{"openvas": [{"lastseen": "2017-07-25T10:56:31", "bulletinFamily": "scanner", "description": "Check for the Version of seamonkey", "modified": "2017-07-10T00:00:00", "published": "2009-02-27T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=880139", "id": "OPENVAS:880139", "title": "CentOS Update for seamonkey CESA-2008:0882 centos3 x86_64", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for seamonkey CESA-2008:0882 centos3 x86_64\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"SeaMonkey is an open source Web browser, advanced email and newsgroup\n client, IRC chat client, and HTML editor.\n\n Several flaws were found in the processing of malformed web content. A web\n page containing malicious content could cause SeaMonkey to crash or,\n potentially, execute arbitrary code as the user running SeaMonkey.\n (CVE-2008-0016, CVE-2008-4058, CVE-2008-4059, CVE-2008-4060, CVE-2008-4061,\n CVE-2008-4062)\n \n Several flaws were found in the way malformed web content was displayed. A\n web page containing specially crafted content could potentially trick a\n SeaMonkey user into surrendering sensitive information. (CVE-2008-3835,\n CVE-2008-4067, CVE-2008-4068, CVE-2008-4069)\n \n A flaw was found in the way SeaMonkey handles mouse click events. A web page\n containing specially crafted JavaScript code could move the content window\n while a mouse-button was pressed, causing any item under the pointer to be\n dragged. This could, potentially, cause the user to perform an unsafe\n drag-and-drop action. (CVE-2008-3837)\n \n A flaw was found in SeaMonkey that caused certain characters to be stripped\n from JavaScript code. This flaw could allow malicious JavaScript to bypass\n or evade script filters. (CVE-2008-4065, CVE-2008-4066)\n \n All SeaMonkey users should upgrade to these updated packages, which contain\n backported patches to resolve these issues.\";\n\ntag_affected = \"seamonkey on CentOS 3\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2008-September/015269.html\");\n script_id(880139);\n script_version(\"$Revision: 6651 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:45:21 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 09:02:20 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2008:0882\");\n script_cve_id(\"CVE-2008-0016\", \"CVE-2008-3835\", \"CVE-2008-3837\", \"CVE-2008-4058\", \"CVE-2008-4059\", \"CVE-2008-4060\", \"CVE-2008-4061\", \"CVE-2008-4062\", \"CVE-2008-4065\", \"CVE-2008-4066\", \"CVE-2008-4067\", \"CVE-2008-4068\", \"CVE-2008-4069\");\n script_name( \"CentOS Update for seamonkey CESA-2008:0882 centos3 x86_64\");\n\n script_summary(\"Check for the Version of seamonkey\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS3\")\n{\n\n if ((res = isrpmvuln(pkg:\"seamonkey\", rpm:\"seamonkey~1.0.9~0.24.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-chat\", rpm:\"seamonkey-chat~1.0.9~0.24.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-devel\", rpm:\"seamonkey-devel~1.0.9~0.24.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-dom-inspector\", rpm:\"seamonkey-dom-inspector~1.0.9~0.24.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-js-debugger\", rpm:\"seamonkey-js-debugger~1.0.9~0.24.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-mail\", rpm:\"seamonkey-mail~1.0.9~0.24.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nspr\", rpm:\"seamonkey-nspr~1.0.9~0.24.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nspr-devel\", rpm:\"seamonkey-nspr-devel~1.0.9~0.24.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nss\", rpm:\"seamonkey-nss~1.0.9~0.24.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nss-devel\", rpm:\"seamonkey-nss-devel~1.0.9~0.24.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:56:18", "bulletinFamily": "scanner", "description": "Check for the Version of seamonkey", "modified": "2017-07-10T00:00:00", "published": "2009-02-27T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=880265", "id": "OPENVAS:880265", "title": "CentOS Update for seamonkey CESA-2008:0882 centos3 i386", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for seamonkey CESA-2008:0882 centos3 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"SeaMonkey is an open source Web browser, advanced email and newsgroup\n client, IRC chat client, and HTML editor.\n\n Several flaws were found in the processing of malformed web content. A web\n page containing malicious content could cause SeaMonkey to crash or,\n potentially, execute arbitrary code as the user running SeaMonkey.\n (CVE-2008-0016, CVE-2008-4058, CVE-2008-4059, CVE-2008-4060, CVE-2008-4061,\n CVE-2008-4062)\n \n Several flaws were found in the way malformed web content was displayed. A\n web page containing specially crafted content could potentially trick a\n SeaMonkey user into surrendering sensitive information. (CVE-2008-3835,\n CVE-2008-4067, CVE-2008-4068, CVE-2008-4069)\n \n A flaw was found in the way SeaMonkey handles mouse click events. A web page\n containing specially crafted JavaScript code could move the content window\n while a mouse-button was pressed, causing any item under the pointer to be\n dragged. This could, potentially, cause the user to perform an unsafe\n drag-and-drop action. (CVE-2008-3837)\n \n A flaw was found in SeaMonkey that caused certain characters to be stripped\n from JavaScript code. This flaw could allow malicious JavaScript to bypass\n or evade script filters. (CVE-2008-4065, CVE-2008-4066)\n \n All SeaMonkey users should upgrade to these updated packages, which contain\n backported patches to resolve these issues.\";\n\ntag_affected = \"seamonkey on CentOS 3\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2008-September/015268.html\");\n script_id(880265);\n script_version(\"$Revision: 6651 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:45:21 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 09:02:20 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2008:0882\");\n script_cve_id(\"CVE-2008-0016\", \"CVE-2008-3835\", \"CVE-2008-3837\", \"CVE-2008-4058\", \"CVE-2008-4059\", \"CVE-2008-4060\", \"CVE-2008-4061\", \"CVE-2008-4062\", \"CVE-2008-4065\", \"CVE-2008-4066\", \"CVE-2008-4067\", \"CVE-2008-4068\", \"CVE-2008-4069\");\n script_name( \"CentOS Update for seamonkey CESA-2008:0882 centos3 i386\");\n\n script_summary(\"Check for the Version of seamonkey\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS3\")\n{\n\n if ((res = isrpmvuln(pkg:\"seamonkey\", rpm:\"seamonkey~1.0.9~0.24.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-chat\", rpm:\"seamonkey-chat~1.0.9~0.24.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-devel\", rpm:\"seamonkey-devel~1.0.9~0.24.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-dom-inspector\", rpm:\"seamonkey-dom-inspector~1.0.9~0.24.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-js-debugger\", rpm:\"seamonkey-js-debugger~1.0.9~0.24.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-mail\", rpm:\"seamonkey-mail~1.0.9~0.24.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nspr\", rpm:\"seamonkey-nspr~1.0.9~0.24.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nspr-devel\", rpm:\"seamonkey-nspr-devel~1.0.9~0.24.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nss\", rpm:\"seamonkey-nss~1.0.9~0.24.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nss-devel\", rpm:\"seamonkey-nss-devel~1.0.9~0.24.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:57:12", "bulletinFamily": "scanner", "description": "Check for the Version of seamonkey", "modified": "2017-07-10T00:00:00", "published": "2009-02-27T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=880241", "id": "OPENVAS:880241", "title": "CentOS Update for seamonkey CESA-2008:0882-01 centos2 i386", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for seamonkey CESA-2008:0882-01 centos2 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"SeaMonkey is an open source Web browser, advanced email and newsgroup\n client, IRC chat client, and HTML editor.\n\n Several flaws were found in the processing of malformed web content. A web\n page containing malicious content could cause SeaMonkey to crash or,\n potentially, execute arbitrary code as the user running SeaMonkey.\n (CVE-2008-0016, CVE-2008-4058, CVE-2008-4059, CVE-2008-4060, CVE-2008-4061,\n CVE-2008-4062)\n \n Several flaws were found in the way malformed web content was displayed. A\n web page containing specially crafted content could potentially trick a\n SeaMonkey user into surrendering sensitive information. (CVE-2008-3835,\n CVE-2008-4067, CVE-2008-4068, CVE-2008-4069)\n \n A flaw was found in the way SeaMonkey handles mouse click events. A web page\n containing specially crafted JavaScript code could move the content window\n while a mouse-button was pressed, causing any item under the pointer to be\n dragged. This could, potentially, cause the user to perform an unsafe\n drag-and-drop action. (CVE-2008-3837)\n \n A flaw was found in SeaMonkey that caused certain characters to be stripped\n from JavaScript code. This flaw could allow malicious JavaScript to bypass\n or evade script filters. (CVE-2008-4065, CVE-2008-4066)\n \n All SeaMonkey users should upgrade to these updated packages, which contain\n backported patches to resolve these issues.\";\n\ntag_affected = \"seamonkey on CentOS 2\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2008-September/015270.html\");\n script_id(880241);\n script_version(\"$Revision: 6651 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:45:21 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 09:02:20 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2008:0882-01\");\n script_cve_id(\"CVE-2008-0016\", \"CVE-2008-3835\", \"CVE-2008-3837\", \"CVE-2008-4058\", \"CVE-2008-4059\", \"CVE-2008-4060\", \"CVE-2008-4061\", \"CVE-2008-4062\", \"CVE-2008-4065\", \"CVE-2008-4066\", \"CVE-2008-4067\", \"CVE-2008-4068\", \"CVE-2008-4069\");\n script_name( \"CentOS Update for seamonkey CESA-2008:0882-01 centos2 i386\");\n\n script_summary(\"Check for the Version of seamonkey\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS2\")\n{\n\n if ((res = isrpmvuln(pkg:\"seamonkey\", rpm:\"seamonkey~1.0.9~0.20.el2.c2.1\", rls:\"CentOS2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-chat\", rpm:\"seamonkey-chat~1.0.9~0.20.el2.c2.1\", rls:\"CentOS2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-devel\", rpm:\"seamonkey-devel~1.0.9~0.20.el2.c2.1\", rls:\"CentOS2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-dom-inspector\", rpm:\"seamonkey-dom-inspector~1.0.9~0.20.el2.c2.1\", rls:\"CentOS2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-js-debugger\", rpm:\"seamonkey-js-debugger~1.0.9~0.20.el2.c2.1\", rls:\"CentOS2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-mail\", rpm:\"seamonkey-mail~1.0.9~0.20.el2.c2.1\", rls:\"CentOS2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nspr\", rpm:\"seamonkey-nspr~1.0.9~0.20.el2.c2.1\", rls:\"CentOS2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nspr-devel\", rpm:\"seamonkey-nspr-devel~1.0.9~0.20.el2.c2.1\", rls:\"CentOS2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nss\", rpm:\"seamonkey-nss~1.0.9~0.20.el2.c2.1\", rls:\"CentOS2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nss-devel\", rpm:\"seamonkey-nss-devel~1.0.9~0.20.el2.c2.1\", rls:\"CentOS2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:39:53", "bulletinFamily": "scanner", "description": "Check for the Version of seamonkey", "modified": "2018-04-06T00:00:00", "published": "2009-02-27T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880139", "id": "OPENVAS:1361412562310880139", "title": "CentOS Update for seamonkey CESA-2008:0882 centos3 x86_64", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for seamonkey CESA-2008:0882 centos3 x86_64\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"SeaMonkey is an open source Web browser, advanced email and newsgroup\n client, IRC chat client, and HTML editor.\n\n Several flaws were found in the processing of malformed web content. A web\n page containing malicious content could cause SeaMonkey to crash or,\n potentially, execute arbitrary code as the user running SeaMonkey.\n (CVE-2008-0016, CVE-2008-4058, CVE-2008-4059, CVE-2008-4060, CVE-2008-4061,\n CVE-2008-4062)\n \n Several flaws were found in the way malformed web content was displayed. A\n web page containing specially crafted content could potentially trick a\n SeaMonkey user into surrendering sensitive information. (CVE-2008-3835,\n CVE-2008-4067, CVE-2008-4068, CVE-2008-4069)\n \n A flaw was found in the way SeaMonkey handles mouse click events. A web page\n containing specially crafted JavaScript code could move the content window\n while a mouse-button was pressed, causing any item under the pointer to be\n dragged. This could, potentially, cause the user to perform an unsafe\n drag-and-drop action. (CVE-2008-3837)\n \n A flaw was found in SeaMonkey that caused certain characters to be stripped\n from JavaScript code. This flaw could allow malicious JavaScript to bypass\n or evade script filters. (CVE-2008-4065, CVE-2008-4066)\n \n All SeaMonkey users should upgrade to these updated packages, which contain\n backported patches to resolve these issues.\";\n\ntag_affected = \"seamonkey on CentOS 3\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2008-September/015269.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880139\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 09:02:20 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2008:0882\");\n script_cve_id(\"CVE-2008-0016\", \"CVE-2008-3835\", \"CVE-2008-3837\", \"CVE-2008-4058\", \"CVE-2008-4059\", \"CVE-2008-4060\", \"CVE-2008-4061\", \"CVE-2008-4062\", \"CVE-2008-4065\", \"CVE-2008-4066\", \"CVE-2008-4067\", \"CVE-2008-4068\", \"CVE-2008-4069\");\n script_name( \"CentOS Update for seamonkey CESA-2008:0882 centos3 x86_64\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of seamonkey\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS3\")\n{\n\n if ((res = isrpmvuln(pkg:\"seamonkey\", rpm:\"seamonkey~1.0.9~0.24.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-chat\", rpm:\"seamonkey-chat~1.0.9~0.24.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-devel\", rpm:\"seamonkey-devel~1.0.9~0.24.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-dom-inspector\", rpm:\"seamonkey-dom-inspector~1.0.9~0.24.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-js-debugger\", rpm:\"seamonkey-js-debugger~1.0.9~0.24.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-mail\", rpm:\"seamonkey-mail~1.0.9~0.24.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nspr\", rpm:\"seamonkey-nspr~1.0.9~0.24.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nspr-devel\", rpm:\"seamonkey-nspr-devel~1.0.9~0.24.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nss\", rpm:\"seamonkey-nss~1.0.9~0.24.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nss-devel\", rpm:\"seamonkey-nss-devel~1.0.9~0.24.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:40:57", "bulletinFamily": "scanner", "description": "Check for the Version of seamonkey", "modified": "2018-04-06T00:00:00", "published": "2009-03-06T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870142", "id": "OPENVAS:1361412562310870142", "title": "RedHat Update for seamonkey RHSA-2008:0882-01", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for seamonkey RHSA-2008:0882-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"SeaMonkey is an open source Web browser, advanced email and newsgroup\n client, IRC chat client, and HTML editor.\n\n Several flaws were found in the processing of malformed web content. A web\n page containing malicious content could cause SeaMonkey to crash or,\n potentially, execute arbitrary code as the user running SeaMonkey.