nif(!shockVer){\n exit(0);\n}\n\n## Check for Adobe Shockwave Player versions prior to 11.6.4.634\nif(version_is_less(version:shockVer, test_version:\"11.6.4.634\")){\n security_message(0);\n}\n", "naslFamily": "General"}, "differentElements": ["cvelist", "modified", "sourceData"], "edition": 1}], "viewCount": 0, "enchantments": {"score": {"value": 9.3, "vector": "NONE", "modified": "2018-02-23T15:40:49", "rev": 2}, "dependencies": {"references": [{"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:12208", "SECURITYVULNS:DOC:27689", "SECURITYVULNS:VULN:12207", "SECURITYVULNS:DOC:27687", "SECURITYVULNS:DOC:27690"]}, {"type": "nessus", "idList": ["SHOCKWAVE_PLAYER_APSB12-02.NASL", "MACOSX_SHOCKWAVE_PLAYER_APSB12-02.NASL", "OPENSUSE-2013-17.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310802803", "OPENVAS:1361412562310802398", "OPENVAS:802804", "OPENVAS:802803", "OPENVAS:1361412562310802804", "OPENVAS:1361412562310850391", "OPENVAS:1361412562310802805", "OPENVAS:802805", "OPENVAS:802398", "OPENVAS:1361412562310802399"]}, {"type": "seebug", "idList": ["SSV:30122"]}, {"type": "cve", "idList": ["CVE-2012-0764", "CVE-2012-0760", "CVE-2012-0758", "CVE-2012-0766", "CVE-2012-0757", "CVE-2012-0759", "CVE-2012-0771", "CVE-2012-0762", "CVE-2012-0761", "CVE-2012-0763"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2014:1100-1", "OPENSUSE-SU-2013:0131-1", "OPENSUSE-SU-2013:0149-1"]}], "modified": "2018-02-23T15:40:49", "rev": 2}}, "objectVersion": "1.4", "pluginID": "802399", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_adobe_shockwave_player_mult_vuln_macosx_feb12.nasl 8932 2018-02-23 08:01:57Z santu $\n#\n# Adobe Shockwave Player Multiple Vulnerabilities - Feb 2012 (MAC OS X)\n#\n# Authors:\n# Rachana Shetty <srachana@secpod.com>\n#\n# Updated By: Rajat Mishra <rajatm@secpod.com> on 2018-02-19\n# - Updated to include Installation path in the report.\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:shockwave_player\";\n\ntag_impact = \"Successful exploitation will allow attackers to cause denial of service or\n execute arbitrary code by tricking a user into visiting a specially crafted\n web page.\n Impact Level: System/Application\";\ntag_affected = \"Adobe Shockwave Player Versions 11.6.3.633 and prior on Mac OS X\";\ntag_insight = \"The flaws are due to memory corruptions errors in Shockwave 3D Asset\n component when processing malformed file.\";\ntag_solution = \"Upgrade to Adobe Shockwave Player version 11.6.4.634 or later,\n For updates refer to http://get.adobe.com/shockwave/otherversions/\";\ntag_summary = \"This host is installed with Adobe Shockwave Player and is prone\n to multiple vulnerabilities.\";\n\nif(description)\n{\n script_id(802399);\n script_version(\"$Revision: 8932 $\");\n script_cve_id(\"CVE-2012-0757\", \"CVE-2012-0759\", \"CVE-2012-0760\", \"CVE-2012-0761\",\n \"CVE-2012-0762\", \"CVE-2012-0763\", \"CVE-2012-0764\", \"CVE-2012-0766\",\n \"CVE-2012-0758\", \"CVE-2012-0771\");\n script_bugtraq_id(51999, 52006, 52000, 52001, 52002, 52003, 52004, 52005, 52007);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-02-23 09:01:57 +0100 (Fri, 23 Feb 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-17 13:34:43 +0530 (Fri, 17 Feb 2012)\");\n script_name(\"Adobe Shockwave Player Multiple Vulnerabilities - Feb 2012 (MAC OS X)\");\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/47932/\");\n script_xref(name : \"URL\" , value : \"http://www.securitytracker.com/id/1026675\");\n script_xref(name : \"URL\" , value : \"http://www.adobe.com/support/security/bulletins/apsb12-02.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"secpod_adobe_shockwave_detect_macosx.nasl\");\n script_mandatory_keys(\"Adobe/Shockwave/MacOSX/Version\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n \n## Variables Initialization\nvers = \"\";\n\ninfos = get_app_version_and_location(cpe:CPE, exit_no_version:TRUE );\nvers = infos['version'];\npath = infos['location'];\n\n\n## Check for Adobe Shockwave Player versions prior to 11.6.4.634\nif(version_is_less(version:vers, test_version:\"11.6.4.634\"))\n{\n report = report_fixed_ver(installed_version:vers, fixed_version:\"11.6.4.634\", install_path:path);\n security_message(data:report);\n exit(0);\n}\nexit(0); \n", "naslFamily": "General", "_object_type": "robots.models.openvas.OpenVASBulletin", "_object_types": ["robots.models.base.Bulletin", "robots.models.openvas.OpenVASBulletin"]}, {"id": "OPENVAS:1361412562310802399", "hash": "cd9da8ee555b8b041844fdda3324b48a", "type": "openvas", "bulletinFamily": "scanner", "title": "Adobe Shockwave Player Multiple Vulnerabilities - Feb 2012 (MAC OS X)", "description": "This host is installed with Adobe Shockwave Player and is prone\n to multiple vulnerabilities.", "published": "2012-02-17T00:00:00", "modified": "2019-05-17T00:00:00", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310802399", "reporter": "Copyright (c) 2012 Greenbone Networks GmbH", "references": ["http://secunia.com/advisories/47932/", "http://www.adobe.com/support/security/bulletins/apsb12-02.html", "http://get.adobe.com/shockwave/otherversions/", "http://www.securitytracker.com/id/1026675"], "cvelist": ["CVE-2012-0763", "CVE-2012-0758", "CVE-2012-0757", "CVE-2012-0764", "CVE-2012-0760", "CVE-2012-0759", "CVE-2012-0762", "CVE-2012-0761", "CVE-2012-0771", "CVE-2012-0766"], "lastseen": "2019-05-29T18:38:55", "history": [{"bulletin": {"id": "OPENVAS:1361412562310802399", "hash": "714df33d56c068e6d8e4560a7a49104e54b3a2594968aa233d5e1d673f543cfb", "type": "openvas", "bulletinFamily": "scanner", "title": "Adobe Shockwave Player Multiple Vulnerabilities - Feb 2012 (MAC OS X)", "description": "This host is installed with Adobe Shockwave Player and is prone\n to multiple vulnerabilities.", "published": "2012-02-17T00:00:00", "modified": "2019-05-17T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310802399", "reporter": "Copyright (c) 2012 Greenbone Networks GmbH", "references": ["http://secunia.com/advisories/47932/", "http://www.adobe.com/support/security/bulletins/apsb12-02.html", "http://get.adobe.com/shockwave/otherversions/", "http://www.securitytracker.com/id/1026675"], "cvelist": ["CVE-2012-0763", "CVE-2012-0758", "CVE-2012-0757", "CVE-2012-0764", "CVE-2012-0760", "CVE-2012-0759", "CVE-2012-0762", "CVE-2012-0761", "CVE-2012-0771", "CVE-2012-0766"], "lastseen": "2019-05-20T14:47:16", "history": [], "viewCount": 0, "enchantments": {"dependencies": {"modified": "2019-05-20T14:47:16", "references": [{"idList": ["CVE-2012-0763", "CVE-2012-0758", "CVE-2012-0757", "CVE-2012-0764", "CVE-2012-0760", "CVE-2012-0759", "CVE-2012-0762", "CVE-2012-0761", "CVE-2012-0771", "CVE-2012-0766"], "type": "cve"}, {"idList": ["OPENSUSE-SU-2013:0131-1", "OPENSUSE-SU-2014:1100-1", "OPENSUSE-SU-2013:0149-1"], "type": "suse"}, {"idList": ["SECURITYVULNS:DOC:27687", "SECURITYVULNS:DOC:27689", "SECURITYVULNS:VULN:12208", "SECURITYVULNS:DOC:27690", "SECURITYVULNS:VULN:12207"], "type": "securityvulns"}, {"idList": ["OPENSUSE-2013-17.NASL", "MACOSX_SHOCKWAVE_PLAYER_APSB12-02.NASL", "SHOCKWAVE_PLAYER_APSB12-02.NASL"], "type": "nessus"}, {"idList": ["SSV:30122"], "type": "seebug"}, {"idList": ["OPENVAS:1361412562310802398", "OPENVAS:802805", "OPENVAS:850391", "OPENVAS:802803", "OPENVAS:1361412562310802803", "OPENVAS:802399", "OPENVAS:802804", "OPENVAS:1361412562310802804", "OPENVAS:1361412562310802805", "OPENVAS:802398"], "type": "openvas"}]}, "score": {"value": 6.8, "vector": "NONE"}}, "objectVersion": "1.4", "pluginID": "1361412562310802399", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Shockwave Player Multiple Vulnerabilities - Feb 2012 (MAC OS X)\n#\n# Authors:\n# Rachana Shetty <srachana@secpod.com>\n#\n# Updated By: Rajat Mishra <rajatm@secpod.com> on 2018-02-19\n# - Updated to include Installation path in the report.\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:shockwave_player\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.802399\");\n script_version(\"2019-05-17T10:45:27+0000\");\n script_cve_id(\"CVE-2012-0757\", \"CVE-2012-0759\", \"CVE-2012-0760\", \"CVE-2012-0761\",\n \"CVE-2012-0762\", \"CVE-2012-0763\", \"CVE-2012-0764\", \"CVE-2012-0766\",\n \"CVE-2012-0758\", \"CVE-2012-0771\");\n script_bugtraq_id(51999, 52006, 52000, 52001, 52002, 52003, 52004, 52005, 52007);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-05-17 10:45:27 +0000 (Fri, 17 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2012-02-17 13:34:43 +0530 (Fri, 17 Feb 2012)\");\n script_name(\"Adobe Shockwave Player Multiple Vulnerabilities - Feb 2012 (MAC OS X)\");\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/47932/\");\n script_xref(name:\"URL\", value:\"http://www.securitytracker.com/id/1026675\");\n script_xref(name:\"URL\", value:\"http://www.adobe.com/support/security/bulletins/apsb12-02.