\n (CVE-2008-0016, CVE-2008-4058, CVE-2008-4059, CVE-2008-4060, CVE-2008-4061,\n CVE-2008-4062)\n \n Several flaws were found in the way malformed web content was displayed. A\n web page containing specially crafted content could potentially trick a\n SeaMonkey user into surrendering sensitive information. (CVE-2008-3835,\n CVE-2008-4067, CVE-2008-4068, CVE-2008-4069)\n \n A flaw was found in the way SeaMonkey handles mouse click events. A web page\n containing specially crafted JavaScript code could move the content window\n while a mouse-button was pressed, causing any item under the pointer to be\n dragged. This could, potentially, cause the user to perform an unsafe\n drag-and-drop action. (CVE-2008-3837)\n \n A flaw was found in SeaMonkey that caused certain characters to be stripped\n from JavaScript code. This flaw could allow malicious JavaScript to bypass\n or evade script filters. (CVE-2008-4065, CVE-2008-4066)\n \n All SeaMonkey users should upgrade to these updated packages, which contain\n backported patches to resolve these issues.\";\n\ntag_affected = \"seamonkey on Red Hat Enterprise Linux AS (Advanced Server) version 2.1,\n Red Hat Enterprise Linux ES version 2.1,\n Red Hat Enterprise Linux WS version 2.1,\n Red Hat Enterprise Linux AS version 3,\n Red Hat Enterprise Linux ES version 3,\n Red Hat Enterprise Linux WS version 3,\n Red Hat Enterprise Linux AS version 4,\n Red Hat Enterprise Linux ES version 4,\n Red Hat Enterprise Linux WS version 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2008-September/msg00012.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870142\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-06 07:30:35 +0100 (Fri, 06 Mar 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"RHSA\", value: \"2008:0882-01\");\n script_cve_id(\"CVE-2008-0016\", \"CVE-2008-3835\", \"CVE-2008-3837\", \"CVE-2008-4058\", \"CVE-2008-4059\", \"CVE-2008-4060\", \"CVE-2008-4061\", \"CVE-2008-4062\", \"CVE-2008-4065\", \"CVE-2008-4066\", \"CVE-2008-4067\", \"CVE-2008-4068\", \"CVE-2008-4069\");\n script_name( \"RedHat Update for seamonkey RHSA-2008:0882-01\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of seamonkey\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_2.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"seamonkey\", rpm:\"seamonkey~1.0.9~0.20.el2\", rls:\"RHENT_2.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-chat\", rpm:\"seamonkey-chat~1.0.9~0.20.el2\", rls:\"RHENT_2.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-devel\", rpm:\"seamonkey-devel~1.0.9~0.20.el2\", rls:\"RHENT_2.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-dom-inspector\", rpm:\"seamonkey-dom-inspector~1.0.9~0.20.el2\", rls:\"RHENT_2.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-js-debugger\", rpm:\"seamonkey-js-debugger~1.0.9~0.20.el2\", rls:\"RHENT_2.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-mail\", rpm:\"seamonkey-mail~1.0.9~0.20.el2\", rls:\"RHENT_2.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nspr\", rpm:\"seamonkey-nspr~1.0.9~0.20.el2\", rls:\"RHENT_2.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nspr-devel\", rpm:\"seamonkey-nspr-devel~1.0.9~0.20.el2\", rls:\"RHENT_2.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nss\", rpm:\"seamonkey-nss~1.0.9~0.20.el2\", rls:\"RHENT_2.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nss-devel\", rpm:\"seamonkey-nss-devel~1.0.9~0.20.el2\", rls:\"RHENT_2.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"RHENT_4\")\n{\n\n if ((res = isrpmvuln(pkg:\"devhelp\", rpm:\"devhelp~0.10~0.10.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"devhelp-debuginfo\", rpm:\"devhelp-debuginfo~0.10~0.10.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"devhelp-devel\", rpm:\"devhelp-devel~0.10~0.10.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey\", rpm:\"seamonkey~1.0.9~26.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-chat\", rpm:\"seamonkey-chat~1.0.9~26.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-debuginfo\", rpm:\"seamonkey-debuginfo~1.0.9~26.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-devel\", rpm:\"seamonkey-devel~1.0.9~26.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-dom-inspector\", rpm:\"seamonkey-dom-inspector~1.0.9~26.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-js-debugger\", rpm:\"seamonkey-js-debugger~1.0.9~26.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-mail\", rpm:\"seamonkey-mail~1.0.9~26.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"RHENT_3\")\n{\n\n if ((res = isrpmvuln(pkg:\"seamonkey\", rpm:\"seamonkey~1.0.9~0.24.el3\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-chat\", rpm:\"seamonkey-chat~1.0.9~0.24.el3\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-debuginfo\", rpm:\"seamonkey-debuginfo~1.0.9~0.24.el3\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-devel\", rpm:\"seamonkey-devel~1.0.9~0.24.el3\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-dom-inspector\", rpm:\"seamonkey-dom-inspector~1.0.9~0.24.el3\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-js-debugger\", rpm:\"seamonkey-js-debugger~1.0.9~0.24.el3\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-mail\", rpm:\"seamonkey-mail~1.0.9~0.24.el3\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nspr\", rpm:\"seamonkey-nspr~1.0.9~0.24.el3\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nspr-devel\", rpm:\"seamonkey-nspr-devel~1.0.9~0.24.el3\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nss\", rpm:\"seamonkey-nss~1.0.9~0.24.el3\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nss-devel\", rpm:\"seamonkey-nss-devel~1.0.9~0.24.el3\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:41:43", "bulletinFamily": "scanner", "description": "Check for the Version of seamonkey", "modified": "2018-04-06T00:00:00", "published": "2009-02-27T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880241", "id": "OPENVAS:1361412562310880241", "type": "openvas", "title": "CentOS Update for seamonkey CESA-2008:0882-01 centos2 i386", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for seamonkey CESA-2008:0882-01 centos2 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"SeaMonkey is an open source Web browser, advanced email and newsgroup\n client, IRC chat client, and HTML editor.\n\n Several flaws were found in the processing of malformed web content. A web\n page containing malicious content could cause SeaMonkey to crash or,\n potentially, execute arbitrary code as the user running SeaMonkey.\n (CVE-2008-0016, CVE-2008-4058, CVE-2008-4059, CVE-2008-4060, CVE-2008-4061,\n CVE-2008-4062)\n \n Several flaws were found in the way malformed web content was displayed. A\n web page containing specially crafted content could potentially trick a\n SeaMonkey user into surrendering sensitive information. (CVE-2008-3835,\n CVE-2008-4067, CVE-2008-4068, CVE-2008-4069)\n \n A flaw was found in the way SeaMonkey handles mouse click events. A web page\n containing specially crafted JavaScript code could move the content window\n while a mouse-button was pressed, causing any item under the pointer to be\n dragged. This could, potentially, cause the user to perform an unsafe\n drag-and-drop action. (CVE-2008-3837)\n \n A flaw was found in SeaMonkey that caused certain characters to be stripped\n from JavaScript code. This flaw could allow malicious JavaScript to bypass\n or evade script filters. (CVE-2008-4065, CVE-2008-4066)\n \n All SeaMonkey users should upgrade to these updated packages, which contain\n backported patches to resolve these issues.\";\n\ntag_affected = \"seamonkey on CentOS 2\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2008-September/015270.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880241\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 09:02:20 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2008:0882-01\");\n script_cve_id(\"CVE-2008-0016\", \"CVE-2008-3835\", \"CVE-2008-3837\", \"CVE-2008-4058\", \"CVE-2008-4059\", \"CVE-2008-4060\", \"CVE-2008-4061\", \"CVE-2008-4062\", \"CVE-2008-4065\", \"CVE-2008-4066\", \"CVE-2008-4067\", \"CVE-2008-4068\", \"CVE-2008-4069\");\n script_name( \"CentOS Update for seamonkey CESA-2008:0882-01 centos2 i386\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of seamonkey\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS2\")\n{\n\n if ((res = isrpmvuln(pkg:\"seamonkey\", rpm:\"seamonkey~1.0.9~0.20.el2.c2.1\", rls:\"CentOS2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-chat\", rpm:\"seamonkey-chat~1.0.9~0.20.el2.c2.1\", rls:\"CentOS2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-devel\", rpm:\"seamonkey-devel~1.0.9~0.20.el2.c2.1\", rls:\"CentOS2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-dom-inspector\", rpm:\"seamonkey-dom-inspector~1.0.9~0.20.el2.c2.1\", rls:\"CentOS2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-js-debugger\", rpm:\"seamonkey-js-debugger~1.0.9~0.20.el2.c2.1\", rls:\"CentOS2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-mail\", rpm:\"seamonkey-mail~1.0.9~0.20.el2.c2.1\", rls:\"CentOS2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nspr\", rpm:\"seamonkey-nspr~1.0.9~0.20.el2.c2.1\", rls:\"CentOS2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nspr-devel\", rpm:\"seamonkey-nspr-devel~1.0.9~0.20.el2.c2.1\", rls:\"CentOS2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nss\", rpm:\"seamonkey-nss~1.0.9~0.20.el2.c2.1\", rls:\"CentOS2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nss-devel\", rpm:\"seamonkey-nss-devel~1.0.9~0.20.el2.c2.1\", rls:\"CentOS2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:39:15", "bulletinFamily": "scanner", "description": "Check for the Version of seamonkey", "modified": "2018-04-06T00:00:00", "published": "2009-02-27T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880265", "id": "OPENVAS:1361412562310880265", "type": "openvas", "title": "CentOS Update for seamonkey CESA-2008:0882 centos3 i386", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for seamonkey CESA-2008:0882 centos3 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"SeaMonkey is an open source Web browser, advanced email and newsgroup\n client, IRC chat client, and HTML editor.\n\n Several flaws were found in the processing of malformed web content. A web\n page containing malicious content could cause SeaMonkey to crash or,\n potentially, execute arbitrary code as the user running SeaMonkey.\n (CVE-2008-0016, CVE-2008-4058, CVE-2008-4059, CVE-2008-4060, CVE-2008-4061,\n CVE-2008-4062)\n \n Several flaws were found in the way malformed web content was displayed. A\n web page containing specially crafted content could potentially trick a\n SeaMonkey user into surrendering sensitive information. (CVE-2008-3835,\n CVE-2008-4067, CVE-2008-4068, CVE-2008-4069)\n \n A flaw was found in the way SeaMonkey handles mouse click events. A web page\n containing specially crafted JavaScript code could move the content window\n while a mouse-button was pressed, causing any item under the pointer to be\n dragged. This could, potentially, cause the user to perform an unsafe\n drag-and-drop action. (CVE-2008-3837)\n \n A flaw was found in SeaMonkey that caused certain characters to be stripped\n from JavaScript code. This flaw could allow malicious JavaScript to bypass\n or evade script filters. (CVE-2008-4065, CVE-2008-4066)\n \n All SeaMonkey users should upgrade to these updated packages, which contain\n backported patches to resolve these issues.\";\n\ntag_affected = \"seamonkey on CentOS 3\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2008-September/015268.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880265\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 09:02:20 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2008:0882\");\n script_cve_id(\"CVE-2008-0016\", \"CVE-2008-3835\", \"CVE-2008-3837\", \"CVE-2008-4058\", \"CVE-2008-4059\", \"CVE-2008-4060\", \"CVE-2008-4061\", \"CVE-2008-4062\", \"CVE-2008-4065\", \"CVE-2008-4066\", \"CVE-2008-4067\", \"CVE-2008-4068\", \"CVE-2008-4069\");\n script_name( \"CentOS Update for seamonkey CESA-2008:0882 centos3 i386\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of seamonkey\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS3\")\n{\n\n if ((res = isrpmvuln(pkg:\"seamonkey\", rpm:\"seamonkey~1.0.9~0.24.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-chat\", rpm:\"seamonkey-chat~1.0.9~0.24.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-devel\", rpm:\"seamonkey-devel~1.0.9~0.24.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-dom-inspector\", rpm:\"seamonkey-dom-inspector~1.0.9~0.24.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-js-debugger\", rpm:\"seamonkey-js-debugger~1.0.9~0.24.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-mail\", rpm:\"seamonkey-mail~1.0.9~0.24.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nspr\", rpm:\"seamonkey-nspr~1.0.9~0.24.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nspr-devel\", rpm:\"seamonkey-nspr-devel~1.0.9~0.24.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nss\", rpm:\"seamonkey-nss~1.0.9~0.24.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nss-devel\", rpm:\"seamonkey-nss-devel~1.0.9~0.24.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-27T10:56:32", "bulletinFamily": "scanner", "description": "Check for the Version of seamonkey", "modified": "2017-07-12T00:00:00", "published": "2009-03-06T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=870142", "id": "OPENVAS:870142", "title": "RedHat Update for seamonkey RHSA-2008:0882-01", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for seamonkey RHSA-2008:0882-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"SeaMonkey is an open source Web browser, advanced email and newsgroup\n client, IRC chat client, and HTML editor.\n\n Several flaws were found in the processing of malformed web content. A web\n page containing malicious content could cause SeaMonkey to crash or,\n potentially, execute arbitrary code as the user running SeaMonkey.\n (CVE-2008-0016, CVE-2008-4058, CVE-2008-4059, CVE-2008-4060, CVE-2008-4061,\n CVE-2008-4062)\n \n Several flaws were found in the way malformed web content was displayed. A\n web page containing specially crafted content could potentially trick a\n SeaMonkey user into surrendering sensitive information. (CVE-2008-3835,\n CVE-2008-4067, CVE-2008-4068, CVE-2008-4069)\n \n A flaw was found in the way SeaMonkey handles mouse click events. A web page\n containing specially crafted JavaScript code could move the content window\n while a mouse-button was pressed, causing any item under the pointer to be\n dragged. This could, potentially, cause the user to perform an unsafe\n drag-and-drop action. (CVE-2008-3837)\n \n A flaw was found in SeaMonkey that caused certain characters to be stripped\n from JavaScript code. This flaw could allow malicious JavaScript to bypass\n or evade script filters. (CVE-2008-4065, CVE-2008-4066)\n \n All SeaMonkey users should upgrade to these updated packages, which contain\n backported patches to resolve these issues.\";\n\ntag_affected = \"seamonkey on Red Hat Enterprise Linux AS (Advanced Server) version 2.1,\n Red Hat Enterprise Linux ES version 2.1,\n Red Hat Enterprise Linux WS version 2.1,\n Red Hat Enterprise Linux AS version 3,\n Red Hat Enterprise Linux ES version 3,\n Red Hat Enterprise Linux WS version 3,\n Red Hat Enterprise Linux AS version 4,\n Red Hat Enterprise Linux ES version 4,\n Red Hat Enterprise Linux WS version 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2008-September/msg00012.html\");\n script_id(870142);\n script_version(\"$Revision: 6683 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:41:57 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-06 07:30:35 +0100 (Fri, 06 Mar 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"RHSA\", value: \"2008:0882-01\");\n script_cve_id(\"CVE-2008-0016\", \"CVE-2008-3835\", \"CVE-2008-3837\", \"CVE-2008-4058\", \"CVE-2008-4059\", \"CVE-2008-4060\", \"CVE-2008-4061\", \"CVE-2008-4062\", \"CVE-2008-4065\", \"CVE-2008-4066\", \"CVE-2008-4067\", \"CVE-2008-4068\", \"CVE-2008-4069\");\n script_name( \"RedHat Update for seamonkey RHSA-2008:0882-01\");\n\n script_summary(\"Check for the Version of seamonkey\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_2.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"seamonkey\", rpm:\"seamonkey~1.0.9~0.20.el2\", rls:\"RHENT_2.