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"secpod_adobe_shockwave_detect_macosx.nasl\");\n script_mandatory_keys(\"Adobe/Shockwave/MacOSX/Version\");\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attackers to cause denial of service or\n execute arbitrary code by tricking a user into visiting a specially crafted\n web page.\");\n script_tag(name:\"affected\", value:\"Adobe Shockwave Player Versions 11.6.3.633 and prior on Mac OS X\");\n script_tag(name:\"insight\", value:\"The flaws are due to memory corruptions errors in Shockwave 3D Asset\n component when processing malformed file.\");\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Shockwave Player version 11.6.4.634 or later.\");\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Shockwave Player and is prone\n to multiple vulnerabilities.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"http://get.adobe.com/shockwave/otherversions/\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif(!infos = get_app_version_and_location(cpe:CPE, exit_no_version:TRUE )) exit(0);\nvers = infos['version'];\npath = infos['location'];\n\n\nif(version_is_less(version:vers, test_version:\"11.6.4.634\"))\n{\n report = report_fixed_ver(installed_version:vers, fixed_version:\"11.6.4.634\", install_path:path);\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "naslFamily": "General"}, "differentElements": ["cvss"], "edition": 7, "lastseen": "2019-05-20T14:47:16"}, {"bulletin": {"id": "OPENVAS:1361412562310802399", "hash": "528dac7786239b667aef8dfe31e07c3e7fba9968dae8f1062a5967a3de7b3dfe", "type": "openvas", "bulletinFamily": "scanner", "title": "Adobe Shockwave Player Multiple Vulnerabilities - Feb 2012 (MAC OS X)", "description": "This host is installed with Adobe Shockwave Player and is prone\n to multiple vulnerabilities.", "published": "2012-02-17T00:00:00", "modified": "2018-04-06T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310802399", "reporter": "Copyright (c) 2012 Greenbone Networks GmbH", "references": ["http://secunia.com/advisories/47932/", "http://www.adobe.com/support/security/bulletins/apsb12-02.html", "http://www.securitytracker.com/id/1026675"], "cvelist": ["CVE-2012-0763", "CVE-2012-0758", "CVE-2012-0757", "CVE-2012-0764", "CVE-2012-0760", "CVE-2012-0759", "CVE-2012-0762", "CVE-2012-0761", "CVE-2012-0771", "CVE-2012-0766"], "lastseen": "2018-09-01T23:59:54", "history": [], "viewCount": 0, "enchantments": {"score": {"value": 6.8, "vector": "NONE"}}, "objectVersion": "1.4", "pluginID": "1361412562310802399", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_adobe_shockwave_player_mult_vuln_macosx_feb12.nasl 9352 2018-04-06 07:13:02Z cfischer $\n#\n# Adobe Shockwave Player Multiple Vulnerabilities - Feb 2012 (MAC OS X)\n#\n# Authors:\n# Rachana Shetty <srachana@secpod.com>\n#\n# Updated By: Rajat Mishra <rajatm@secpod.com> on 2018-02-19\n# - Updated to include Installation path in the report.\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:shockwave_player\";\n\ntag_impact = \"Successful exploitation will allow attackers to cause denial of service or\n execute arbitrary code by tricking a user into visiting a specially crafted\n web page.\n Impact Level: System/Application\";\ntag_affected = \"Adobe Shockwave Player Versions 11.6.3.633 and prior on Mac OS X\";\ntag_insight = \"The flaws are due to memory corruptions errors in Shockwave 3D Asset\n component when processing malformed file.\";\ntag_solution = \"Upgrade to Adobe Shockwave Player version 11.6.4.634 or later,\n For updates refer to http://get.adobe.com/shockwave/otherversions/\";\ntag_summary = \"This host is installed with Adobe Shockwave Player and is prone\n to multiple vulnerabilities.\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.802399\");\n script_version(\"$Revision: 9352 $\");\n script_cve_id(\"CVE-2012-0757\", \"CVE-2012-0759\", \"CVE-2012-0760\", \"CVE-2012-0761\",\n \"CVE-2012-0762\", \"CVE-2012-0763\", \"CVE-2012-0764\", \"CVE-2012-0766\",\n \"CVE-2012-0758\", \"CVE-2012-0771\");\n script_bugtraq_id(51999, 52006, 52000, 52001, 52002, 52003, 52004, 52005, 52007);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:13:02 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-17 13:34:43 +0530 (Fri, 17 Feb 2012)\");\n script_name(\"Adobe Shockwave Player Multiple Vulnerabilities - Feb 2012 (MAC OS X)\");\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/47932/\");\n script_xref(name : \"URL\" , value : \"http://www.securitytracker.com/id/1026675\");\n script_xref(name : \"URL\" , value : \"http://www.adobe.com/support/security/bulletins/apsb12-02.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"secpod_adobe_shockwave_detect_macosx.nasl\");\n script_mandatory_keys(\"Adobe/Shockwave/MacOSX/Version\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n \n## Variables Initialization\nvers = \"\";\n\ninfos = get_app_version_and_location(cpe:CPE, exit_no_version:TRUE );\nvers = infos['version'];\npath = infos['location'];\n\n\n## Check for Adobe Shockwave Player versions prior to 11.6.4.634\nif(version_is_less(version:vers, test_version:\"11.6.4.634\"))\n{\n report = report_fixed_ver(installed_version:vers, fixed_version:\"11.6.4.634\", install_path:path);\n security_message(data:report);\n exit(0);\n}\nexit(0); \n", "naslFamily": "General"}, "differentElements": ["modified", "sourceData"], "edition": 3, "lastseen": "2018-09-01T23:59:54"}, {"bulletin": {"id": "OPENVAS:1361412562310802399", "hash": "fdc3a7528f77e1876a0fd6020b7b4cd6514ae36c833b37f2e8f2a19fbcd01182", "type": "openvas", "bulletinFamily": "scanner", "title": "Adobe Shockwave Player Multiple Vulnerabilities - Feb 2012 (MAC OS X)", "description": "This host is installed with Adobe Shockwave Player and is prone\n to multiple vulnerabilities.", "published": "2012-02-17T00:00:00", "modified": "2018-10-12T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310802399", "reporter": "Copyright (c) 2012 Greenbone Networks GmbH", "references": ["http://secunia.com/advisories/47932/", "http://www.adobe.com/support/security/bulletins/apsb12-02.html", "http://get.adobe.com/shockwave/otherversions/", "http://www.securitytracker.com/id/1026675"], "cvelist": ["CVE-2012-0763", "CVE-2012-0758", "CVE-2012-0757", "CVE-2012-0764", "CVE-2012-0760", "CVE-2012-0759", "CVE-2012-0762", "CVE-2012-0761", "CVE-2012-0771", "CVE-2012-0766"], "lastseen": "2018-10-22T16:43:11", "history": [], "viewCount": 0, "enchantments": {"dependencies": {"modified": "2018-10-22T16:43:11", "references": [{"idList": ["CVE-2012-0763", "CVE-2012-0758", "CVE-2012-0757", "CVE-2012-0764", "CVE-2012-0760", "CVE-2012-0759", "CVE-2012-0762", "CVE-2012-0761", "CVE-2012-0771", "CVE-2012-0766"], "type": "cve"}, {"idList": ["OPENSUSE-SU-2013:0131-1", "OPENSUSE-SU-2014:1100-1", "OPENSUSE-SU-2013:0149-1"], "type": "suse"}, {"idList": ["SECURITYVULNS:DOC:27687", "SECURITYVULNS:DOC:27689", "SECURITYVULNS:VULN:12208", "SECURITYVULNS:DOC:27690", "SECURITYVULNS:VULN:12207"], "type": "securityvulns"}, {"idList": ["OPENSUSE-2013-17.NASL", "MACOSX_SHOCKWAVE_PLAYER_APSB12-02.NASL", "SHOCKWAVE_PLAYER_APSB12-02.NASL"], "type": "nessus"}, {"idList": ["SSV:30122"], "type": "seebug"}, {"idList": ["OPENVAS:1361412562310802398", "OPENVAS:802805", "OPENVAS:850391", "OPENVAS:802803", "OPENVAS:1361412562310802803", "OPENVAS:802399", "OPENVAS:802804", "OPENVAS:1361412562310802804", "OPENVAS:1361412562310802805", "OPENVAS:802398"], "type": "openvas"}]}, "score": {"value": 6.8, "vector": "NONE"}}, "objectVersion": "1.4", "pluginID": "1361412562310802399", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_adobe_shockwave_player_mult_vuln_macosx_feb12.nasl 11857 2018-10-12 08:25:16Z cfischer $\n#\n# Adobe Shockwave Player Multiple Vulnerabilities - Feb 2012 (MAC OS X)\n#\n# Authors:\n# Rachana Shetty <srachana@secpod.com>\n#\n# Updated By: Rajat Mishra <rajatm@secpod.com> on 2018-02-19\n# - Updated to include Installation path in the report.\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:shockwave_player\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.802399\");\n script_version(\"$Revision: 11857 $\");\n script_cve_id(\"CVE-2012-0757\", \"CVE-2012-0759\", \"CVE-2012-0760\", \"CVE-2012-0761\",\n \"CVE-2012-0762\", \"CVE-2012-0763\", \"CVE-2012-0764\", \"CVE-2012-0766\",\n \"CVE-2012-0758\", \"CVE-2012-0771\");\n script_bugtraq_id(51999, 52006, 52000, 52001, 52002, 52003, 52004, 52005, 52007);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-12 10:25:16 +0200 (Fri, 12 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-17 13:34:43 +0530 (Fri, 17 Feb 2012)\");\n script_name(\"Adobe Shockwave Player Multiple Vulnerabilities - Feb 2012 (MAC OS X)\");\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/47932/\");\n script_xref(name:\"URL\", value:\"http://www.securitytracker.com/id/1026675\");\n script_xref(name:\"URL\", value:\"http://www.adobe.com/support/security/bulletins/apsb12-02.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"secpod_adobe_shockwave_detect_macosx.nasl\");\n script_mandatory_keys(\"Adobe/Shockwave/MacOSX/Version\");\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attackers to cause denial of service or\n execute arbitrary code by tricking a user into visiting a specially crafted\n web page.\");\n script_tag(name:\"affected\", value:\"Adobe Shockwave Player Versions 11.6.3.633 and prior on Mac OS X\");\n script_tag(name:\"insight\", value:\"The flaws are due to memory corruptions errors in Shockwave 3D Asset\n component when processing malformed file.\");\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Shockwave Player version 11.6.4.634 or later.\");\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Shockwave Player and is prone\n to multiple vulnerabilities.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"http://get.adobe.com/shockwave/otherversions/\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\ninfos = get_app_version_and_location(cpe:CPE, exit_no_version:TRUE );\nvers = infos['version'];\npath = infos['location'];\n\n\nif(version_is_less(version:vers, test_version:\"11.6.4.634\"))\n{\n report = report_fixed_ver(installed_version:vers, fixed_version:\"11.6.4.634\", install_path:path);\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "naslFamily": "General"}, "differentElements": ["modified", "sourceData"], "edition": 6, "lastseen": "2018-10-22T16:43:11"}, {"bulletin": {"id": "OPENVAS:1361412562310802399", "hash": "0725bdfc86df5c946126507c7ae598de868d1fc2b8126e7aa129da2c1080ac76", "type": "openvas", "bulletinFamily": "scanner", "title": "Adobe Shockwave Player Multiple Vulnerabilities - Feb 2012 (MAC OS X)", "description": "This host is installed with Adobe Shockwave Player and is prone\n to multiple vulnerabilities.", "published": "2012-02-17T00:00:00", "modified": "2018-04-06T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310802399", "reporter": "Copyright (c) 2012 Greenbone Networks GmbH", "references": ["http://secunia.com/advisories/47932/", "http://www.adobe.com/support/security/bulletins/apsb12-02.html", "http://www.securitytracker.com/id/1026675"], "cvelist": ["CVE-2012-0763", "CVE-2012-0758", "CVE-2012-0757", "CVE-2012-0764", "CVE-2012-0760", "CVE-2012-0759", "CVE-2012-0762", "CVE-2012-0761", "CVE-2012-0771", "CVE-2012-0766"], "lastseen": "2018-08-30T19:26:08", "history": [], "viewCount": 0, "enchantments": {"score": {"value": 6.8, "vector": "NONE"}}, "objectVersion": "1.4", "pluginID": "1361412562310802399", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_adobe_shockwave_player_mult_vuln_macosx_feb12.nasl 9352 2018-04-06 07:13:02Z cfischer $\n#\n# Adobe Shockwave Player Multiple Vulnerabilities - Feb 2012 (MAC OS X)\n#\n# Authors:\n# Rachana Shetty <srachana@secpod.com>\n#\n# Updated By: Rajat Mishra <rajatm@secpod.com> on 2018-02-19\n# - Updated to include Installation path in the report.\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:shockwave_player\";\n\ntag_impact = \"Successful exploitation will allow attackers to cause denial of service or\n execute arbitrary code by tricking a user into visiting a specially crafted\n web page.\n Impact Level: System/Application\";\ntag_affected = \"Adobe Shockwave Player Versions 11.6.3.633 and prior on Mac OS X\";\ntag_insight = \"The flaws are due to memory corruptions errors in Shockwave 3D Asset\n component when processing malformed file.\";\ntag_solution = \"Upgrade to Adobe Shockwave Player version 11.6.4.634 or later,\n For updates refer to http://get.adobe.com/shockwave/otherversions/\";\ntag_summary = \"This host is installed with Adobe Shockwave Player and is prone\n to multiple vulnerabilities.\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.802399\");\n script_version(\"$Revision: 9352 $\");\n script_cve_id(\"CVE-2012-0757\", \"CVE-2012-0759\", \"CVE-2012-0760\", \"CVE-2012-0761\",\n \"CVE-2012-0762\", \"CVE-2012-0763\", \"CVE-2012-0764\", \"CVE-2012-0766\",\n \"CVE-2012-0758\", \"CVE-2012-0771\");\n script_bugtraq_id(51999, 52006, 52000, 52001, 52002, 52003, 52004, 52005, 52007);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:13:02 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-17 13:34:43 +0530 (Fri, 17 Feb 2012)\");\n script_name(\"Adobe Shockwave Player Multiple Vulnerabilities - Feb 2012 (MAC OS X)\");\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/47932/\");\n script_xref(name : \"URL\" , value : \"http://www.securitytracker.com/id/1026675\");\n script_xref(name : \"URL\" , value : \"http://www.adobe.com/support/security/bulletins/apsb12-02.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"secpod_adobe_shockwave_detect_macosx.nasl\");\n script_mandatory_keys(\"Adobe/Shockwave/MacOSX/Version\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n \n## Variables Initialization\nvers = \"\";\n\ninfos = get_app_version_and_location(cpe:CPE, exit_no_version:TRUE );\nvers = infos['version'];\npath = infos['location'];\n\n\n## Check for Adobe Shockwave Player versions prior to 11.6.4.634\nif(version_is_less(version:vers, test_version:\"11.6.4.634\"))\n{\n report = report_fixed_ver(installed_version:vers, fixed_version:\"11.6.4.634\", install_path:path);\n security_message(data:report);\n exit(0);\n}\nexit(0); \n", "naslFamily": "General"}, "differentElements": ["cvss"], "edition": 2, "lastseen": "2018-08-30T19:26:08"}, {"bulletin": {"id": "OPENVAS:1361412562310802399", "hash": "8b73827772c63866b07c4b547c02ae69090d49aa5d16fb076cdf17eb9dd8764e", "type": "openvas", "bulletinFamily": "scanner", "title": "Adobe Shockwave Player Multiple Vulnerabilities - Feb 2012 (MAC OS X)", "description": "This host is installed with Adobe Shockwave Player and is prone\n to multiple vulnerabilities.", "published": "2012-02-17T00:00:00", "modified": "2018-10-12T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310802399", "reporter": "Copyright (c) 2012 Greenbone Networks GmbH", "references": ["http://secunia.com/advisories/47932/", "http://www.adobe.com/support/security/bulletins/apsb12-02.html", "http://get.adobe.com/shockwave/otherversions/", "http://www.securitytracker.com/id/1026675"], "cvelist": ["CVE-2012-0763", "CVE-2012-0758", "CVE-2012-0757", "CVE-2012-0764", "CVE-2012-0760", "CVE-2012-0759", "CVE-2012-0762", "CVE-2012-0761", "CVE-2012-0771", "CVE-2012-0766"], "lastseen": "2018-10-12T12:46:10", "history": [], "viewCount": 0, "enchantments": {"score": {"value": 6.8, "vector": "NONE"}}, "objectVersion": "1.4", "pluginID": "1361412562310802399", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_adobe_shockwave_player_mult_vuln_macosx_feb12.nasl 11855 2018-10-12 07:34:51Z cfischer $\n#\n# Adobe Shockwave Player Multiple Vulnerabilities - Feb 2012 (MAC OS X)\n#\n# Authors:\n# Rachana Shetty <srachana@secpod.com>\n#\n# Updated By: Rajat Mishra <rajatm@secpod.com> on 2018-02-19\n# - Updated to include Installation path in the report.\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:shockwave_player\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.802399\");\n script_version(\"$Revision: 11855 $\");\n script_cve_id(\"CVE-2012-0757\", \"CVE-2012-0759\", \"CVE-2012-0760\", \"CVE-2012-0761\",\n \"CVE-2012-0762\", \"CVE-2012-0763\", \"CVE-2012-0764\", \"CVE-2012-0766\",\n \"CVE-2012-0758\", \"CVE-2012-0771\");\n script_bugtraq_id(51999, 52006, 52000, 52001, 52002, 52003, 52004, 52005, 52007);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-12 09:34:51 +0200 (Fri, 12 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-17 13:34:43 +0530 (Fri, 17 Feb 2012)\");\n script_name(\"Adobe Shockwave Player Multiple Vulnerabilities - Feb 2012 (MAC OS X)\");\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/47932/\");\n script_xref(name:\"URL\", value:\"http://www.securitytracker.com/id/1026675\");\n script_xref(name:\"URL\", value:\"http://www.adobe.com/support/security/bulletins/apsb12-02.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"secpod_adobe_shockwave_detect_macosx.nasl\");\n script_mandatory_keys(\"Adobe/Shockwave/MacOSX/Version\");\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attackers to cause denial of service or\n execute arbitrary code by tricking a user into visiting a specially crafted\n web page.\");\n script_tag(name:\"affected\", value:\"Adobe Shockwave Player Versions 11.6.3.633 and prior on Mac OS X\");\n script_tag(name:\"insight\", value:\"The flaws are due to memory corruptions errors in Shockwave 3D Asset\n component when processing malformed file.\");\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Shockwave Player version 11.6.4.634 or later,\");\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Shockwave Player and is prone\n to multiple vulnerabilities.