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-chat\", rpm:\"seamonkey-chat~1.0.9~0.20.el2\", rls:\"RHENT_2.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-devel\", rpm:\"seamonkey-devel~1.0.9~0.20.el2\", rls:\"RHENT_2.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-dom-inspector\", rpm:\"seamonkey-dom-inspector~1.0.9~0.20.el2\", rls:\"RHENT_2.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-js-debugger\", rpm:\"seamonkey-js-debugger~1.0.9~0.20.el2\", rls:\"RHENT_2.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-mail\", rpm:\"seamonkey-mail~1.0.9~0.20.el2\", rls:\"RHENT_2.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nspr\", rpm:\"seamonkey-nspr~1.0.9~0.20.el2\", rls:\"RHENT_2.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nspr-devel\", rpm:\"seamonkey-nspr-devel~1.0.9~0.20.el2\", rls:\"RHENT_2.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nss\", rpm:\"seamonkey-nss~1.0.9~0.20.el2\", rls:\"RHENT_2.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nss-devel\", rpm:\"seamonkey-nss-devel~1.0.9~0.20.el2\", rls:\"RHENT_2.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"RHENT_4\")\n{\n\n if ((res = isrpmvuln(pkg:\"devhelp\", rpm:\"devhelp~0.10~0.10.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"devhelp-debuginfo\", rpm:\"devhelp-debuginfo~0.10~0.10.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"devhelp-devel\", rpm:\"devhelp-devel~0.10~0.10.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey\", rpm:\"seamonkey~1.0.9~26.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-chat\", rpm:\"seamonkey-chat~1.0.9~26.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-debuginfo\", rpm:\"seamonkey-debuginfo~1.0.9~26.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-devel\", rpm:\"seamonkey-devel~1.0.9~26.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-dom-inspector\", rpm:\"seamonkey-dom-inspector~1.0.9~26.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-js-debugger\", rpm:\"seamonkey-js-debugger~1.0.9~26.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-mail\", rpm:\"seamonkey-mail~1.0.9~26.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"RHENT_3\")\n{\n\n if ((res = isrpmvuln(pkg:\"seamonkey\", rpm:\"seamonkey~1.0.9~0.24.el3\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-chat\", rpm:\"seamonkey-chat~1.0.9~0.24.el3\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-debuginfo\", rpm:\"seamonkey-debuginfo~1.0.9~0.24.el3\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-devel\", rpm:\"seamonkey-devel~1.0.9~0.24.el3\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-dom-inspector\", rpm:\"seamonkey-dom-inspector~1.0.9~0.24.el3\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-js-debugger\", rpm:\"seamonkey-js-debugger~1.0.9~0.24.el3\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-mail\", rpm:\"seamonkey-mail~1.0.9~0.24.el3\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nspr\", rpm:\"seamonkey-nspr~1.0.9~0.24.el3\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nspr-devel\", rpm:\"seamonkey-nspr-devel~1.0.9~0.24.el3\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nss\", rpm:\"seamonkey-nss~1.0.9~0.24.el3\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nss-devel\", rpm:\"seamonkey-nss-devel~1.0.9~0.24.el3\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:56:47", "bulletinFamily": "scanner", "description": "Check for the Version of seamonkey", "modified": "2017-07-10T00:00:00", "published": "2009-02-17T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=860002", "id": "OPENVAS:860002", "title": "Fedora Update for seamonkey FEDORA-2008-8401", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for seamonkey FEDORA-2008-8401\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"seamonkey on Fedora 8\";\ntag_insight = \"SeaMonkey is an all-in-one Internet application suite. It includes\n a browser, mail/news client, IRC client, JavaScript debugger, and\n a tool to inspect the DOM for web pages. It is derived from the\n application formerly known as Mozilla Application Suite.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01384.html\");\n script_id(860002);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-17 17:05:11 +0100 (Tue, 17 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2008-8401\");\n script_cve_id(\"CVE-2008-0016\", \"CVE-2008-4058\", \"CVE-2008-4059\", \"CVE-2008-4060\", \"CVE-2008-4061\", \"CVE-2008-4062\", \"CVE-2008-3835\", \"CVE-2008-4067\", \"CVE-2008-4068\", \"CVE-2008-4069\", \"CVE-2008-3837\", \"CVE-2008-4065\", \"CVE-2008-4066\");\n script_name( \"Fedora Update for seamonkey FEDORA-2008-8401\");\n\n script_summary(\"Check for the Version of seamonkey\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC8\")\n{\n\n if ((res = isrpmvuln(pkg:\"seamonkey\", rpm:\"seamonkey~1.1.12~1.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:56:36", "bulletinFamily": "scanner", "description": "Check for the Version of seamonkey", "modified": "2017-07-10T00:00:00", "published": "2009-02-17T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=860814", "id": "OPENVAS:860814", "title": "Fedora Update for seamonkey FEDORA-2008-8429", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for seamonkey FEDORA-2008-8429\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"seamonkey on Fedora 9\";\ntag_insight = \"SeaMonkey is an all-in-one Internet application suite. It includes\n a browser, mail/news client, IRC client, JavaScript debugger, and\n a tool to inspect the DOM for web pages. It is derived from the\n application formerly known as Mozilla Application Suite.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01403.html\");\n script_id(860814);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-17 17:05:11 +0100 (Tue, 17 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2008-8429\");\n script_cve_id(\"CVE-2008-0016\", \"CVE-2008-4058\", \"CVE-2008-4059\", \"CVE-2008-4060\", \"CVE-2008-4061\", \"CVE-2008-4062\", \"CVE-2008-3835\", \"CVE-2008-4067\", \"CVE-2008-4068\", \"CVE-2008-4069\", \"CVE-2008-3837\", \"CVE-2008-4065\", \"CVE-2008-4066\");\n script_name( \"Fedora Update for seamonkey FEDORA-2008-8429\");\n\n script_summary(\"Check for the Version of seamonkey\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC9\")\n{\n\n if ((res = isrpmvuln(pkg:\"seamonkey\", rpm:\"seamonkey~1.1.12~1.fc9\", rls:\"FC9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2019-02-21T01:17:07", "bulletinFamily": "scanner", "description": "Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code as the user running SeaMonkey.\n(CVE-2008-0016, CVE-2008-4058, CVE-2008-4059, CVE-2008-4060, CVE-2008-4061, CVE-2008-4062)\n\nSeveral flaws were found in the way malformed web content was displayed. A web page containing specially crafted content could potentially trick a SeaMonkey user into surrendering sensitive information. (CVE-2008-3835, CVE-2008-4067, CVE-2008-4068, CVE-2008-4069)\n\nA flaw was found in the way SeaMonkey handles mouse click events. A web page containing specially crafted JavaScript code could move the content window while a mouse-button was pressed, causing any item under the pointer to be dragged. This could, potentially, cause the user to perform an unsafe drag-and-drop action. (CVE-2008-3837)\n\nA flaw was found in SeaMonkey that caused certain characters to be stripped from JavaScript code. This flaw could allow malicious JavaScript to bypass or evade script filters. (CVE-2008-4065, CVE-2008-4066)", "modified": "2019-01-07T00:00:00", "id": "SL_20080923_SEAMONKEY_ON_SL3_X.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=60476", "published": "2012-08-01T00:00:00", "title": "Scientific Linux Security Update : seamonkey on SL3.x, SL4.x i386/x86_64", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(60476);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2019/01/07 9:52:18\");\n\n script_cve_id(\"CVE-2008-0016\", \"CVE-2008-3835\", \"CVE-2008-3837\", \"CVE-2008-4058\", \"CVE-2008-4059\", \"CVE-2008-4060\", \"CVE-2008-4061\", \"CVE-2008-4062\", \"CVE-2008-4065\", \"CVE-2008-4066\", \"CVE-2008-4067\", \"CVE-2008-4068\", \"CVE-2008-4069\");\n\n script_name(english:\"Scientific Linux Security Update : seamonkey on SL3.x, SL4.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause SeaMonkey to crash\nor, potentially, execute arbitrary code as the user running SeaMonkey.\n(CVE-2008-0016, CVE-2008-4058, CVE-2008-4059, CVE-2008-4060,\nCVE-2008-4061, CVE-2008-4062)\n\nSeveral flaws were found in the way malformed web content was\ndisplayed. A web page containing specially crafted content could\npotentially trick a SeaMonkey user into surrendering sensitive\ninformation. (CVE-2008-3835, CVE-2008-4067, CVE-2008-4068,\nCVE-2008-4069)\n\nA flaw was found in the way SeaMonkey handles mouse click events. A\nweb page containing specially crafted JavaScript code could move the\ncontent window while a mouse-button was pressed, causing any item\nunder the pointer to be dragged. This could, potentially, cause the\nuser to perform an unsafe drag-and-drop action. (CVE-2008-3837)\n\nA flaw was found in SeaMonkey that caused certain characters to be\nstripped from JavaScript code. This flaw could allow malicious\nJavaScript to bypass or evade script filters. (CVE-2008-4065,\nCVE-2008-4066)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind0809&L=scientific-linux-errata&T=0&P=922\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?40fff54c\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(22, 79, 119, 189, 200, 264, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/09/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL3\", reference:\"seamonkey-1.0.9-0.24.el3\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"seamonkey-chat-1.0.9-0.24.el3\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"seamonkey-devel-1.0.9-0.24.el3\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"seamonkey-dom-inspector-1.0.9-0.24.el3\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"seamonkey-js-debugger-1.0.9-0.24.el3\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"seamonkey-mail-1.0.9-0.24.el3\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"seamonkey-nspr-1.0.9-0.24.el3\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"seamonkey-nspr-devel-1.0.9-0.24.el3\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"seamonkey-nss-1.0.9-0.24.el3\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"seamonkey-nss-devel-1.0.9-0.24.el3\")) flag++;\n\nif (rpm_check(release:\"SL4\", reference:\"devhelp-0.10-0.10.el4\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"devhelp-devel-0.10-0.10.el4\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"seamonkey-1.0.9-26.el4\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"seamonkey-chat-1.0.9-26.el4\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"seamonkey-devel-1.0.9-26.el4\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"seamonkey-dom-inspector-1.0.9-26.el4\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"seamonkey-js-debugger-1.0.9-26.el4\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"seamonkey-mail-1.0.9-26.el4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:19:18", "bulletinFamily": "scanner", "description": "From Red Hat Security Advisory 2008:0882 :\n\nUpdated SeaMonkey packages that fix a security issues are now available for Red Hat Enterprise Linux 2.1, Red Hat Enterprise Linux 3 and Red Hat Enterprise Linux 4.\n\nThis update has been rated as having critical security impact by the Red Hat Security Response Team.\n\nSeaMonkey is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor.\n\nSeveral flaws were found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code as the user running SeaMonkey.\n(CVE-2008-0016, CVE-2008-4058, CVE-2008-4059, CVE-2008-4060, CVE-2008-4061, CVE-2008-4062)\n\nSeveral flaws were found in the way malformed web content was displayed. A web page containing specially crafted content could potentially trick a SeaMonkey user into surrendering sensitive information. (CVE-2008-3835, CVE-2008-4067, CVE-2008-4068, CVE-2008-4069)\n\nA flaw was found in the way SeaMonkey handles mouse click events. A web page containing specially crafted JavaScript code could move the content window while a mouse-button was pressed, causing any item under the pointer to be dragged. This could, potentially, cause the user to perform an unsafe drag-and-drop action. (CVE-2008-3837)\n\nA flaw was found in SeaMonkey that caused certain characters to be stripped from JavaScript code. This flaw could allow malicious JavaScript to bypass or evade script filters. (CVE-2008-4065, CVE-2008-4066)\n\nAll SeaMonkey users should upgrade to these updated packages, which contain backported patches to resolve these issues.", "modified": "2018-07-18T00:00:00", "id": "ORACLELINUX_ELSA-2008-0882.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=67745", "published": "2013-07-12T00:00:00", "title": "Oracle Linux 3 / 4 : seamonkey (ELSA-2008-0882)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2008:0882 and \n# Oracle Linux Security Advisory ELSA-2008-0882 respectively.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(67745);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2018/07/18 17:43:56\");\n\n script_cve_id(\"CVE-2008-0016\", \"CVE-2008-3835\", \"CVE-2008-3837\", \"CVE-2008-4058\", \"CVE-2008-4059\", \"CVE-2008-4060\", \"CVE-2008-4061\", \"CVE-2008-4062\", \"CVE-2008-4065\", \"CVE-2008-4066\", \"CVE-2008-4067\", \"CVE-2008-4068\", \"CVE-2008-4069\");\n script_bugtraq_id(31346);\n script_xref(name:\"RHSA\", value:\"2008:0882\");\n\n script_name(english:\"Oracle Linux 3 / 4 : seamonkey (ELSA-2008-0882)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2008:0882 :\n\nUpdated SeaMonkey packages that fix a security issues are now\navailable for Red Hat Enterprise Linux 2.1, Red Hat Enterprise Linux 3\nand Red Hat Enterprise Linux 4.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nSeaMonkey is an open source Web browser, advanced email and newsgroup\nclient, IRC chat client, and HTML editor.\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause SeaMonkey to crash\nor, potentially, execute arbitrary code as the user running SeaMonkey.\n(CVE-2008-0016, CVE-2008-4058, CVE-2008-4059, CVE-2008-4060,\nCVE-2008-4061, CVE-2008-4062)\n\nSeveral flaws were found in the way malformed web content was\ndisplayed. A web page containing specially crafted content could\npotentially trick a SeaMonkey user into surrendering sensitive\ninformation. (CVE-2008-3835, CVE-2008-4067, CVE-2008-4068,\nCVE-2008-4069)\n\nA flaw was found in the way SeaMonkey handles mouse click events. A\nweb page containing specially crafted JavaScript code could move the\ncontent window while a mouse-button was pressed, causing any item\nunder the pointer to be dragged. This could, potentially, cause the\nuser to perform an unsafe drag-and-drop action. (CVE-2008-3837)\n\nA flaw was found in SeaMonkey that caused certain characters to be\nstripped from JavaScript code. This flaw could allow malicious\nJavaScript to bypass or evade script filters. (CVE-2008-4065,\nCVE-2008-4066)\n\nAll SeaMonkey users should upgrade to these updated packages, which\ncontain backported patches to resolve these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2008-September/000739.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2008-September/000740.