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"http://get.adobe.com/shockwave/otherversions/\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\ninfos = get_app_version_and_location(cpe:CPE, exit_no_version:TRUE );\nvers = infos['version'];\npath = infos['location'];\n\n\nif(version_is_less(version:vers, test_version:\"11.6.4.634\"))\n{\n report = report_fixed_ver(installed_version:vers, fixed_version:\"11.6.4.634\", install_path:path);\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "naslFamily": "General"}, "differentElements": ["sourceData"], "edition": 5, "lastseen": "2018-10-12T12:46:10"}], "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:12208", "SECURITYVULNS:DOC:27689", "SECURITYVULNS:VULN:12207", "SECURITYVULNS:DOC:27687", "SECURITYVULNS:DOC:27690"]}, {"type": "nessus", "idList": ["SHOCKWAVE_PLAYER_APSB12-02.NASL", "MACOSX_SHOCKWAVE_PLAYER_APSB12-02.NASL", "OPENSUSE-2013-17.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310802803", "OPENVAS:802804", "OPENVAS:1361412562310802398", "OPENVAS:802803", "OPENVAS:1361412562310802804", "OPENVAS:1361412562310850391", "OPENVAS:802399", "OPENVAS:1361412562310802805", "OPENVAS:802805", "OPENVAS:802398"]}, {"type": "seebug", "idList": ["SSV:30122"]}, {"type": "cve", "idList": ["CVE-2012-0764", "CVE-2012-0760", "CVE-2012-0758", "CVE-2012-0766", "CVE-2012-0757", "CVE-2012-0771", "CVE-2012-0759", "CVE-2012-0762", "CVE-2012-0761", "CVE-2012-0763"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2014:1100-1", "OPENSUSE-SU-2013:0131-1", "OPENSUSE-SU-2013:0149-1"]}], "modified": "2019-05-29T18:38:55", "rev": 2}, "score": {"value": 9.4, "vector": "NONE", "modified": "2019-05-29T18:38:55", "rev": 2}}, "objectVersion": "1.4", "pluginID": "1361412562310802399", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Shockwave Player Multiple Vulnerabilities - Feb 2012 (MAC OS X)\n#\n# Authors:\n# Rachana Shetty <srachana@secpod.com>\n#\n# Updated By: Rajat Mishra <rajatm@secpod.com> on 2018-02-19\n# - Updated to include Installation path in the report.\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:shockwave_player\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.802399\");\n script_version(\"2019-05-17T10:45:27+0000\");\n script_cve_id(\"CVE-2012-0757\", \"CVE-2012-0759\", \"CVE-2012-0760\", \"CVE-2012-0761\",\n \"CVE-2012-0762\", \"CVE-2012-0763\", \"CVE-2012-0764\", \"CVE-2012-0766\",\n \"CVE-2012-0758\", \"CVE-2012-0771\");\n script_bugtraq_id(51999, 52006, 52000, 52001, 52002, 52003, 52004, 52005, 52007);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-05-17 10:45:27 +0000 (Fri, 17 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2012-02-17 13:34:43 +0530 (Fri, 17 Feb 2012)\");\n script_name(\"Adobe Shockwave Player Multiple Vulnerabilities - Feb 2012 (MAC OS X)\");\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/47932/\");\n script_xref(name:\"URL\", value:\"http://www.securitytracker.com/id/1026675\");\n script_xref(name:\"URL\", value:\"http://www.adobe.com/support/security/bulletins/apsb12-02.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"secpod_adobe_shockwave_detect_macosx.nasl\");\n script_mandatory_keys(\"Adobe/Shockwave/MacOSX/Version\");\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attackers to cause denial of service or\n execute arbitrary code by tricking a user into visiting a specially crafted\n web page.\");\n script_tag(name:\"affected\", value:\"Adobe Shockwave Player Versions 11.6.3.633 and prior on Mac OS X\");\n script_tag(name:\"insight\", value:\"The flaws are due to memory corruptions errors in Shockwave 3D Asset\n component when processing malformed file.\");\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Shockwave Player version 11.6.4.634 or later.\");\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Shockwave Player and is prone\n to multiple vulnerabilities.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"http://get.adobe.com/shockwave/otherversions/\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif(!infos = get_app_version_and_location(cpe:CPE, exit_no_version:TRUE )) exit(0);\nvers = infos['version'];\npath = infos['location'];\n\n\nif(version_is_less(version:vers, test_version:\"11.6.4.634\"))\n{\n report = report_fixed_ver(installed_version:vers, fixed_version:\"11.6.4.634\", install_path:path);\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "naslFamily": "General", "_object_type": "robots.models.openvas.OpenVASBulletin", "_object_types": ["robots.models.base.Bulletin", "robots.models.openvas.OpenVASBulletin"]}, {"id": "OPENVAS:802398", "hash": "d20a24ae1da27c545a499c4b6ff80e49", "type": "openvas", "bulletinFamily": "scanner", "title": "Adobe Shockwave Player Multiple Vulnerabilities - Feb 2012 (Windows)", "description": "This host is installed with Adobe Shockwave Player and is prone\n to multiple vulnerabilities.", "published": "2012-02-17T00:00:00", "modified": "2018-02-23T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=802398", "reporter": "Copyright (c) 2012 Greenbone Networks GmbH", "references": ["http://secunia.com/advisories/47932/", "http://www.adobe.com/support/security/bulletins/apsb12-02.html", "http://www.securitytracker.com/id/1026675"], "cvelist": ["CVE-2012-0763", "CVE-2012-0758", "CVE-2012-0757", "CVE-2012-0764", "CVE-2012-0760", "CVE-2012-0759", "CVE-2012-0762", "CVE-2012-0761", "CVE-2012-0771", "CVE-2012-0766"], "lastseen": "2018-02-23T15:43:14", "history": [{"lastseen": "2017-07-02T21:10:54", "differentElements": ["cvelist", "modified", "sourceData"], "edition": 1, "bulletin": {"id": "OPENVAS:802398", "hash": "2972d655c9d163d6166f71fd74299b89c807e84619e928273ad162d39d6cff2a", "type": "openvas", "bulletinFamily": "scanner", "title": "Adobe Shockwave Player Multiple Vulnerabilities - Feb 2012 (Windows)", "description": "This host is installed with Adobe Shockwave Player and is prone\n to multiple vulnerabilities.", "published": "2012-02-17T00:00:00", "modified": "2017-04-24T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=802398", "reporter": "Copyright (c) 2012 Greenbone Networks GmbH", "references": ["http://secunia.com/advisories/47932/", "http://www.adobe.com/support/security/bulletins/apsb12-02.html", "http://www.securitytracker.com/id/1026675"], "cvelist": ["CVE-2012-0763", "CVE-2012-0758", "CVE-2012-0757", "CVE-2012-0764", "CVE-2012-0760", "CVE-2012-0759", "CVE-2012-0762", "CVE-2012-0761", "CVE-2012-0766"], "lastseen": "2017-07-02T21:10:54", "history": [], "viewCount": 0, "enchantments": {"score": {"modified": "2017-07-02T21:10:54", "value": 10.0}}, "objectVersion": "1.4", "pluginID": "802398", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_adobe_shockwave_player_mult_vuln_win_feb12.nasl 6018 2017-04-24 09:02:24Z teissa $\n#\n# Adobe Shockwave Player Multiple Vulnerabilities - Feb 2012 (Windows)\n#\n# Authors:\n# Rachana Shetty <srachana@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation will allow attackers to cause denial of service or\n execute arbitrary code by tricking a user into visiting a specially crafted\n web page.\n Impact Level: System/Application\";\ntag_affected = \"Adobe Shockwave Player Versions 11.6.3.633 and prior on Windows.\";\ntag_insight = \"The flaws are due to memory corruptions errors in Shockwave 3D Asset\n component when processing malformed file.\";\ntag_solution = \"Upgrade to Adobe Shockwave Player version 11.6.4.634 or later,\n For updates refer to http://get.adobe.com/shockwave/otherversions/\";\ntag_summary = \"This host is installed with Adobe Shockwave Player and is prone\n to multiple vulnerabilities.\";\n\nif(description)\n{\n script_id(802398);\n script_version(\"$Revision: 6018 $\");\n script_cve_id(\"CVE-2012-0757\", \"CVE-2012-0759\", \"CVE-2012-0760\", \"CVE-2012-0761\",\n \"CVE-2012-0762\", \"CVE-2012-0763\", \"CVE-2012-0764\", \"CVE-2012-0766\",\n \"CVE-2012-0758\");\n script_bugtraq_id(51999, 52006, 52000, 52001, 52002, 52003, 52004, 52005, 52007);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-04-24 11:02:24 +0200 (Mon, 24 Apr 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-17 12:55:43 +0530 (Fri, 17 Feb 2012)\");\n script_name(\"Adobe Shockwave Player Multiple Vulnerabilities - Feb 2012 (Windows)\");\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/47932/\");\n script_xref(name : \"URL\" , value : \"http://www.securitytracker.com/id/1026675\");\n script_xref(name : \"URL\" , value : \"http://www.adobe.com/support/security/bulletins/apsb12-02.html\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"secpod_adobe_shockwave_player_detect.nasl\");\n script_require_keys(\"Adobe/ShockwavePlayer/Ver\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\n## Variables Initialization\nshockVer = NULL;\n\nshockVer = get_kb_item(\"Adobe/ShockwavePlayer/Ver\");\nif(!shockVer){\n exit(0);\n}\n\n## Check for Adobe Shockwave Player versions prior to 11.6.4.634\nif(version_is_less(version:shockVer, test_version:\"11.6.4.634\")){\n security_message(0);\n}\n", "naslFamily": "General"}}], "viewCount": 2, "enchantments": {"score": {"value": 9.2, "vector": "NONE", "modified": "2018-02-23T15:43:14", "rev": 2}, "dependencies": {"references": [{"type": "nessus", "idList": ["SHOCKWAVE_PLAYER_APSB12-02.NASL", "MACOSX_SHOCKWAVE_PLAYER_APSB12-02.NASL", "OPENSUSE-2013-17.NASL"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:12208", "SECURITYVULNS:DOC:27689", "SECURITYVULNS:VULN:12207", "SECURITYVULNS:DOC:27687", "SECURITYVULNS:DOC:27690"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310802803", "OPENVAS:802804", "OPENVAS:1361412562310802398", "OPENVAS:802803", "OPENVAS:1361412562310802804", "OPENVAS:1361412562310850391", "OPENVAS:802399", "OPENVAS:1361412562310802805", "OPENVAS:802805", "OPENVAS:1361412562310802399"]}, {"type": "seebug", "idList": ["SSV:30122"]}, {"type": "cve", "idList": ["CVE-2012-0764", "CVE-2012-0760", "CVE-2012-0758", "CVE-2012-0766", "CVE-2012-0757", "CVE-2012-0771", "CVE-2012-0759", "CVE-2012-0762", "CVE-2012-0761", "CVE-2012-0763"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2014:1100-1", "OPENSUSE-SU-2013:0131-1", "OPENSUSE-SU-2013:0149-1"]}], "modified": "2018-02-23T15:43:14", "rev": 2}}, "objectVersion": "1.4", "pluginID": "802398", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_adobe_shockwave_player_mult_vuln_win_feb12.nasl 8932 2018-02-23 08:01:57Z santu $\n#\n# Adobe Shockwave Player Multiple Vulnerabilities - Feb 2012 (Windows)\n#\n# Authors:\n# Rachana Shetty <srachana@secpod.com>\n#\n# Updated By: Rajat Mishra <rajatm@secpod.com> on 2018-02-19\n# - Updated to include Installation path in the report.