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected seamonkey packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(22, 79, 119, 189, 200, 264, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:devhelp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:devhelp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:seamonkey\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:seamonkey-chat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:seamonkey-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:seamonkey-dom-inspector\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:seamonkey-js-debugger\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:seamonkey-mail\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:seamonkey-nspr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:seamonkey-nspr-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:seamonkey-nss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:seamonkey-nss-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/09/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(3|4)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 3 / 4\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"seamonkey-1.0.9-0.24.0.1.el3\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"seamonkey-1.0.9-0.24.0.1.el3\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"seamonkey-chat-1.0.9-0.24.0.1.el3\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"seamonkey-chat-1.0.9-0.24.0.1.el3\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"seamonkey-devel-1.0.9-0.24.0.1.el3\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"seamonkey-devel-1.0.9-0.24.0.1.el3\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"seamonkey-dom-inspector-1.0.9-0.24.0.1.el3\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"seamonkey-dom-inspector-1.0.9-0.24.0.1.el3\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"seamonkey-js-debugger-1.0.9-0.24.0.1.el3\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"seamonkey-js-debugger-1.0.9-0.24.0.1.el3\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"seamonkey-mail-1.0.9-0.24.0.1.el3\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"seamonkey-mail-1.0.9-0.24.0.1.el3\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"seamonkey-nspr-1.0.9-0.24.0.1.el3\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"seamonkey-nspr-1.0.9-0.24.0.1.el3\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"seamonkey-nspr-devel-1.0.9-0.24.0.1.el3\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"seamonkey-nspr-devel-1.0.9-0.24.0.1.el3\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"seamonkey-nss-1.0.9-0.24.0.1.el3\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"seamonkey-nss-1.0.9-0.24.0.1.el3\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"seamonkey-nss-devel-1.0.9-0.24.0.1.el3\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"seamonkey-nss-devel-1.0.9-0.24.0.1.el3\")) flag++;\n\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"devhelp-0.10-0.10.el4\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"devhelp-0.10-0.10.el4\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"devhelp-devel-0.10-0.10.el4\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"devhelp-devel-0.10-0.10.el4\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"seamonkey-1.0.9-26.0.1.el4\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"seamonkey-chat-1.0.9-26.0.1.el4\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"seamonkey-devel-1.0.9-26.0.1.el4\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"seamonkey-dom-inspector-1.0.9-26.0.1.el4\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"seamonkey-js-debugger-1.0.9-26.0.1.el4\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"seamonkey-mail-1.0.9-26.0.1.el4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"devhelp / devhelp-devel / seamonkey / seamonkey-chat / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:11:12", "bulletinFamily": "scanner", "description": "Updated SeaMonkey packages that fix a security issues are now available for Red Hat Enterprise Linux 2.1, Red Hat Enterprise Linux 3 and Red Hat Enterprise Linux 4.\n\nThis update has been rated as having critical security impact by the Red Hat Security Response Team.\n\nSeaMonkey is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor.\n\nSeveral flaws were found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code as the user running SeaMonkey.\n(CVE-2008-0016, CVE-2008-4058, CVE-2008-4059, CVE-2008-4060, CVE-2008-4061, CVE-2008-4062)\n\nSeveral flaws were found in the way malformed web content was displayed. A web page containing specially crafted content could potentially trick a SeaMonkey user into surrendering sensitive information. (CVE-2008-3835, CVE-2008-4067, CVE-2008-4068, CVE-2008-4069)\n\nA flaw was found in the way SeaMonkey handles mouse click events. A web page containing specially crafted JavaScript code could move the content window while a mouse-button was pressed, causing any item under the pointer to be dragged. This could, potentially, cause the user to perform an unsafe drag-and-drop action. (CVE-2008-3837)\n\nA flaw was found in SeaMonkey that caused certain characters to be stripped from JavaScript code. This flaw could allow malicious JavaScript to bypass or evade script filters. (CVE-2008-4065, CVE-2008-4066)\n\nAll SeaMonkey users should upgrade to these updated packages, which contain backported patches to resolve these issues.", "modified": "2018-11-10T00:00:00", "id": "CENTOS_RHSA-2008-0882.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=34278", "published": "2008-09-25T00:00:00", "title": "CentOS 3 / 4 : seamonkey (CESA-2008:0882)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2008:0882 and \n# CentOS Errata and Security Advisory 2008:0882 respectively.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(34278);\n script_version(\"1.15\");\n script_cvs_date(\"Date: 2018/11/10 11:49:28\");\n\n script_cve_id(\"CVE-2008-0016\", \"CVE-2008-3835\", \"CVE-2008-3837\", \"CVE-2008-4058\", \"CVE-2008-4059\", \"CVE-2008-4060\", \"CVE-2008-4061\", \"CVE-2008-4062\", \"CVE-2008-4065\", \"CVE-2008-4066\", \"CVE-2008-4067\", \"CVE-2008-4068\", \"CVE-2008-4069\");\n script_bugtraq_id(31346);\n script_xref(name:\"RHSA\", value:\"2008:0882\");\n\n script_name(english:\"CentOS 3 / 4 : seamonkey (CESA-2008:0882)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated SeaMonkey packages that fix a security issues are now\navailable for Red Hat Enterprise Linux 2.1, Red Hat Enterprise Linux 3\nand Red Hat Enterprise Linux 4.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nSeaMonkey is an open source Web browser, advanced email and newsgroup\nclient, IRC chat client, and HTML editor.\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause SeaMonkey to crash\nor, potentially, execute arbitrary code as the user running SeaMonkey.\n(CVE-2008-0016, CVE-2008-4058, CVE-2008-4059, CVE-2008-4060,\nCVE-2008-4061, CVE-2008-4062)\n\nSeveral flaws were found in the way malformed web content was\ndisplayed. A web page containing specially crafted content could\npotentially trick a SeaMonkey user into surrendering sensitive\ninformation. (CVE-2008-3835, CVE-2008-4067, CVE-2008-4068,\nCVE-2008-4069)\n\nA flaw was found in the way SeaMonkey handles mouse click events. A\nweb page containing specially crafted JavaScript code could move the\ncontent window while a mouse-button was pressed, causing any item\nunder the pointer to be dragged. This could, potentially, cause the\nuser to perform an unsafe drag-and-drop action. (CVE-2008-3837)\n\nA flaw was found in SeaMonkey that caused certain characters to be\nstripped from JavaScript code. This flaw could allow malicious\nJavaScript to bypass or evade script filters. (CVE-2008-4065,\nCVE-2008-4066)\n\nAll SeaMonkey users should upgrade to these updated packages, which\ncontain backported patches to resolve these issues.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2008-September/015264.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?31101376\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2008-September/015265.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f7cb4e54\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2008-September/015268.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?fd27c1d8\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2008-September/015269.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2478c61e\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2008-September/015275.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?af977e1a\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2008-September/015276.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?aa184370\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected seamonkey packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(22, 79, 119, 189, 200, 264, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:seamonkey\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:seamonkey-chat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:seamonkey-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:seamonkey-dom-inspector\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:seamonkey-js-debugger\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:seamonkey-mail\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:seamonkey-nspr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:seamonkey-nspr-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:seamonkey-nss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:seamonkey-nss-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/09/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/09/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-3\", reference:\"seamonkey-1.0.9-0.24.el3.centos3\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"seamonkey-chat-1.0.9-0.24.el3.centos3\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"seamonkey-devel-1.0.9-0.24.el3.centos3\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"seamonkey-dom-inspector-1.0.9-0.24.el3.centos3\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"seamonkey-js-debugger-1.0.9-0.24.el3.centos3\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"seamonkey-mail-1.0.9-0.24.el3.centos3\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"seamonkey-nspr-1.0.9-0.24.el3.centos3\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"seamonkey-nspr-devel-1.0.9-0.24.el3.centos3\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"seamonkey-nss-1.0.9-0.24.el3.centos3\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"seamonkey-nss-devel-1.0.9-0.24.el3.centos3\")) flag++;\n\nif (rpm_check(release:\"CentOS-4\", reference:\"seamonkey-1.0.9-26.el4.centos\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"seamonkey-chat-1.0.9-26.el4.centos\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"seamonkey-devel-1.0.9-26.el4.centos\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"seamonkey-dom-inspector-1.0.9-26.el4.centos\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"seamonkey-js-debugger-1.0.9-26.el4.centos\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"seamonkey-mail-1.0.9-26.el4.centos\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:11:13", "bulletinFamily": "scanner", "description": "Updated seamonkey packages that fix several security issues are now available for Fedora 8 and Fedora 9. This update has been rated as having critical security impact by the Red Hat Security Response Team.\nSeaMonkey is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code as the user running SeaMonkey. (CVE-2008-0016, CVE-2008-4058, CVE-2008-4059, CVE-2008-4060, CVE-2008-4061, CVE-2008-4062) Several flaws were found in the way malformed web content was displayed. A web page containing specially crafted content could potentially trick a SeaMonkey user into surrendering sensitive information. (CVE-2008-3835, CVE-2008-4067, CVE-2008-4068, CVE-2008-4069) A flaw was found in the way SeaMonkey handles mouse click events. A web page containing specially crafted JavaScript code could move the content window while a mouse-button was pressed, causing any item under the pointer to be dragged. This could, potentially, cause the user to perform an unsafe drag-and-drop action.\n(CVE-2008-3837) A flaw was found in SeaMonkey that caused certain characters to be stripped from JavaScript code. This flaw could allow malicious JavaScript to bypass or evade script filters.\n(CVE-2008-4065, CVE-2008-4066) All SeaMonkey users should upgrade to these updated packages, which contain patches to resolve these issues.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2016-12-08T00:00:00", "id": "FEDORA_2008-8401.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=34307", "published": "2008-09-29T00:00:00", "title": "Fedora 8 : seamonkey-1.1.12-1.fc8 (2008-8401)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2008-8401.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(34307);\n script_version (\"$Revision: 1.13 $\");\n script_cvs_date(\"$Date: 2016/12/08 20:21:54 $\");\n\n script_cve_id(\"CVE-2008-0016\", \"CVE-2008-3835\", \"CVE-2008-3837\", \"CVE-2008-4058\", \"CVE-2008-4059\", \"CVE-2008-4060\", \"CVE-2008-4061\", \"CVE-2008-4062\", \"CVE-2008-4065\", \"CVE-2008-4066\", \"CVE-2008-4067\", \"CVE-2008-4068\", \"CVE-2008-4069\");\n script_xref(name:\"FEDORA\", value:\"2008-8401\");\n\n script_name(english:\"Fedora 8 : seamonkey-1.1.12-1.fc8 (2008-8401)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated seamonkey packages that fix several security issues are now\navailable for Fedora 8 and Fedora 9. This update has been rated as\nhaving critical security impact by the Red Hat Security Response Team.\nSeaMonkey is an open source Web browser, advanced email and newsgroup\nclient, IRC chat client, and HTML editor. Several flaws were found in\nthe processing of malformed web content. A web page containing\nmalicious content could cause SeaMonkey to crash or, potentially,\nexecute arbitrary code as the user running SeaMonkey. (CVE-2008-0016,\nCVE-2008-4058, CVE-2008-4059, CVE-2008-4060, CVE-2008-4061,\nCVE-2008-4062) Several flaws were found in the way malformed web\ncontent was displayed. A web page containing specially crafted content\ncould potentially trick a SeaMonkey user into surrendering sensitive\ninformation. (CVE-2008-3835, CVE-2008-4067, CVE-2008-4068,\nCVE-2008-4069) A flaw was found in the way SeaMonkey handles mouse\nclick events. A web page containing specially crafted JavaScript code\ncould move the content window while a mouse-button was pressed,\ncausing any item under the pointer to be dragged. This could,\npotentially, cause the user to perform an unsafe drag-and-drop action.\n(CVE-2008-3837) A flaw was found in SeaMonkey that caused certain\ncharacters to be stripped from JavaScript code. This flaw could allow\nmalicious JavaScript to bypass or evade script filters.\n(CVE-2008-4065, CVE-2008-4066) All SeaMonkey users should upgrade to\nthese updated packages, which contain patches to resolve these issues.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-September/014915.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?bafd2623\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected seamonkey package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(22, 79, 119, 189, 200, 264, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:seamonkey\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:8\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/09/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/09/29\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 8.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC8\", reference:\"seamonkey-1.1.12-1.fc8\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"seamonkey\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:11:12", "bulletinFamily": "scanner", "description": "Updated SeaMonkey packages that fix a security issues are now available for Red Hat Enterprise Linux 2.1, Red Hat Enterprise Linux 3 and Red Hat Enterprise Linux 4.\n\nThis update has been rated as having critical security impact by the Red Hat Security Response Team.\n\nSeaMonkey is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor.\n\nSeveral flaws were found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code as the user running SeaMonkey.