\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:shockwave_player\";\n\ntag_impact = \"Successful exploitation will allow attackers to cause denial of service or\n execute arbitrary code by tricking a user into visiting a specially crafted\n web page.\n Impact Level: System/Application\";\ntag_affected = \"Adobe Shockwave Player Versions 11.6.3.633 and prior on Windows.\";\ntag_insight = \"The flaws are due to memory corruptions errors in Shockwave 3D Asset\n component when processing malformed file.\";\ntag_solution = \"Upgrade to Adobe Shockwave Player version 11.6.4.634 or later,\n For updates refer to http://get.adobe.com/shockwave/otherversions/\";\ntag_summary = \"This host is installed with Adobe Shockwave Player and is prone\n to multiple vulnerabilities.\";\n\nif(description)\n{\n script_id(802398);\n script_version(\"$Revision: 8932 $\");\n script_cve_id(\"CVE-2012-0757\", \"CVE-2012-0759\", \"CVE-2012-0760\", \"CVE-2012-0761\",\n \"CVE-2012-0762\", \"CVE-2012-0763\", \"CVE-2012-0764\", \"CVE-2012-0766\",\n \"CVE-2012-0758\", \"CVE-2012-0771\");\n script_bugtraq_id(51999, 52006, 52000, 52001, 52002, 52003, 52004, 52005, 52007);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-02-23 09:01:57 +0100 (Fri, 23 Feb 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-17 12:55:43 +0530 (Fri, 17 Feb 2012)\");\n script_name(\"Adobe Shockwave Player Multiple Vulnerabilities - Feb 2012 (Windows)\");\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/47932/\");\n script_xref(name : \"URL\" , value : \"http://www.securitytracker.com/id/1026675\");\n script_xref(name : \"URL\" , value : \"http://www.adobe.com/support/security/bulletins/apsb12-02.html\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"secpod_adobe_shockwave_player_detect.nasl\");\n script_mandatory_keys(\"Adobe/ShockwavePlayer/Ver\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\n## Variables Initialization\nvers = \"\";\n\ninfos = get_app_version_and_location(cpe:CPE, exit_no_version:TRUE );\nvers = infos['version'];\npath = infos['location'];\n\n\n## Check for Adobe Shockwave Player versions prior to 11.6.4.634\nif(version_is_less(version:vers, test_version:\"11.6.4.634\"))\n{\n report = report_fixed_ver(installed_version:vers, fixed_version:\"11.6.4.634\", install_path:path);\n security_message(data:report);\n exit(0);\n}\nexit(0); \n", "naslFamily": "General", "_object_type": "robots.models.openvas.OpenVASBulletin", "_object_types": ["robots.models.base.Bulletin", "robots.models.openvas.OpenVASBulletin"]}, {"id": "OPENVAS:802805", "hash": "ade2bbd1c6546000a0ed57df8dbebd78", "type": "openvas", "bulletinFamily": "scanner", "title": "Adobe Flash Player Multiple Vulnerabilities (Mac OS X) - Feb12", "description": "This host is installed with Adobe Flash Player and is prone to\n multiple vulnerabilities.", "published": "2012-02-22T00:00:00", "modified": "2017-07-04T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=802805", "reporter": "Copyright (C) 2012 SecPod", "references": ["http://www.adobe.com/support/security/bulletins/apsb12-03.html", "http://securitytracker.com/id/1026694", "http://www.securelist.com/en/advisories/48033", "http://secunia.com/advisories/48033"], "cvelist": ["CVE-2012-0754", "CVE-2012-0752", "CVE-2012-0757", "CVE-2012-0753", "CVE-2012-0756", "CVE-2012-0767"], "lastseen": "2017-07-19T10:50:19", "history": [{"lastseen": "2017-07-02T21:10:40", "differentElements": ["modified", "sourceData"], "edition": 1, "bulletin": {"id": "OPENVAS:802805", "hash": "ff0c0d9a568539935dc282736377f47c949e587e74a23ed3b8e748cf814ffe0a", "type": "openvas", "bulletinFamily": "scanner", "title": "Adobe Flash Player Multiple Vulnerabilities (Mac OS X) - Feb12", "description": "This host is installed with Adobe Flash Player and is prone to\n multiple vulnerabilities.", "published": "2012-02-22T00:00:00", "modified": "2017-04-14T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=802805", "reporter": "Copyright (C) 2012 SecPod", "references": ["http://www.adobe.com/support/security/bulletins/apsb12-03.html", "http://securitytracker.com/id/1026694", "http://www.securelist.com/en/advisories/48033", "http://secunia.com/advisories/48033"], "cvelist": ["CVE-2012-0754", "CVE-2012-0752", "CVE-2012-0757", "CVE-2012-0753", "CVE-2012-0756", "CVE-2012-0767"], "lastseen": "2017-07-02T21:10:40", "history": [], "viewCount": 0, "enchantments": {}, "objectVersion": "1.4", "pluginID": "802805", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: secpod_adobe_flash_player_mult_vuln_macosx_feb12.nasl 5956 2017-04-14 09:02:12Z teissa $\n#\n# Adobe Flash Player Multiple Vulnerabilities (Mac OS X) - Feb12\n#\n# Authors:\n# Rachana Shetty <srachana@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2012 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation will allow remote attackers to execute arbitrary\n code in the context of the affected application or cause a denial of\n service condition.\n Impact Level: Application.\";\ntag_affected = \"Adobe Flash Player version before 10.3.183.15\n Adobe Flash Player version 11.x through 11.1.102.55 on Mac OS X\";\ntag_insight = \"The flaws are due to,\n - A memory corruption error in ActiveX control\n - A type confusion memory corruption error\n - An unspecified error related to MP4 parsing\n - Many unspecified erros which allows to bypass certain security\n restrictions\n - Improper validation of user supplied input which allows\n attackers to execute arbitrary HTML and script code in a user's browser\n session\";\ntag_solution = \"Upgrade to Adobe Flash Player version 10.3.183.15 or 11.1.102.62 or later,\n For updates refer to http://www.adobe.com/downloads/\";\ntag_summary = \"This host is installed with Adobe Flash Player and is prone to\n multiple vulnerabilities.\";\n\nif(description)\n{\n script_id(802805);\n script_version(\"$Revision: 5956 $\");\n script_cve_id(\"CVE-2012-0752\", \"CVE-2012-0753\", \"CVE-2012-0754\", \"CVE-2012-0757\",\n \"CVE-2012-0756\", \"CVE-2012-0767\");\n script_bugtraq_id(52032, 52033, 52034, 51999, 52036, 52040);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-04-14 11:02:12 +0200 (Fri, 14 Apr 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-22 14:54:18 +0530 (Wed, 22 Feb 2012)\");\n script_name(\"Adobe Flash Player Multiple Vulnerabilities (Mac OS X) - Feb12\");\n\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2012 SecPod\");\n script_family(\"General\");\n script_dependencies(\"secpod_adobe_prdts_detect_macosx.nasl\");\n script_require_keys(\"Adobe/Flash/Player/MacOSX/Version\", \"ssh/login/uname\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/48033\");\n script_xref(name : \"URL\" , value : \"http://securitytracker.com/id/1026694\");\n script_xref(name : \"URL\" , value : \"http://www.securelist.com/en/advisories/48033\");\n script_xref(name : \"URL\" , value : \"http://www.adobe.com/support/security/bulletins/apsb12-03.html\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\n# Variable Initialization\nflashVer = NULL;\n\n#Get Adobe Flash Player Version\nflashVer = get_kb_item(\"Adobe/Flash/Player/MacOSX/Version\");\nif(isnull(flashVer)){\n exit(0);\n}\n\n## Check for Adobe Flash Player versions 11.1.102.55 and prior\nif(version_is_less(version:flashVer, test_version:\"10.3.183.15\")||\n version_in_range(version:flashVer, test_version:\"11.0\", test_version2:\"11.1.102.55\")){\n security_message(0);\n}\n", "naslFamily": "General"}}], "viewCount": 2, "enchantments": {"score": {"value": 11.2, "vector": "NONE", "modified": "2017-07-19T10:50:19", "rev": 