\n(CVE-2008-0016, CVE-2008-4058, CVE-2008-4059, CVE-2008-4060, CVE-2008-4061, CVE-2008-4062)\n\nSeveral flaws were found in the way malformed web content was displayed. A web page containing specially crafted content could potentially trick a SeaMonkey user into surrendering sensitive information. (CVE-2008-3835, CVE-2008-4067, CVE-2008-4068, CVE-2008-4069)\n\nA flaw was found in the way SeaMonkey handles mouse click events. A web page containing specially crafted JavaScript code could move the content window while a mouse-button was pressed, causing any item under the pointer to be dragged. This could, potentially, cause the user to perform an unsafe drag-and-drop action. (CVE-2008-3837)\n\nA flaw was found in SeaMonkey that caused certain characters to be stripped from JavaScript code. This flaw could allow malicious JavaScript to bypass or evade script filters. (CVE-2008-4065, CVE-2008-4066)\n\nAll SeaMonkey users should upgrade to these updated packages, which contain backported patches to resolve these issues.", "modified": "2018-11-27T00:00:00", "id": "REDHAT-RHSA-2008-0882.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=34275", "published": "2008-09-24T00:00:00", "title": "RHEL 2.1 / 3 / 4 : seamonkey (RHSA-2008:0882)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2008:0882. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(34275);\n script_version (\"1.23\");\n script_cvs_date(\"Date: 2018/11/27 13:31:32\");\n\n script_cve_id(\"CVE-2008-0016\", \"CVE-2008-3835\", \"CVE-2008-3837\", \"CVE-2008-4058\", \"CVE-2008-4059\", \"CVE-2008-4060\", \"CVE-2008-4061\", \"CVE-2008-4062\", \"CVE-2008-4065\", \"CVE-2008-4066\", \"CVE-2008-4067\", \"CVE-2008-4068\", \"CVE-2008-4069\");\n script_bugtraq_id(31346);\n script_xref(name:\"RHSA\", value:\"2008:0882\");\n\n script_name(english:\"RHEL 2.1 / 3 / 4 : seamonkey (RHSA-2008:0882)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated SeaMonkey packages that fix a security issues are now\navailable for Red Hat Enterprise Linux 2.1, Red Hat Enterprise Linux 3\nand Red Hat Enterprise Linux 4.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nSeaMonkey is an open source Web browser, advanced email and newsgroup\nclient, IRC chat client, and HTML editor.\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause SeaMonkey to crash\nor, potentially, execute arbitrary code as the user running SeaMonkey.\n(CVE-2008-0016, CVE-2008-4058, CVE-2008-4059, CVE-2008-4060,\nCVE-2008-4061, CVE-2008-4062)\n\nSeveral flaws were found in the way malformed web content was\ndisplayed. A web page containing specially crafted content could\npotentially trick a SeaMonkey user into surrendering sensitive\ninformation. (CVE-2008-3835, CVE-2008-4067, CVE-2008-4068,\nCVE-2008-4069)\n\nA flaw was found in the way SeaMonkey handles mouse click events. A\nweb page containing specially crafted JavaScript code could move the\ncontent window while a mouse-button was pressed, causing any item\nunder the pointer to be dragged. This could, potentially, cause the\nuser to perform an unsafe drag-and-drop action. (CVE-2008-3837)\n\nA flaw was found in SeaMonkey that caused certain characters to be\nstripped from JavaScript code. This flaw could allow malicious\nJavaScript to bypass or evade script filters. (CVE-2008-4065,\nCVE-2008-4066)\n\nAll SeaMonkey users should upgrade to these updated packages, which\ncontain backported patches to resolve these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-0016\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-3835\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-3837\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-4058\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-4059\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-4060\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-4061\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-4062\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-4065\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-4066\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-4067\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-4068\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-4069\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2008:0882\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(22, 79, 119, 189, 200, 264, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:devhelp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:devhelp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:seamonkey\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:seamonkey-chat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:seamonkey-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:seamonkey-dom-inspector\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:seamonkey-js-debugger\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:seamonkey-mail\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:seamonkey-nspr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:seamonkey-nspr-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:seamonkey-nss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:seamonkey-nss-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:2.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4.7\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/09/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/09/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(2\\.1|3|4)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 2.1 / 3.x / 4.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2008:0882\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"seamonkey-1.0.9-0.20.el2\")) flag++;\n\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"seamonkey-chat-1.0.9-0.20.el2\")) flag++;\n\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"seamonkey-devel-1.0.9-0.20.el2\")) flag++;\n\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"seamonkey-dom-inspector-1.0.9-0.20.el2\")) flag++;\n\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"seamonkey-js-debugger-1.0.9-0.20.el2\")) flag++;\n\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"seamonkey-mail-1.0.9-0.20.el2\")) flag++;\n\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"seamonkey-nspr-1.0.9-0.20.el2\")) flag++;\n\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"seamonkey-nspr-devel-1.0.9-0.20.el2\")) flag++;\n\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"seamonkey-nss-1.0.9-0.20.el2\")) flag++;\n\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"seamonkey-nss-devel-1.0.9-0.20.el2\")) flag++;\n\n\n if (rpm_check(release:\"RHEL3\", reference:\"seamonkey-1.0.9-0.24.el3\")) flag++;\n\n if (rpm_check(release:\"RHEL3\", reference:\"seamonkey-chat-1.0.9-0.24.el3\")) flag++;\n\n if (rpm_check(release:\"RHEL3\", reference:\"seamonkey-devel-1.0.9-0.24.el3\")) flag++;\n\n if (rpm_check(release:\"RHEL3\", reference:\"seamonkey-dom-inspector-1.0.9-0.24.el3\")) flag++;\n\n if (rpm_check(release:\"RHEL3\", reference:\"seamonkey-js-debugger-1.0.9-0.24.el3\")) flag++;\n\n if (rpm_check(release:\"RHEL3\", reference:\"seamonkey-mail-1.0.9-0.24.el3\")) flag++;\n\n if (rpm_check(release:\"RHEL3\", reference:\"seamonkey-nspr-1.0.9-0.24.el3\")) flag++;\n\n if (rpm_check(release:\"RHEL3\", reference:\"seamonkey-nspr-devel-1.0.9-0.24.el3\")) flag++;\n\n if (rpm_check(release:\"RHEL3\", reference:\"seamonkey-nss-1.0.9-0.24.el3\")) flag++;\n\n if (rpm_check(release:\"RHEL3\", reference:\"seamonkey-nss-devel-1.0.9-0.24.el3\")) flag++;\n\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"devhelp-0.10-0.10.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"devhelp-0.10-0.10.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"devhelp-devel-0.10-0.10.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"devhelp-devel-0.10-0.10.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"seamonkey-1.0.9-26.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"seamonkey-chat-1.0.9-26.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"seamonkey-devel-1.0.9-26.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"seamonkey-dom-inspector-1.0.9-26.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"seamonkey-js-debugger-1.0.9-26.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"seamonkey-mail-1.0.9-26.el4\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"devhelp / devhelp-devel / seamonkey / seamonkey-chat / etc\");\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:11:13", "bulletinFamily": "scanner", "description": "Updated seamonkey packages that fix several security issues are now available for Fedora 8 and Fedora 9. This update has been rated as having critical security impact by the Red Hat Security Response Team.\nSeaMonkey is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code as the user running SeaMonkey. (CVE-2008-0016, CVE-2008-4058, CVE-2008-4059, CVE-2008-4060, CVE-2008-4061, CVE-2008-4062) Several flaws were found in the way malformed web content was displayed. A web page containing specially crafted content could potentially trick a SeaMonkey user into surrendering sensitive information. (CVE-2008-3835, CVE-2008-4067, CVE-2008-4068, CVE-2008-4069) A flaw was found in the way SeaMonkey handles mouse click events. A web page containing specially crafted JavaScript code could move the content window while a mouse-button was pressed, causing any item under the pointer to be dragged. This could, potentially, cause the user to perform an unsafe drag-and-drop action.\n(CVE-2008-3837) A flaw was found in SeaMonkey that caused certain characters to be stripped from JavaScript code. This flaw could allow malicious JavaScript to bypass or evade script filters.\n(CVE-2008-4065, CVE-2008-4066) All SeaMonkey users should upgrade to these updated packages, which contain patches to resolve these issues.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2016-12-08T00:00:00", "id": "FEDORA_2008-8429.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=34309", "published": "2008-09-29T00:00:00", "title": "Fedora 9 : seamonkey-1.1.12-1.fc9 (2008-8429)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2008-8429.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(34309);\n script_version (\"$Revision: 1.13 $\");\n script_cvs_date(\"$Date: 2016/12/08 20:21:54 $\");\n\n script_cve_id(\"CVE-2008-0016\", \"CVE-2008-3835\", \"CVE-2008-3837\", \"CVE-2008-4058\", \"CVE-2008-4059\", \"CVE-2008-4060\", \"CVE-2008-4061\", \"CVE-2008-4062\", \"CVE-2008-4065\", \"CVE-2008-4066\", \"CVE-2008-4067\", \"CVE-2008-4068\", \"CVE-2008-4069\");\n script_xref(name:\"FEDORA\", value:\"2008-8429\");\n\n script_name(english:\"Fedora 9 : seamonkey-1.1.12-1.fc9 (2008-8429)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated seamonkey packages that fix several security issues are now\navailable for Fedora 8 and Fedora 9. This update has been rated as\nhaving critical security impact by the Red Hat Security Response Team.\nSeaMonkey is an open source Web browser, advanced email and newsgroup\nclient, IRC chat client, and HTML editor. Several flaws were found in\nthe processing of malformed web content. A web page containing\nmalicious content could cause SeaMonkey to crash or, potentially,\nexecute arbitrary code as the user running SeaMonkey. (CVE-2008-0016,\nCVE-2008-4058, CVE-2008-4059, CVE-2008-4060, CVE-2008-4061,\nCVE-2008-4062) Several flaws were found in the way malformed web\ncontent was displayed. A web page containing specially crafted content\ncould potentially trick a SeaMonkey user into surrendering sensitive\ninformation. (CVE-2008-3835, CVE-2008-4067, CVE-2008-4068,\nCVE-2008-4069) A flaw was found in the way SeaMonkey handles mouse\nclick events. A web page containing specially crafted JavaScript code\ncould move the content window while a mouse-button was pressed,\ncausing any item under the pointer to be dragged. This could,\npotentially, cause the user to perform an unsafe drag-and-drop action.\n(CVE-2008-3837) A flaw was found in SeaMonkey that caused certain\ncharacters to be stripped from JavaScript code. This flaw could allow\nmalicious JavaScript to bypass or evade script filters.\n(CVE-2008-4065, CVE-2008-4066) All SeaMonkey users should upgrade to\nthese updated packages, which contain patches to resolve these issues.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-September/014934.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6cec37da\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected seamonkey package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(22, 79, 119, 189, 200, 264, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:seamonkey\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:9\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/09/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/09/29\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^9([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 9.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC9\", reference:\"seamonkey-1.1.12-1.fc9\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"seamonkey\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:19:18", "bulletinFamily": "scanner", "description": "From Red Hat Security Advisory 2008:0908 :\n\nUpdated thunderbird packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5.\n\nThis update has been rated as having moderate security impact by the Red Hat Security Response Team.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code as the user running Thunderbird. (CVE-2008-0016, CVE-2008-4058, CVE-2008-4059, CVE-2008-4060, CVE-2008-4061, CVE-2008-4062)\n\nSeveral flaws were found in the way malformed HTML mail content was displayed. An HTML mail message containing specially crafted content could potentially trick a Thunderbird user into surrendering sensitive information. (CVE-2008-3835, CVE-2008-4067, CVE-2008-4068)\n\nA flaw was found in Thunderbird that caused certain characters to be stripped from JavaScript code. This flaw could allow malicious JavaScript to bypass or evade script filters. (CVE-2008-4065, CVE-2008-4066)\n\nNote: JavaScript support is disabled by default in Thunderbird; the above issue is not exploitable unless JavaScript is enabled.\n\nA heap based buffer overflow flaw was found in the handling of cancelled newsgroup messages. If the user cancels a specially crafted newsgroup message it could cause Thunderbird to crash or, potentially, execute arbitrary code as the user running Thunderbird.\n(CVE-2008-4070)\n\nAll Thunderbird users should upgrade to these updated packages, which resolve these issues.", "modified": "2018-08-13T00:00:00", "id": "ORACLELINUX_ELSA-2008-0908.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=67754", "published": "2013-07-12T00:00:00", "title": "Oracle Linux 4 : thunderbird (ELSA-2008-0908)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2008:0908 and \n# Oracle Linux Security Advisory ELSA-2008-0908 respectively.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(67754);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2018/08/13 14:32:37\");\n\n script_cve_id(\"CVE-2008-0016\", \"CVE-2008-3835\", \"CVE-2008-4058\", \"CVE-2008-4059\", \"CVE-2008-4060\", \"CVE-2008-4061\", \"CVE-2008-4062\", \"CVE-2008-4065\", \"CVE-2008-4066\", \"CVE-2008-4067\", \"CVE-2008-4068\", \"CVE-2008-4070\");\n script_xref(name:\"RHSA\", value:\"2008:0908\");\n\n script_name(english:\"Oracle Linux 4 : thunderbird (ELSA-2008-0908)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2008:0908 :\n\nUpdated thunderbird packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 4 and 5.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the processing of malformed HTML mail\ncontent. An HTML mail message containing malicious content could cause\nThunderbird to crash or, potentially, execute arbitrary code as the\nuser running Thunderbird. (CVE-2008-0016, CVE-2008-4058,\nCVE-2008-4059, CVE-2008-4060, CVE-2008-4061, CVE-2008-4062)\n\nSeveral flaws were found in the way malformed HTML mail content was\ndisplayed. An HTML mail message containing specially crafted content\ncould potentially trick a Thunderbird user into surrendering sensitive\ninformation. (CVE-2008-3835, CVE-2008-4067, CVE-2008-4068)\n\nA flaw was found in Thunderbird that caused certain characters to be\nstripped from JavaScript code. This flaw could allow malicious\nJavaScript to bypass or evade script filters. (CVE-2008-4065,\nCVE-2008-4066)\n\nNote: JavaScript support is disabled by default in Thunderbird; the\nabove issue is not exploitable unless JavaScript is enabled.\n\nA heap based buffer overflow flaw was found in the handling of\ncancelled newsgroup messages. If the user cancels a specially crafted\nnewsgroup message it could cause Thunderbird to crash or, potentially,\nexecute arbitrary code as the user running Thunderbird.\n(CVE-2008-4070)\n\nAll Thunderbird users should upgrade to these updated packages, which\nresolve these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2008-October/000748.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected thunderbird package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(22, 79, 119, 189, 264, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/10/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 4\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL4\", reference:\"thunderbird-1.5.0.12-16.0.1.el4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"thunderbird\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:11:45", "bulletinFamily": "scanner", "description": "A number of security vulnerabilities have been discovered and corrected in the latest Mozilla Thunderbird program, version 2.0.0.17 (CVE-2008-0016, CVE-2008-3835, CVE-2008-4058, CVE-2008-4059, CVE-2008-4060, CVE-2008-4061, CVE-2008-4062, CVE-2008-4065, CVE-2008-4066, CVE-2008-4067, CVE-2008-4068, CVE-2008-4070).\n\nThis update provides the latest Thunderbird to correct these issues.", "modified": "2018-11-15T00:00:00", "id": "MANDRIVA_MDVSA-2008-206.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=37308", "published": "2009-04-23T00:00:00", "title": "Mandriva Linux Security Advisory : mozilla-thunderbird (MDVSA-2008:206)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2008:206. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(37308);\n script_version (\"1.14\");\n script_cvs_date(\"Date: 2018/11/15 20:50:22\");\n\n script_cve_id(\"CVE-2008-0016\", \"CVE-2008-3835\", \"CVE-2008-4058\", \"CVE-2008-4059\", \"CVE-2008-4060\", \"CVE-2008-4061\", \"CVE-2008-4062\", \"CVE-2008-4065\", \"CVE-2008-4066\", \"CVE-2008-4067\", \"CVE-2008-4068\", \"CVE-2008-4070\");\n script_xref(name:\"MDVSA\", value:\"2008:206\");\n\n script_name(english:\"Mandriva Linux Security Advisory : mozilla-thunderbird (MDVSA-2008:206)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A number of security vulnerabilities have been discovered and\ncorrected in the latest Mozilla Thunderbird program, version 2.0.0.17\n(CVE-2008-0016, CVE-2008-3835, CVE-2008-4058, CVE-2008-4059,\nCVE-2008-4060, CVE-2008-4061, CVE-2008-4062, CVE-2008-4065,\nCVE-2008-4066, CVE-2008-4067, CVE-2008-4068, CVE-2008-4070).\n\nThis update provides the latest Thunderbird to correct these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2008/mfsa2008-37.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2008/mfsa2008-38.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2008/mfsa2008-41.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2008/mfsa2008-42.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2008/mfsa2008-43.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2008/mfsa2008-44.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2008-46/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(22, 79, 119, 189, 264, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-af\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-be\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-bg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-ca\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-cs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-da\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-de\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-en_GB\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-ar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-ca\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-cs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-de\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-es\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-es_AR\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-fi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-fr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-hu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-it\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-ja\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-ko\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-nb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-nl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-pl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-pt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-pt_BR\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-ro\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-ru\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-sk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-sl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-sv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-tr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-zh_CN\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-zh_TW\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-es_AR\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-es_ES\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-et_EE\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-eu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-fi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-fr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-gu_IN\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-he\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-hu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-it\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-ja\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-ko\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-lt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-mk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-moztraybiff\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-nb_NO\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-nl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-nn_NO\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-pa_IN\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-pl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-pt_BR\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-pt_PT\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-ru\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-sk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-sl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-sv_SE\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-tr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-uk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-zh_CN\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-zh_TW\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:nsinstall\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2008.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2008.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/09/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/04/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-thunderbird-2.0.0.17-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-thunderbird-af-2.0.0.17-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-thunderbird-be-2.0.0.17-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-thunderbird-bg-2.0.0.17-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-thunderbird-ca-2.0.0.17-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-thunderbird-cs-2.0.0.17-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-thunderbird-da-2.0.0.17-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-thunderbird-de-2.0.0.17-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-thunderbird-devel-2.0.0.17-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-thunderbird-el-2.0.0.17-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-thunderbird-en_GB-2.0.0.17-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-thunderbird-enigmail-2.0.0.17-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-thunderbird-enigmail-ar-2.0.0.17-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-thunderbird-enigmail-ca-2.0.0.17-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-thunderbird-enigmail-cs-2.0.0.17-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-thunderbird-enigmail-de-2.0.0.17-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-thunderbird-enigmail-el-2.0.0.17-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-thunderbird-enigmail-es-2.0.0.17-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-thunderbird-enigmail-es_AR-2.0.0.17-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-thunderbird-enigmail-fi-2.0.0.17-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-thunderbird-enigmail-fr-2.0.0.17-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-thunderbird-enigmail-hu-2.0.0.17-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-thunderbird-enigmail-it-2.0.0.17-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-thunderbird-enigmail-ja-2.0.0.17-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-thunderbird-enigmail-ko-2.0.0.17-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-thunderbird-enigmail-nb-2.0.0.17-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-thunderbird-enigmail-nl-2.0.0.17-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-thunderbird-enigmail-pl-2.0.0.17-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-thunderbird-enigmail-pt-2.0.0.17-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-thunderbird-enigmail-pt_BR-2.0.0.17-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-thunderbird-enigmail-ro-2.0.0.17-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-thunderbird-enigmail-ru-2.0.0.17-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-thunderbird-enigmail-sk-2.0.0.17-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-thunderbird-enigmail-sl-2.0.0.17-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-thunderbird-enigmail-sv-2.0.0.17-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-thunderbird-enigmail-tr-2.0.0.17-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-thunderbird-enigmail-zh_CN-2.0.0.17-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-thunderbird-enigmail-zh_TW-2.0.0.17-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-thunderbird-es_AR-2.0.0.17-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-thunderbird-es_ES-2.0.0.17-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-thunderbird-et_EE-2.0.0.17-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-thunderbird-eu-2.0.0.17-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-thunderbird-fi-2.0.0.17-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-thunderbird-fr-2.0.0.17-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-thunderbird-gu_IN-2.0.0.17-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-thunderbird-he-2.0.0.17-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-thunderbird-hu-2.0.0.17-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-thunderbird-it-2.0.0.17-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-thunderbird-ja-2.0.0.17-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-thunderbird-ko-2.0.0.17-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-thunderbird-lt-2.0.0.17-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-thunderbird-mk-2.0.0.17-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-thunderbird-moztraybiff-1.2.3-4.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-thunderbird-nb_NO-2.0.0.17-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-thunderbird-nl-2.0.0.17-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-thunderbird-nn_NO-2.0.0.17-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-thunderbird-pa_IN-2.0.0.17-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-thunderbird-pl-2.0.0.17-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-thunderbird-pt_BR-2.0.0.17-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-thunderbird-pt_PT-2.0.0.17-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-thunderbird-ru-2.0.0.17-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-thunderbird-sk-2.0.0.17-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-thunderbird-sl-2.0.0.17-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-thunderbird-sv_SE-2.0.0.17-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-thunderbird-tr-2.0.0.17-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-thunderbird-uk-2.0.0.17-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-thunderbird-zh_CN-2.0.0.17-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-thunderbird-zh_TW-2.0.0.17-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"nsinstall-2.0.0.17-1.1mdv2008.0\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-thunderbird-2.0.0.17-1.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-thunderbird-af-2.0.0.17-1.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-thunderbird-be-2.0.0.17-1.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-thunderbird-bg-2.0.0.17-1.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-thunderbird-ca-2.0.0.17-1.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-thunderbird-cs-2.0.0.17-1.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-thunderbird-da-2.0.0.17-1.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-thunderbird-de-2.0.0.17-1.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-thunderbird-devel-2.0.0.17-1.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-thunderbird-el-2.0.0.17-1.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-thunderbird-en_GB-2.0.0.17-1.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-thunderbird-enigmail-2.0.0.17-1.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-thunderbird-enigmail-ar-2.0.0.17-1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-thunderbird-enigmail-ca-2.0.0.17-1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-thunderbird-enigmail-cs-2.0.0.17-1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-thunderbird-enigmail-de-2.0.0.17-1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-thunderbird-enigmail-el-2.0.0.17-1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-thunderbird-enigmail-es-2.0.0.17-1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-thunderbird-enigmail-es_AR-2.0.0.17-1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-thunderbird-enigmail-fi-2.0.0.17-1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-thunderbird-enigmail-fr-2.0.0.17-1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-thunderbird-enigmail-hu-2.0.0.17-1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-thunderbird-enigmail-it-2.0.0.17-1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-thunderbird-enigmail-ja-2.0.0.17-1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-thunderbird-enigmail-ko-2.0.0.17-1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-thunderbird-enigmail-nb-2.0.0.17-1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-thunderbird-enigmail-nl-2.0.0.17-1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-thunderbird-enigmail-pl-2.0.0.17-1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-thunderbird-enigmail-pt-2.0.0.17-1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-thunderbird-enigmail-pt_BR-2.0.0.17-1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-thunderbird-enigmail-ro-2.0.0.17-1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-thunderbird-enigmail-ru-2.0.0.17-1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-thunderbird-enigmail-sk-2.0.0.17-1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-thunderbird-enigmail-sl-2.0.0.17-1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-thunderbird-enigmail-sv-2.0.0.17-1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-thunderbird-enigmail-tr-2.0.0.17-1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-thunderbird-enigmail-zh_CN-2.0.0.17-1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-thunderbird-enigmail-zh_TW-2.0.0.17-1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-thunderbird-es_AR-2.0.0.17-1.