2}, "dependencies": {"references": [{"type": "openvas", "idList": ["OPENVAS:850292", "OPENVAS:1361412562310802804", "OPENVAS:1361412562310850292", "OPENVAS:136141256231071165", "OPENVAS:71317", "OPENVAS:71165", "OPENVAS:1361412562310802805", "OPENVAS:802804", "OPENVAS:1361412562310802803", "OPENVAS:802803"]}, {"type": "seebug", "idList": ["SSV:30122", "SSV:72652", "SSV:30127"]}, {"type": "suse", "idList": ["SUSE-SU-2012:0299-1", "SUSE-SU-2012:0280-1", "OPENSUSE-SU-2012:0265-1"]}, {"type": "redhat", "idList": ["RHSA-2012:0144"]}, {"type": "nessus", "idList": ["MACOSX_FLASH_PLAYER_11_1_102_62.NASL", "REDHAT-RHSA-2012-0144.NASL", "OPENSUSE-2012-98.NASL", "6804.PRM", "SUSE_11_4_FLASH-PLAYER-120216.NASL", "SUSE_FLASH-PLAYER-7982.NASL", "FREEBSD_PKG_F63BF080619D11E191AF003067B2972C.NASL", "MACOSX_ADOBE_READER_APSB12-08.NASL", "SUSE_11_FLASH-PLAYER-120216.NASL", "FLASH_PLAYER_APSB12-03.NASL"]}, {"type": "cve", "idList": ["CVE-2012-0752", "CVE-2012-0757", "CVE-2012-0756", "CVE-2012-0767", "CVE-2012-0753", "CVE-2012-0754"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2012-0767", "UB:CVE-2012-0752", "UB:CVE-2012-0754", "UB:CVE-2012-0753", "UB:CVE-2012-0756"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:28140", "SECURITYVULNS:DOC:27688", "SECURITYVULNS:DOC:27687", "SECURITYVULNS:VULN:12207", "SECURITYVULNS:VULN:12208"]}, {"type": "freebsd", "idList": ["F63BF080-619D-11E1-91AF-003067B2972C"]}, {"type": "threatpost", "idList": ["THREATPOST:CCE9EBF5B99C6E51775FBFE56555414D", "THREATPOST:A681E28F5715293A8048074FD1795ADD", "THREATPOST:D17217FC687A5798310BB8A4976EF252", "THREATPOST:B5C592F42525CA35F23F8179FC0E60B7", "THREATPOST:BD2F67E24A249342BCF7347DF7935828"]}, {"type": "symantec", "idList": ["SMNTC-52034"]}, {"type": "gentoo", "idList": ["GLSA-201204-07"]}, {"type": "canvas", "idList": ["ADOBE_FLASH_MP4_CPRT"]}, {"type": "exploitdb", "idList": ["EDB-ID:18572"]}, {"type": "saint", "idList": ["SAINT:45F73D67C89B09D378D3607F06A1657B", "SAINT:C93DC6DF137307868C38645D758E578E", "SAINT:82F50062D6E1368900D998FC42FC8FC7"]}, {"type": "zdi", "idList": ["ZDI-12-080", "ZDI-12-047"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:110559"]}, {"type": "metasploit", "idList": ["MSF:EXPLOIT/WINDOWS/BROWSER/ADOBE_FLASH_MP4_CPRT"]}, {"type": "securelist", "idList": ["SECURELIST:FA58963C07F2F288FA3096096F60BCF3"]}], "modified": "2017-07-19T10:50:19", "rev": 2}}, "objectVersion": "1.5", "pluginID": "802805", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: secpod_adobe_flash_player_mult_vuln_macosx_feb12.nasl 6521 2017-07-04 14:51:10Z cfischer $\n#\n# Adobe Flash Player Multiple Vulnerabilities (Mac OS X) - Feb12\n#\n# Authors:\n# Rachana Shetty <srachana@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2012 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation will allow remote attackers to execute arbitrary\n code in the context of the affected application or cause a denial of\n service condition.\n Impact Level: Application.\";\ntag_affected = \"Adobe Flash Player version before 10.3.183.15\n Adobe Flash Player version 11.x through 11.1.102.55 on Mac OS X\";\ntag_insight = \"The flaws are due to,\n - A memory corruption error in ActiveX control\n - A type confusion memory corruption error\n - An unspecified error related to MP4 parsing\n - Many unspecified erros which allows to bypass certain security\n restrictions\n - Improper validation of user supplied input which allows\n attackers to execute arbitrary HTML and script code in a user's browser\n session\";\ntag_solution = \"Upgrade to Adobe Flash Player version 10.3.183.15 or 11.1.102.62 or later,\n For updates refer to http://www.adobe.com/downloads/\";\ntag_summary = \"This host is installed with Adobe Flash Player and is prone to\n multiple vulnerabilities.\";\n\nif(description)\n{\n script_id(802805);\n script_version(\"$Revision: 6521 $\");\n script_cve_id(\"CVE-2012-0752\", \"CVE-2012-0753\", \"CVE-2012-0754\", \"CVE-2012-0757\",\n \"CVE-2012-0756\", \"CVE-2012-0767\");\n script_bugtraq_id(52032, 52033, 52034, 51999, 52036, 52040);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-04 16:51:10 +0200 (Tue, 04 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-22 14:54:18 +0530 (Wed, 22 Feb 2012)\");\n script_name(\"Adobe Flash Player Multiple Vulnerabilities (Mac OS X) - Feb12\");\n\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2012 SecPod\");\n script_family(\"General\");\n script_dependencies(\"secpod_adobe_prdts_detect_macosx.nasl\");\n script_mandatory_keys(\"Adobe/Flash/Player/MacOSX/Version\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/48033\");\n script_xref(name : \"URL\" , value : \"http://securitytracker.com/id/1026694\");\n script_xref(name : \"URL\" , value : \"http://www.securelist.com/en/advisories/48033\");\n script_xref(name : \"URL\" , value : \"http://www.adobe.com/support/security/bulletins/apsb12-03.html\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\n# Variable Initialization\nflashVer = NULL;\n\n#Get Adobe Flash Player Version\nflashVer = get_kb_item(\"Adobe/Flash/Player/MacOSX/Version\");\nif(isnull(flashVer)){\n exit(0);\n}\n\n## Check for Adobe Flash Player versions 11.1.102.55 and prior\nif(version_is_less(version:flashVer, test_version:\"10.3.183.15\")||\n version_in_range(version:flashVer, test_version:\"11.0\", test_version2:\"11.1.102.55\")){\n security_message(0);\n}\n", "naslFamily": "General", "_object_type": "robots.models.openvas.OpenVASBulletin", "_object_types": ["robots.models.base.Bulletin", "robots.models.openvas.OpenVASBulletin"], "immutableFields": [], "cvss2": {}, "cvss3": {}}, {"id": "OPENVAS:1361412562310802805", "hash": "d5db493bc4b0edfe411a44f2582d8f6a", "type": "openvas", "bulletinFamily": "scanner", "title": "Adobe Flash Player Multiple Vulnerabilities (Mac OS X) - Feb12", "description": "This host is installed with Adobe Flash Player and is prone to\n multiple vulnerabilities.", "published": "2012-02-22T00:00:00", "modified": "2019-09-16T00:00:00", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310802805", "reporter": "Copyright (C) 2012 SecPod", "references": ["http://www.adobe.com/support/security/bulletins/apsb12-03.html", "http://securitytracker.com/id/1026694", "http://www.securelist.com/en/advisories/48033", "http://secunia.com/advisories/48033"], "cvelist": ["CVE-2012-0754", "CVE-2012-0752", "CVE-2012-0757", "CVE-2012-0753", "CVE-2012-0756", "CVE-2012-0767"], "lastseen": "2019-09-23T15:14:40", "history": [{"bulletin": {"id": "OPENVAS:1361412562310802805", "hash": "7dacf5c8545cb926ac4fa9c7feb18476c9e4ea2af898bdeb61aa1bb493bfca8c", "type": "openvas", "bulletinFamily": "scanner", "title": "Adobe Flash Player Multiple Vulnerabilities (Mac OS X) - Feb12", "description": "This host is installed with Adobe Flash Player and is prone to\n multiple vulnerabilities.", "published": "2012-02-22T00:00:00", "modified": "2018-04-06T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310802805", "reporter": "Copyright (C) 2012 SecPod", "references": ["http://www.adobe.com/support/security/bulletins/apsb12-03.html", "http://securitytracker.com/id/1026694", "http://www.securelist.com/en/advisories/48033", "http://secunia.com/advisories/48033"], "cvelist": ["CVE-2012-0754", "CVE-2012-0752", "CVE-2012-0757", "CVE-2012-0753", "CVE-2012-0756", "CVE-2012-0767"], "lastseen": "2018-04-06T11:18:02", "history": [], "viewCount": 0, "enchantments": {"score": {"value": 9.3, "vector": "NONE"}}, "objectVersion": "1.4", "pluginID": "1361412562310802805", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: secpod_adobe_flash_player_mult_vuln_macosx_feb12.nasl 9352 2018-04-06 07:13:02Z cfischer $\n#\n# Adobe Flash Player Multiple Vulnerabilities (Mac OS X) - Feb12\n#\n# Authors:\n# Rachana Shetty <srachana@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2012 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation will allow remote attackers to execute arbitrary\n code in the context of the affected application or cause a denial of\n service condition.\n Impact Level: Application.\";\ntag_affected = \"Adobe Flash Player version before 10.3.183.15\n Adobe Flash Player version 11.x through 11.1.102.55 on Mac OS X\";\ntag_insight = \"The flaws are due to,\n - A memory corruption error in ActiveX control\n - A type confusion memory corruption error\n - An unspecified error related to MP4 parsing\n - Many unspecified erros which allows to bypass certain security\n restrictions\n - Improper validation of user supplied input which allows\n attackers to execute arbitrary HTML and script code in a user's browser\n session\";\ntag_solution = \"Upgrade to Adobe Flash Player version 10.3.183.15 or 11.1.102.62 or later,\n For updates refer to http://www.adobe.com/downloads/\";\ntag_summary = \"This host is installed with Adobe Flash Player and is prone to\n multiple vulnerabilities.