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-thunderbird-es_ES-2.0.0.17-1.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-thunderbird-et_EE-2.0.0.17-1.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-thunderbird-eu-2.0.0.17-1.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-thunderbird-fi-2.0.0.17-1.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-thunderbird-fr-2.0.0.17-1.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-thunderbird-gu_IN-2.0.0.17-1.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-thunderbird-he-2.0.0.17-1.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-thunderbird-hu-2.0.0.17-1.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-thunderbird-it-2.0.0.17-1.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-thunderbird-ja-2.0.0.17-1.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-thunderbird-ko-2.0.0.17-1.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-thunderbird-lt-2.0.0.17-1.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-thunderbird-mk-2.0.0.17-1.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-thunderbird-moztraybiff-1.2.3-4.2mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-thunderbird-nb_NO-2.0.0.17-1.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-thunderbird-nl-2.0.0.17-1.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-thunderbird-nn_NO-2.0.0.17-1.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-thunderbird-pa_IN-2.0.0.17-1.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-thunderbird-pl-2.0.0.17-1.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-thunderbird-pt_BR-2.0.0.17-1.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-thunderbird-pt_PT-2.0.0.17-1.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-thunderbird-ru-2.0.0.17-1.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-thunderbird-sk-2.0.0.17-1.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-thunderbird-sl-2.0.0.17-1.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-thunderbird-sv_SE-2.0.0.17-1.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-thunderbird-tr-2.0.0.17-1.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-thunderbird-uk-2.0.0.17-1.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-thunderbird-zh_CN-2.0.0.17-1.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-thunderbird-zh_TW-2.0.0.17-1.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"nsinstall-2.0.0.17-1.1mdv2008.1\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:11:14", "bulletinFamily": "scanner", "description": "Updated thunderbird packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5.\n\nThis update has been rated as having moderate security impact by the Red Hat Security Response Team.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code as the user running Thunderbird. (CVE-2008-0016, CVE-2008-4058, CVE-2008-4059, CVE-2008-4060, CVE-2008-4061, CVE-2008-4062)\n\nSeveral flaws were found in the way malformed HTML mail content was displayed. An HTML mail message containing specially crafted content could potentially trick a Thunderbird user into surrendering sensitive information. (CVE-2008-3835, CVE-2008-4067, CVE-2008-4068)\n\nA flaw was found in Thunderbird that caused certain characters to be stripped from JavaScript code. This flaw could allow malicious JavaScript to bypass or evade script filters. (CVE-2008-4065, CVE-2008-4066)\n\nNote: JavaScript support is disabled by default in Thunderbird; the above issue is not exploitable unless JavaScript is enabled.\n\nA heap based buffer overflow flaw was found in the handling of cancelled newsgroup messages. If the user cancels a specially crafted newsgroup message it could cause Thunderbird to crash or, potentially, execute arbitrary code as the user running Thunderbird.\n(CVE-2008-4070)\n\nAll Thunderbird users should upgrade to these updated packages, which resolve these issues.", "modified": "2018-11-10T00:00:00", "id": "CENTOS_RHSA-2008-0908.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=34339", "published": "2008-10-06T00:00:00", "title": "CentOS 4 / 5 : thunderbird (CESA-2008:0908)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2008:0908 and \n# CentOS Errata and Security Advisory 2008:0908 respectively.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(34339);\n script_version(\"1.14\");\n script_cvs_date(\"Date: 2018/11/10 11:49:28\");\n\n script_cve_id(\"CVE-2008-0016\", \"CVE-2008-3835\", \"CVE-2008-4058\", \"CVE-2008-4059\", \"CVE-2008-4060\", \"CVE-2008-4061\", \"CVE-2008-4062\", \"CVE-2008-4065\", \"CVE-2008-4066\", \"CVE-2008-4067\", \"CVE-2008-4068\", \"CVE-2008-4070\");\n script_xref(name:\"RHSA\", value:\"2008:0908\");\n\n script_name(english:\"CentOS 4 / 5 : thunderbird (CESA-2008:0908)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated thunderbird packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 4 and 5.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the processing of malformed HTML mail\ncontent. An HTML mail message containing malicious content could cause\nThunderbird to crash or, potentially, execute arbitrary code as the\nuser running Thunderbird. (CVE-2008-0016, CVE-2008-4058,\nCVE-2008-4059, CVE-2008-4060, CVE-2008-4061, CVE-2008-4062)\n\nSeveral flaws were found in the way malformed HTML mail content was\ndisplayed. An HTML mail message containing specially crafted content\ncould potentially trick a Thunderbird user into surrendering sensitive\ninformation. (CVE-2008-3835, CVE-2008-4067, CVE-2008-4068)\n\nA flaw was found in Thunderbird that caused certain characters to be\nstripped from JavaScript code. This flaw could allow malicious\nJavaScript to bypass or evade script filters. (CVE-2008-4065,\nCVE-2008-4066)\n\nNote: JavaScript support is disabled by default in Thunderbird; the\nabove issue is not exploitable unless JavaScript is enabled.\n\nA heap based buffer overflow flaw was found in the handling of\ncancelled newsgroup messages. If the user cancels a specially crafted\nnewsgroup message it could cause Thunderbird to crash or, potentially,\nexecute arbitrary code as the user running Thunderbird.\n(CVE-2008-4070)\n\nAll Thunderbird users should upgrade to these updated packages, which\nresolve these issues.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2008-October/015292.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3a50373c\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2008-October/015293.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?adb9376e\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2008-October/015295.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?389dd2b8\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2008-October/015296.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?427fc51b\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2008-October/015307.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?95234f67\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected thunderbird package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(22, 79, 119, 189, 264, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/10/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/10/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-4\", reference:\"thunderbird-1.5.0.12-16.el4.centos\")) flag++;\n\nif (rpm_check(release:\"CentOS-5\", reference:\"thunderbird-2.0.0.17-1.el5.centos\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:17:07", "bulletinFamily": "scanner", "description": "Several flaws were found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code as the user running Thunderbird. (CVE-2008-0016, CVE-2008-4058, CVE-2008-4059, CVE-2008-4060, CVE-2008-4061, CVE-2008-4062)\n\nSeveral flaws were found in the way malformed HTML mail content was displayed. An HTML mail message containing specially crafted content could potentially trick a Thunderbird user into surrendering sensitive information. (CVE-2008-3835, CVE-2008-4067, CVE-2008-4068)\n\nA flaw was found in Thunderbird that caused certain characters to be stripped from JavaScript code. This flaw could allow malicious JavaScript to bypass or evade script filters. (CVE-2008-4065, CVE-2008-4066)\n\nNote: JavaScript support is disabled by default in Thunderbird; the above issue is not exploitable unless JavaScript is enabled.\n\nA heap based buffer overflow flaw was found in the handling of cancelled newsgroup messages. If the user cancels a specially crafted newsgroup message it could cause Thunderbird to crash or, potentially, execute arbitrary code as the user running Thunderbird.\n(CVE-2008-4070)\n\nNote2: On SL4 this updates fixes the bug that when a URL link is clicked, firefox wouldn't start. Firefox now starts when a URL link is clicked.", "modified": "2019-01-07T00:00:00", "id": "SL_20081001_THUNDERBIRD_ON_SL4_X.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=60478", "published": "2012-08-01T00:00:00", "title": "Scientific Linux Security Update : thunderbird on SL4.x, SL5.x i386/x86_64", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(60478);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2019/01/07 9:52:18\");\n\n script_cve_id(\"CVE-2008-0016\", \"CVE-2008-3835\", \"CVE-2008-4058\", \"CVE-2008-4059\", \"CVE-2008-4060\", \"CVE-2008-4061\", \"CVE-2008-4062\", \"CVE-2008-4065\", \"CVE-2008-4066\", \"CVE-2008-4067\", \"CVE-2008-4068\", \"CVE-2008-4070\");\n\n script_name(english:\"Scientific Linux Security Update : thunderbird on SL4.x, SL5.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Scientific Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several flaws were found in the processing of malformed HTML mail\ncontent. An HTML mail message containing malicious content could cause\nThunderbird to crash or, potentially, execute arbitrary code as the\nuser running Thunderbird. (CVE-2008-0016, CVE-2008-4058,\nCVE-2008-4059, CVE-2008-4060, CVE-2008-4061, CVE-2008-4062)\n\nSeveral flaws were found in the way malformed HTML mail content was\ndisplayed. An HTML mail message containing specially crafted content\ncould potentially trick a Thunderbird user into surrendering sensitive\ninformation. (CVE-2008-3835, CVE-2008-4067, CVE-2008-4068)\n\nA flaw was found in Thunderbird that caused certain characters to be\nstripped from JavaScript code. This flaw could allow malicious\nJavaScript to bypass or evade script filters. (CVE-2008-4065,\nCVE-2008-4066)\n\nNote: JavaScript support is disabled by default in Thunderbird; the\nabove issue is not exploitable unless JavaScript is enabled.\n\nA heap based buffer overflow flaw was found in the handling of\ncancelled newsgroup messages. If the user cancels a specially crafted\nnewsgroup message it could cause Thunderbird to crash or, potentially,\nexecute arbitrary code as the user running Thunderbird.\n(CVE-2008-4070)\n\nNote2: On SL4 this updates fixes the bug that when a URL link is\nclicked, firefox wouldn't start. Firefox now starts when a URL link is\nclicked.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind0810&L=scientific-linux-errata&T=0&P=516\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?91fa9c68\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected thunderbird package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(22, 79, 119, 189, 264, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/10/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL4\", reference:\"thunderbird-1.5.0.12-16.el4\")) flag++;\n\nif (rpm_check(release:\"SL5\", reference:\"thunderbird-2.0.0.17-1.el5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "centos": [{"lastseen": "2017-10-03T18:26:49", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2008:0882-01\n\n\nSeaMonkey is an open source Web browser, advanced email and newsgroup\nclient, IRC chat client, and HTML editor.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause SeaMonkey to crash or,\npotentially, execute arbitrary code as the user running SeaMonkey.\n(CVE-2008-0016, CVE-2008-4058, CVE-2008-4059, CVE-2008-4060, CVE-2008-4061,\nCVE-2008-4062)\n\nSeveral flaws were found in the way malformed web content was displayed. A\nweb page containing specially crafted content could potentially trick a\nSeaMonkey user into surrendering sensitive information. (CVE-2008-3835,\nCVE-2008-4067, CVE-2008-4068, CVE-2008-4069)\n\nA flaw was found in the way SeaMonkey handles mouse click events. A web page\ncontaining specially crafted JavaScript code could move the content window\nwhile a mouse-button was pressed, causing any item under the pointer to be\ndragged. This could, potentially, cause the user to perform an unsafe\ndrag-and-drop action. (CVE-2008-3837)\n\nA flaw was found in SeaMonkey that caused certain characters to be stripped\nfrom JavaScript code. This flaw could allow malicious JavaScript to bypass\nor evade script filters. (CVE-2008-4065, CVE-2008-4066)\n\nAll SeaMonkey users should upgrade to these updated packages, which contain\nbackported patches to resolve these issues.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2008-September/015270.html\n\n**Affected packages:**\nseamonkey\nseamonkey-chat\nseamonkey-devel\nseamonkey-dom-inspector\nseamonkey-js-debugger\nseamonkey-mail\nseamonkey-nspr\nseamonkey-nspr-devel\nseamonkey-nss\nseamonkey-nss-devel\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/rh21as-errata.html", "modified": "2008-09-24T23:08:13", "published": "2008-09-24T23:08:13", "href": "http://lists.centos.org/pipermail/centos-announce/2008-September/015270.html", "id": "CESA-2008:0882-01", "title": "seamonkey security update", "type": "centos", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-10-03T18:24:43", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2008:0882\n\n\nSeaMonkey is an open source Web browser, advanced email and newsgroup\nclient, IRC chat client, and HTML editor.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause SeaMonkey to crash or,\npotentially, execute arbitrary code as the user running SeaMonkey.\n(CVE-2008-0016, CVE-2008-4058, CVE-2008-4059, CVE-2008-4060, CVE-2008-4061,\nCVE-2008-4062)\n\nSeveral flaws were found in the way malformed web content was displayed. A\nweb page containing specially crafted content could potentially trick a\nSeaMonkey user into surrendering sensitive information. (CVE-2008-3835,\nCVE-2008-4067, CVE-2008-4068, CVE-2008-4069)\n\nA flaw was found in the way SeaMonkey handles mouse click events. A web page\ncontaining specially crafted JavaScript code could move the content window\nwhile a mouse-button was pressed, causing any item under the pointer to be\ndragged. This could, potentially, cause the user to perform an unsafe\ndrag-and-drop action. (CVE-2008-3837)\n\nA flaw was found in SeaMonkey that caused certain characters to be stripped\nfrom JavaScript code. This flaw could allow malicious JavaScript to bypass\nor evade script filters. (CVE-2008-4065, CVE-2008-4066)\n\nAll SeaMonkey users should upgrade to these updated packages, which contain\nbackported patches to resolve these issues.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2008-September/015264.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-September/015265.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-September/015268.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-September/015269.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-September/015275.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-September/015276.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-September/015278.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-September/015279.html\n\n**Affected packages:**\nseamonkey\nseamonkey-chat\nseamonkey-devel\nseamonkey-dom-inspector\nseamonkey-js-debugger\nseamonkey-mail\nseamonkey-nspr\nseamonkey-nspr-devel\nseamonkey-nss\nseamonkey-nss-devel\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2008-0882.html", "modified": "2008-09-27T11:03:41", "published": "2008-09-24T14:22:25", "href": "http://lists.centos.org/pipermail/centos-announce/2008-September/015264.html", "id": "CESA-2008:0882", "title": "seamonkey security update", "type": "centos", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-10-03T18:24:42", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2008:0908\n\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the processing of malformed HTML mail content.