\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.802805\");\n script_version(\"$Revision: 9352 $\");\n script_cve_id(\"CVE-2012-0752\", \"CVE-2012-0753\", \"CVE-2012-0754\", \"CVE-2012-0757\",\n \"CVE-2012-0756\", \"CVE-2012-0767\");\n script_bugtraq_id(52032, 52033, 52034, 51999, 52036, 52040);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:13:02 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-22 14:54:18 +0530 (Wed, 22 Feb 2012)\");\n script_name(\"Adobe Flash Player Multiple Vulnerabilities (Mac OS X) - Feb12\");\n\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2012 SecPod\");\n script_family(\"General\");\n script_dependencies(\"secpod_adobe_prdts_detect_macosx.nasl\");\n script_mandatory_keys(\"Adobe/Flash/Player/MacOSX/Version\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/48033\");\n script_xref(name : \"URL\" , value : \"http://securitytracker.com/id/1026694\");\n script_xref(name : \"URL\" , value : \"http://www.securelist.com/en/advisories/48033\");\n script_xref(name : \"URL\" , value : \"http://www.adobe.com/support/security/bulletins/apsb12-03.html\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\n# Variable Initialization\nflashVer = NULL;\n\n#Get Adobe Flash Player Version\nflashVer = get_kb_item(\"Adobe/Flash/Player/MacOSX/Version\");\nif(isnull(flashVer)){\n exit(0);\n}\n\n## Check for Adobe Flash Player versions 11.1.102.55 and prior\nif(version_is_less(version:flashVer, test_version:\"10.3.183.15\")||\n version_in_range(version:flashVer, test_version:\"11.0\", test_version2:\"11.1.102.55\")){\n security_message(0);\n}\n", "naslFamily": "General"}, "differentElements": ["cvss"], "edition": 1, "lastseen": "2018-04-06T11:18:02"}, {"bulletin": {"id": "OPENVAS:1361412562310802805", "hash": "4cbfbfa1c16d733ba86882139bebe78c6897f1951b45915c7d52d9af8c06c636", "type": "openvas", "bulletinFamily": "scanner", "title": "Adobe Flash Player Multiple Vulnerabilities (Mac OS X) - Feb12", "description": "This host is installed with Adobe Flash Player and is prone to\n multiple vulnerabilities.", "published": "2012-02-22T00:00:00", "modified": "2018-10-12T00:00:00", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310802805", "reporter": "Copyright (C) 2012 SecPod", "references": ["http://www.adobe.com/support/security/bulletins/apsb12-03.html", "http://securitytracker.com/id/1026694", "http://www.securelist.com/en/advisories/48033", "http://secunia.com/advisories/48033", "http://www.adobe.com/downloads/"], "cvelist": ["CVE-2012-0754", "CVE-2012-0752", "CVE-2012-0757", "CVE-2012-0753", "CVE-2012-0756", "CVE-2012-0767"], "lastseen": "2019-05-29T18:39:04", "history": [], "viewCount": 1, "enchantments": {"dependencies": {"modified": "2019-05-29T18:39:04", "references": [{"idList": ["EDB-ID:18572"], "type": "exploitdb"}, {"idList": ["SECURELIST:FA58963C07F2F288FA3096096F60BCF3"], "type": "securelist"}, {"idList": ["F63BF080-619D-11E1-91AF-003067B2972C"], "type": "freebsd"}, {"idList": ["CVE-2012-0754", "CVE-2012-0752", "CVE-2012-0757", "CVE-2012-0753", "CVE-2012-0756", "CVE-2012-0767"], "type": "cve"}, {"idList": ["OPENVAS:71165", "OPENVAS:802805", "OPENVAS:802803", "OPENVAS:1361412562310850292", "OPENVAS:136141256231071317", "OPENVAS:1361412562310802803", "OPENVAS:802804", "OPENVAS:1361412562310802804", "OPENVAS:136141256231071165", "OPENVAS:850292"], "type": "openvas"}, {"idList": ["OPENSUSE-SU-2012:0265-1", "SUSE-SU-2012:0280-1", "SUSE-SU-2012:0299-1"], "type": "suse"}, {"idList": ["ZDI-12-080", "ZDI-12-047"], "type": "zdi"}, {"idList": ["GLSA-201204-07"], "type": "gentoo"}, {"idList": ["SECURITYVULNS:DOC:27687", "SECURITYVULNS:DOC:27688", "SECURITYVULNS:VULN:12208", "SECURITYVULNS:DOC:28140", "SECURITYVULNS:VULN:12207"], "type": "securityvulns"}, {"idList": ["SMNTC-52034"], "type": "symantec"}, {"idList": ["ADOBE_FLASH_MP4_CPRT"], "type": "canvas"}, {"idList": ["SSV:72652", "SSV:30122", "SSV:30127"], "type": "seebug"}, {"idList": ["RHSA-2012:0144"], "type": "redhat"}, {"idList": ["MSF:EXPLOIT/WINDOWS/BROWSER/ADOBE_FLASH_MP4_CPRT"], "type": "metasploit"}, {"idList": ["THREATPOST:CCE9EBF5B99C6E51775FBFE56555414D", "THREATPOST:D17217FC687A5798310BB8A4976EF252", "THREATPOST:A681E28F5715293A8048074FD1795ADD", "THREATPOST:BD2F67E24A249342BCF7347DF7935828", "THREATPOST:B5C592F42525CA35F23F8179FC0E60B7"], "type": "threatpost"}, {"idList": ["SAINT:45F73D67C89B09D378D3607F06A1657B", "SAINT:82F50062D6E1368900D998FC42FC8FC7", "SAINT:C93DC6DF137307868C38645D758E578E"], "type": "saint"}, {"idList": ["PACKETSTORM:110559"], "type": "packetstorm"}, {"idList": ["FLASH_PLAYER_APSB12-03.NASL", "FREEBSD_PKG_F63BF080619D11E191AF003067B2972C.NASL", "GENTOO_GLSA-201204-07.NASL", "SUSE_FLASH-PLAYER-7982.NASL", "OPENSUSE-2012-98.NASL", "MACOSX_FLASH_PLAYER_11_1_102_62.NASL", "MACOSX_ADOBE_READER_APSB12-08.NASL", "REDHAT-RHSA-2012-0144.NASL", "SUSE_11_4_FLASH-PLAYER-120216.NASL", "SUSE_11_FLASH-PLAYER-120216.NASL"], "type": "nessus"}]}, "score": {"modified": "2019-05-29T18:39:04", "value": 11.3, "vector": "NONE"}}, "objectVersion": "1.4", "pluginID": "1361412562310802805", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: secpod_adobe_flash_player_mult_vuln_macosx_feb12.nasl 11857 2018-10-12 08:25:16Z cfischer $\n#\n# Adobe Flash Player Multiple Vulnerabilities (Mac OS X) - Feb12\n#\n# Authors:\n# Rachana Shetty <srachana@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2012 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.802805\");\n script_version(\"$Revision: 11857 $\");\n script_cve_id(\"CVE-2012-0752\", \"CVE-2012-0753\", \"CVE-2012-0754\", \"CVE-2012-0757\",\n \"CVE-2012-0756\", \"CVE-2012-0767\");\n script_bugtraq_id(52032, 52033, 52034, 51999, 52036, 52040);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-12 10:25:16 +0200 (Fri, 12 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-22 14:54:18 +0530 (Wed, 22 Feb 2012)\");\n script_name(\"Adobe Flash Player Multiple Vulnerabilities (Mac OS X) - Feb12\");\n\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2012 SecPod\");\n script_family(\"General\");\n script_dependencies(\"secpod_adobe_prdts_detect_macosx.nasl\");\n script_mandatory_keys(\"Adobe/Flash/Player/MacOSX/Version\");\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote attackers to execute arbitrary\n code in the context of the affected application or cause a denial of\n service condition.\n .\");\n script_tag(name:\"affected\", value:\"Adobe Flash Player version before 10.3.183.15\n Adobe Flash Player version 11.x through 11.1.102.55 on Mac OS X\");\n script_tag(name:\"insight\", value:\"The flaws are due to,\n\n - A memory corruption error in ActiveX control\n\n - A type confusion memory corruption error\n\n - An unspecified error related to MP4 parsing\n\n - Many unspecified erros which allows to bypass certain security\n restrictions\n\n - Improper validation of user supplied input which allows\n attackers to execute arbitrary HTML and script code in a user's browser\n session\");\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Flash Player version 10.3.183.15 or 11.1.102.62 or later.\");\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Flash Player and is prone to\n multiple vulnerabilities.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/48033\");\n script_xref(name:\"URL\", value:\"http://securitytracker.com/id/1026694\");\n script_xref(name:\"URL\", value:\"http://www.securelist.com/en/advisories/48033\");\n script_xref(name:\"URL\", value:\"http://www.adobe.com/support/security/bulletins/apsb12-03.html\");\n script_xref(name:\"URL\", value:\"http://www.adobe.com/downloads/\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\nflashVer = get_kb_item(\"Adobe/Flash/Player/MacOSX/Version\");\nif(isnull(flashVer)){\n exit(0);\n}\n\nif(version_is_less(version:flashVer, test_version:\"10.3.183.15\")||\n version_in_range(version:flashVer, test_version:\"11.0\", test_version2:\"11.1.102.55\")){\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n}\n", "naslFamily": "General"}, "differentElements": ["references", "modified", "sourceData"], "edition": 8, "lastseen": "2019-05-29T18:39:04"}, {"bulletin": {"id": "OPENVAS:1361412562310802805", "hash": "06853b74f8015c2d118a3c8fa40fb1d25b8d6d20b9d384e5effa5db1b701c015", "type": "openvas", "bulletinFamily": "scanner", "title": "Adobe Flash Player Multiple Vulnerabilities (Mac OS X) - Feb12", "description": "This host is installed with Adobe Flash Player and is prone to\n multiple vulnerabilities.", "published": "2012-02-22T00:00:00", "modified": "2018-10-12T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310802805", "reporter": "Copyright (C) 2012 SecPod", "references": ["http://www.adobe.com/support/security/bulletins/apsb12-03.html", "http://securitytracker.com/id/1026694", "http://www.securelist.com/en/advisories/48033", "http://secunia.com/advisories/48033", "http://www.adobe.com/downloads/"], "cvelist": ["CVE-2012-0754", "CVE-2012-0752", "CVE-2012-0757", "CVE-2012-0753", "CVE-2012-0756", "CVE-2012-0767"], "lastseen": "2018-10-12T12:46:34", "history": [], "viewCount": 0, "enchantments": {"score": {"value": 9.3, "vector": "NONE"}}, "objectVersion": "1.4", "pluginID": "1361412562310802805", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: secpod_adobe_flash_player_mult_vuln_macosx_feb12.nasl 11855 2018-10-12 07:34:51Z cfischer $\n#\n# Adobe Flash Player Multiple Vulnerabilities (Mac OS X) - Feb12\n#\n# Authors:\n# Rachana Shetty <srachana@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2012 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.802805\");\n script_version(\"$Revision: 11855 $\");\n script_cve_id(\"CVE-2012-0752\", \"CVE-2012-0753\", \"CVE-2012-0754\", \"CVE-2012-0757\",\n \"CVE-2012-0756\", \"CVE-2012-0767\");\n script_bugtraq_id(52032, 52033, 52034, 51999, 52036, 52040);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-12 09:34:51 +0200 (Fri, 12 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-22 14:54:18 +0530 (Wed, 22 Feb 2012)\");\n script_name(\"Adobe Flash Player Multiple Vulnerabilities (Mac OS X) - Feb12\");\n\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2012 SecPod\");\n script_family(\"General\");\n script_dependencies(\"secpod_adobe_prdts_detect_macosx.nasl\");\n script_mandatory_keys(\"Adobe/Flash/Player/MacOSX/Version\");\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote attackers to execute arbitrary\n code in the context of the affected application or cause a denial of\n service condition.\n .\");\n script_tag(name:\"affected\", value:\"Adobe Flash Player version before 10.3.183.15\n Adobe Flash Player version 11.x through 11.1.102.55 on Mac OS X\");\n script_tag(name:\"insight\", value:\"The flaws are due to,\n\n - A memory corruption error in ActiveX control\n\n - A type confusion memory corruption error\n\n - An unspecified error related to MP4 parsing\n\n - Many unspecified erros which allows to bypass certain security\n restrictions\n\n - Improper validation of user supplied input which allows\n attackers to execute arbitrary HTML and script code in a user's browser\n session\");\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Flash Player version 10.3.183.15 or 11.1.102.62 or later,\");\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Flash Player and is prone to\n multiple vulnerabilities.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/48033\");\n script_xref(name:\"URL\", value:\"http://securitytracker.com/id/1026694\");\n script_xref(name:\"URL\", value:\"http://www.securelist.com/en/advisories/48033\");\n script_xref(name:\"URL\", value:\"http://www.adobe.com/support/security/bulletins/apsb12-03.html\");\n script_xref(name:\"URL\", value:\"http://www.adobe.com/downloads/\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\nflashVer = get_kb_item(\"Adobe/Flash/Player/MacOSX/Version\");\nif(isnull(flashVer)){\n exit(0);\n}\n\nif(version_is_less(version:flashVer, test_version:\"10.3.183.15\")||\n version_in_range(version:flashVer, test_version:\"11.0\", test_version2:\"11.1.102.55\")){\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n}\n", "naslFamily": "General"}, "differentElements": ["sourceData"], "edition": 6, "lastseen": "2018-10-12T12:46:34"}, {"bulletin": {"id": "OPENVAS:1361412562310802805", "hash": "5d0a05511fa6333988f34e158dd6af4443bdd0037aab620bbda1f458ed9f2af7", "type": "openvas", "bulletinFamily": "scanner", "title": "Adobe Flash Player Multiple Vulnerabilities (Mac OS X) - Feb12", "description": "This host is installed with Adobe Flash Player and is prone to\n multiple vulnerabilities.", "published": "2012-02-22T00:00:00", "modified": "2018-10-12T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310802805", "reporter": "Copyright (C) 2012 SecPod", "references": ["http://www.adobe.com/support/security/bulletins/apsb12-03.html", "http://securitytracker.com/id/1026694", "http://www.securelist.com/en/advisories/48033", "http://secunia.com/advisories/48033", "http://www.adobe.com/downloads/"], "cvelist": ["CVE-2012-0754", "CVE-2012-0752", "CVE-2012-0757", "CVE-2012-0753", "CVE-2012-0756", "CVE-2012-0767"], "lastseen": "2018-10-22T16:43:29", "history": [], "viewCount": 1, "enchantments": {"dependencies": {"modified": "2018-10-22T16:43:29", "references": [{"idList": ["EDB-ID:18572"], "type": "exploitdb"}, {"idList": ["SECURELIST:FA58963C07F2F288FA3096096F60BCF3"], "type": "securelist"}, {"idList": ["F63BF080-619D-11E1-91AF-003067B2972C"], "type": "freebsd"}, {"idList": ["CVE-2012-0754", "CVE-2012-0752", "CVE-2012-0757", "CVE-2012-0753", "CVE-2012-0756", "CVE-2012-0767"], "type": "cve"}, {"idList": ["OPENVAS:71165", "OPENVAS:802805", "OPENVAS:802803", "OPENVAS:1361412562310850292", "OPENVAS:136141256231071317", "OPENVAS:1361412562310802803", "OPENVAS:802804", "OPENVAS:1361412562310802804", "OPENVAS:136141256231071165", "OPENVAS:850292"], "type": "openvas"}, {"idList": ["OPENSUSE-SU-2012:0265-1", "SUSE-SU-2012:0280-1", "SUSE-SU-2012:0299-1"], "type": "suse"}, {"idList": ["ZDI-12-080", "ZDI-12-047"], "type": "zdi"}, {"idList": ["GLSA-201204-07"], "type": "gentoo"}, {"idList": ["SECURITYVULNS:DOC:27687", "SECURITYVULNS:DOC:27688", "SECURITYVULNS:VULN:12208", "SECURITYVULNS:DOC:28140", "SECURITYVULNS:VULN:12207"], "type": "securityvulns"}, {"idList": ["SMNTC-52034"], "type": "symantec"}, {"idList": ["ADOBE_FLASH_MP4_CPRT"], "type": "canvas"}, {"idList": ["SSV:72652", "SSV:30122", "SSV:30127"], "type": "seebug"}, {"idList": ["RHSA-2012:0144"], "type": "redhat"}, {"idList": ["MSF:EXPLOIT/WINDOWS/BROWSER/ADOBE_FLASH_MP4_CPRT"], "type": "metasploit"}, {"idList": ["THREATPOST:CCE9EBF5B99C6E51775FBFE56555414D", "THREATPOST:D17217FC687A5798310BB8A4976EF252", "THREATPOST:A681E28F5715293A8048074FD1795ADD", "THREATPOST:BD2F67E24A249342BCF7347DF7935828", "THREATPOST:B5C592F42525CA35F23F8179FC0E60B7"], "type": "threatpost"}, {"idList": ["SAINT:45F73D67C89B09D378D3607F06A1657B", "SAINT:82F50062D6E1368900D998FC42FC8FC7", "SAINT:C93DC6DF137307868C38645D758E578E"], "type": "saint"}, {"idList": ["PACKETSTORM:110559"], "type": "packetstorm"}, {"idList": ["FLASH_PLAYER_APSB12-03.NASL", "FREEBSD_PKG_F63BF080619D11E191AF003067B2972C.NASL", "GENTOO_GLSA-201204-07.NASL", "SUSE_FLASH-PLAYER-7982.NASL", "OPENSUSE-2012-98.NASL", "MACOSX_FLASH_PLAYER_11_1_102_62.NASL", "MACOSX_ADOBE_READER_APSB12-08.NASL", "REDHAT-RHSA-2012-0144.NASL", "SUSE_11_4_FLASH-PLAYER-120216.NASL", "SUSE_11_FLASH-PLAYER-120216.NASL"], "type": "nessus"}]}, "score": {"value": 9.3, "vector": "NONE"}}, "objectVersion": "1.4", "pluginID": "1361412562310802805", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: secpod_adobe_flash_player_mult_vuln_macosx_feb12.nasl 11857 2018-10-12 08:25:16Z cfischer $\n#\n# Adobe Flash Player Multiple Vulnerabilities (Mac OS X) - Feb12\n#\n# Authors:\n# Rachana Shetty <srachana@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2012 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.802805\");\n script_version(\"$Revision: 11857 $\");\n script_cve_id(\"CVE-2012-0752\", \"CVE-2012-0753\", \"CVE-2012-0754\", \"CVE-2012-0757\",\n \"CVE-2012-0756\", \"CVE-2012-0767\");\n script_bugtraq_id(52032, 52033, 52034, 51999, 52036, 52040);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-12 10:25:16 +0200 (Fri, 12 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-22 14:54:18 +0530 (Wed, 22 Feb 2012)\");\n script_name(\"Adobe Flash Player Multiple Vulnerabilities (Mac OS X) - Feb12\");\n\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2012 SecPod\");\n script_family(\"General\");\n script_dependencies(\"secpod_adobe_prdts_detect_macosx.nasl\");\n script_mandatory_keys(\"Adobe/Flash/Player/MacOSX/Version\");\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote attackers to execute arbitrary\n code in the context of the affected application or cause a denial of\n service condition.\n .\");\n script_tag(name:\"affected\", value:\"Adobe Flash Player version before 10.3.183.15\n Adobe Flash Player version 11.x through 11.1.102.55 on Mac OS X\");\n script_tag(name:\"insight\", value:\"The flaws are due to,\n\n - A memory corruption error in ActiveX control\n\n - A type confusion memory corruption error\n\n - An unspecified error related to MP4 parsing\n\n - Many unspecified erros which allows to bypass certain security\n restrictions\n\n - Improper validation of user supplied input which allows\n attackers to execute arbitrary HTML and script code in a user's browser\n session\");\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Flash Player version 10.3.183.15 or 11.1.102.62 or later.\");\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Flash Player and is prone to\n multiple vulnerabilities.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/48033\");\n script_xref(name:\"URL\", value:\"http://securitytracker.com/id/1026694\");\n script_xref(name:\"URL\", value:\"http://www.securelist.com/en/advisories/48033\");\n script_xref(name:\"URL\", value:\"http://www.adobe.com/support/security/bulletins/apsb12-03.html\");\n script_xref(name:\"URL\", value:\"http://www.adobe.com/downloads/\");\