\nAn HTML mail message containing malicious content could cause Thunderbird\nto crash or, potentially, execute arbitrary code as the user running\nThunderbird. (CVE-2008-0016, CVE-2008-4058, CVE-2008-4059, CVE-2008-4060,\nCVE-2008-4061, CVE-2008-4062)\n\nSeveral flaws were found in the way malformed HTML mail content was\ndisplayed. An HTML mail message containing specially crafted content could\npotentially trick a Thunderbird user into surrendering sensitive\ninformation. (CVE-2008-3835, CVE-2008-4067, CVE-2008-4068)\n\nA flaw was found in Thunderbird that caused certain characters to be\nstripped from JavaScript code. This flaw could allow malicious JavaScript\nto bypass or evade script filters. (CVE-2008-4065, CVE-2008-4066)\n\nNote: JavaScript support is disabled by default in Thunderbird; the above\nissue is not exploitable unless JavaScript is enabled.\n\nA heap based buffer overflow flaw was found in the handling of cancelled\nnewsgroup messages. If the user cancels a specially crafted newsgroup\nmessage it could cause Thunderbird to crash or, potentially, execute\narbitrary code as the user running Thunderbird. (CVE-2008-4070)\n\nAll Thunderbird users should upgrade to these updated packages, which\nresolve these issues.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2008-October/015292.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-October/015293.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-October/015295.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-October/015296.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-October/015307.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-October/015308.html\n\n**Affected packages:**\nthunderbird\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2008-0908.html", "modified": "2008-10-06T15:44:07", "published": "2008-10-03T18:55:22", "href": "http://lists.centos.org/pipermail/centos-announce/2008-October/015292.html", "id": "CESA-2008:0908", "title": "thunderbird security update", "type": "centos", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "redhat": [{"lastseen": "2018-12-11T17:43:05", "bulletinFamily": "unix", "description": "SeaMonkey is an open source Web browser, advanced email and newsgroup\nclient, IRC chat client, and HTML editor.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause SeaMonkey to crash or,\npotentially, execute arbitrary code as the user running SeaMonkey.\n(CVE-2008-0016, CVE-2008-4058, CVE-2008-4059, CVE-2008-4060, CVE-2008-4061,\nCVE-2008-4062)\n\nSeveral flaws were found in the way malformed web content was displayed. A\nweb page containing specially crafted content could potentially trick a\nSeaMonkey user into surrendering sensitive information. (CVE-2008-3835,\nCVE-2008-4067, CVE-2008-4068, CVE-2008-4069)\n\nA flaw was found in the way SeaMonkey handles mouse click events. A web page\ncontaining specially crafted JavaScript code could move the content window\nwhile a mouse-button was pressed, causing any item under the pointer to be\ndragged. This could, potentially, cause the user to perform an unsafe\ndrag-and-drop action. (CVE-2008-3837)\n\nA flaw was found in SeaMonkey that caused certain characters to be stripped\nfrom JavaScript code. This flaw could allow malicious JavaScript to bypass\nor evade script filters. (CVE-2008-4065, CVE-2008-4066)\n\nAll SeaMonkey users should upgrade to these updated packages, which contain\nbackported patches to resolve these issues.\n", "modified": "2018-03-14T19:28:05", "published": "2008-09-23T04:00:00", "id": "RHSA-2008:0882", "href": "https://access.redhat.com/errata/RHSA-2008:0882", "type": "redhat", "title": "(RHSA-2008:0882) Critical: seamonkey security update", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-12-11T17:43:08", "bulletinFamily": "unix", "description": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the processing of malformed HTML mail content.\nAn HTML mail message containing malicious content could cause Thunderbird\nto crash or, potentially, execute arbitrary code as the user running\nThunderbird. (CVE-2008-0016, CVE-2008-4058, CVE-2008-4059, CVE-2008-4060,\nCVE-2008-4061, CVE-2008-4062)\n\nSeveral flaws were found in the way malformed HTML mail content was\ndisplayed. An HTML mail message containing specially crafted content could\npotentially trick a Thunderbird user into surrendering sensitive\ninformation. (CVE-2008-3835, CVE-2008-4067, CVE-2008-4068)\n\nA flaw was found in Thunderbird that caused certain characters to be\nstripped from JavaScript code. This flaw could allow malicious JavaScript\nto bypass or evade script filters. (CVE-2008-4065, CVE-2008-4066)\n\nNote: JavaScript support is disabled by default in Thunderbird; the above\nissue is not exploitable unless JavaScript is enabled.\n\nA heap based buffer overflow flaw was found in the handling of cancelled\nnewsgroup messages. If the user cancels a specially crafted newsgroup\nmessage it could cause Thunderbird to crash or, potentially, execute\narbitrary code as the user running Thunderbird. (CVE-2008-4070)\n\nAll Thunderbird users should upgrade to these updated packages, which\nresolve these issues.", "modified": "2017-09-08T12:08:38", "published": "2008-10-01T04:00:00", "id": "RHSA-2008:0908", "href": "https://access.redhat.com/errata/RHSA-2008:0908", "type": "redhat", "title": "(RHSA-2008:0908) Moderate: thunderbird security update", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "oraclelinux": [{"lastseen": "2018-08-31T01:45:51", "bulletinFamily": "unix", "description": "devhelp:\n[0.10-0.10.el4]\n- Rebuild against newer gecko\nseamonkey:\n[1.0.9-26.0.1.el4]\n- Added mozilla-oracle-default-prefs.js and mozilla-oracle-default-bookmarks.html.\n- Removed corresponding ones of Red Hat.\n[1.0.9-26.el4]\n- Add missing patches from 1.8.1.17\n[1.0.9-25.el4]\n- Add patches for backported fixes from 1.8.1.17", "modified": "2008-09-24T00:00:00", "published": "2008-09-24T00:00:00", "id": "ELSA-2008-0882", "href": "http://linux.oracle.com/errata/ELSA-2008-0882.html", "title": "seamonkey security update", "type": "oraclelinux", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T01:49:15", "bulletinFamily": "unix", "description": "[1.5.0.12-16.0.1.el4]\n- Add thunderbird-oracle-default-prefs.js for errata rebuild and remove\n thunderbird-redhat-default-prefs.js\n[1.5.0.12-16]\n- Update patchset to fix regression as per 1.8.1.17\n[1.5.0.12-15]\n- Rebuild with system nss and nspr\n[1.5.0.12-14]\n- Add patches for backported fixes from 1.8.1.16\n[1.5.0.12-13]\n- Respun for mozilla bugs #439035,#439735,#440308\n[1.5.0.12-12]\n- Update patchset to fix regression as per 1.8.1.15", "modified": "2008-10-01T00:00:00", "published": "2008-10-01T00:00:00", "id": "ELSA-2008-0908", "href": "http://linux.oracle.com/errata/ELSA-2008-0908.html", "title": "thunderbird security update", "type": "oraclelinux", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T01:43:36", "bulletinFamily": "unix", "description": "devhelp:\n[0.12-19]\n- Rebuild against xulrunner\nfirefox:\n[3.0.2-3.0.1.el5]\n- Added firefox-oracle-default-prefs.js/firefox-oracle-default-bookmarks.html\n- Removed the corresponding files of Red Hat.\n- Added patch oracle-firefox-branding.patch\n- Update firstrun URL\n[3.0.2-3]\n- Update to Firefox 3.0.2 build 6\n[3.0.2-2]\n- Update to Firefox 3.0.2 build 4\n[3.0.2-1]\n- Update to Firefox 3.0.2\n[3.0.1-2]\n- Fixed #447535 - RHEL 5.2 beta / upstream Firefox 3 beta 5\n autoConfig broken\n- Fixed #445304 - HTML/index.html always redirects to en-US/index.html\n parallel compiles and -debuginfo packages\nnss:\n[3.12.1.1-1]\n- Update to NSS_3_12_1_RC2\n[3.12.1.0-1]\n- Update to NSS_3_12_1_RC1\nxulrunner:\n[1.9.0.2-5.0.1]\n- Added xulrunner-oracle-default-prefs.js\n- Remove its corresponding of Red Hat.\n[1.9.0.2-5]\n- Update to 1.9.0.2 build 6\n[1.9.0.2-4]\n- Fixed firefox dependency (#445391)\n[1.9.0.2-3]\n- Update to 1.9.0.2 build 4\n[1.9.0.2-2]\n- Fixed gecko version\n[1.9.0.2-1]\n- Update to 1.9.0.2\n[1.9.0.1-2]\n- Updated provided gecko version\nyelp:\n[2.16.0-21]\n- rebuild against xulrunner", "modified": "2008-09-24T00:00:00", "published": "2008-09-24T00:00:00", "id": "ELSA-2008-0879", "href": "http://linux.oracle.com/errata/ELSA-2008-0879.html", "title": "firefox security update", "type": "oraclelinux", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "ubuntu": [{"lastseen": "2018-08-31T00:09:48", "bulletinFamily": "unix", "description": "It was discovered that the same-origin check in Thunderbird could be bypassed. If a user had JavaScript enabled and were tricked into opening a malicious website, an attacker may be able to execute JavaScript in the context of a different website. (CVE-2008-3835)\n\nSeveral problems were discovered in the browser engine of Thunderbird. If a user had JavaScript enabled, this could allow an attacker to execute code with chrome privileges. (CVE-2008-4058, CVE-2008-4059, CVE-2008-4060)\n\nDrew Yao, David Maciejak and other Mozilla developers found several problems in the browser engine of Thunderbird. If a user had JavaScript enabled and were tricked into opening a malicious web page, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2008-4061, CVE-2008-4062, CVE-2008-4063, CVE-2008-4064)\n\nDave Reed discovered a flaw in the JavaScript parsing code when processing certain BOM characters. An attacker could exploit this to bypass script filters and perform cross-site scripting attacks if a user had JavaScript enabled. (CVE-2008-4065)\n\nGareth Heyes discovered a flaw in the HTML parser of Thunderbird. If a user had JavaScript enabled and were tricked into opening a malicious web page, an attacker could bypass script filtering and perform cross-site scripting attacks. (CVE-2008-4066)\n\nBoris Zbarsky and Georgi Guninski independently discovered flaws in the resource: protocol. An attacker could exploit this to perform directory traversal, read information about the system, and prompt the user to save information in a file. (CVE-2008-4067, CVE-2008-4068)\n\nGeorgi Guninski discovered that Thunderbird improperly handled cancelled newsgroup messages. If a user opened a crafted newsgroup message, an attacker could cause a buffer overrun and potentially execute arbitrary code with the privileges of the user invoking the program. (CVE-2008-4070)", "modified": "2008-09-26T00:00:00", "published": "2008-09-26T00:00:00", "id": "USN-647-1", "href": "https://usn.ubuntu.com/647-1/", "title": "Thunderbird vulnerabilities", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T00:08:41", "bulletinFamily": "unix", "description": "USN-645-1 fixed vulnerabilities in Firefox and xulrunner for Ubuntu 7.04, 7.10 and 8.04 LTS. This provides the corresponding update for Ubuntu 6.06 LTS.\n\nOriginal advisory details:\n\nJustin Schuh, Tom Cross and Peter Williams discovered errors in the Firefox URL parsing routines. If a user were tricked into opening a crafted hyperlink, an attacker could overflow a stack buffer and execute arbitrary code. (CVE-2008-0016)\n\nIt was discovered that the same-origin check in Firefox could be bypassed. If a user were tricked into opening a malicious website, an attacker may be able to execute JavaScript in the context of a different website. (CVE-2008-3835)\n\nSeveral problems were discovered in the JavaScript engine. This could allow an attacker to execute scripts from page content with chrome privileges. (CVE-2008-3836)\n\nPaul Nickerson discovered Firefox did not properly process mouse click events. If a user were tricked into opening a malicious web page, an attacker could move the content window, which could potentially be used to force a user to perform unintended drag and drop operations. (CVE-2008-3837)\n\nSeveral problems were discovered in the browser engine. This could allow an attacker to execute code with chrome privileges. (CVE-2008-4058, CVE-2008-4059, CVE-2008-4060)\n\nDrew Yao, David Maciejak and other Mozilla developers found several problems in the browser engine of Firefox. If a user were tricked into opening a malicious web page, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2008-4061, CVE-2008-4062, CVE-2008-4063, CVE-2008-4064)\n\nDave Reed discovered a flaw in the JavaScript parsing code when processing certain BOM characters. An attacker could exploit this to bypass script filters and perform cross-site scripting attacks. (CVE-2008-4065)\n\nGareth Heyes discovered a flaw in the HTML parser of Firefox. If a user were tricked into opening a malicious web page, an attacker could bypass script filtering and perform cross-site scripting attacks. (CVE-2008-4066)\n\nBoris Zbarsky and Georgi Guninski independently discovered flaws in the resource: protocol. An attacker could exploit this to perform directory traversal, read information about the system, and prompt the user to save information in a file. (CVE-2008-4067, CVE-2008-4068)\n\nBilly Hoffman discovered a problem in the XBM decoder. If a user were tricked into opening a malicious web page or XBM file, an attacker may be able to cause a denial of service via application crash. (CVE-2008-4069)", "modified": "2008-09-24T00:00:00", "published": "2008-09-24T00:00:00", "id": "USN-645-2", "href": "https://usn.ubuntu.com/645-2/", "title": "Firefox vulnerabilities", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T00:10:13", "bulletinFamily": "unix", "description": "Justin Schuh, Tom Cross and Peter Williams discovered errors in the Firefox URL parsing routines. If a user were tricked into opening a crafted hyperlink, an attacker could overflow a stack buffer and execute arbitrary code. (CVE-2008-0016)\n\nIt was discovered that the same-origin check in Firefox could be bypassed. If a user were tricked into opening a malicious website, an attacker may be able to execute JavaScript in the context of a different website. (CVE-2008-3835)\n\nSeveral problems were discovered in the JavaScript engine. This could allow an attacker to execute scripts from page content with chrome privileges. (CVE-2008-3836)\n\nPaul Nickerson discovered Firefox did not properly process mouse click events. If a user were tricked into opening a malicious web page, an attacker could move the content window, which could potentially be used to force a user to perform unintended drag and drop operations. (CVE-2008-3837)\n\nSeveral problems were discovered in the browser engine. This could allow an attacker to execute code with chrome privileges. (CVE-2008-4058, CVE-2008-4059, CVE-2008-4060)\n\nDrew Yao, David Maciejak and other Mozilla developers found several problems in the browser engine of Firefox. If a user were tricked into opening a malicious web page, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2008-4061, CVE-2008-4062, CVE-2008-4063, CVE-2008-4064)\n\nDave Reed discovered a flaw in the JavaScript parsing code when processing certain BOM characters. An attacker could exploit this to bypass script filters and perform cross-site scripting attacks. (CVE-2008-4065)\n\nGareth Heyes discovered a flaw in the HTML parser of Firefox. If a user were tricked into opening a malicious web page, an attacker could bypass script filtering and perform cross-site scripting attacks. (CVE-2008-4066)\n\nBoris Zbarsky and Georgi Guninski independently discovered flaws in the resource: protocol. An attacker could exploit this to perform directory traversal, read information about the system, and prompt the user to save information in a file. (CVE-2008-4067, CVE-2008-4068)\n\nBilly Hoffman discovered a problem in the XBM decoder. If a user were tricked into opening a malicious web page or XBM file, an attacker may be able to cause a denial of service via application crash. (CVE-2008-4069)", "modified": "2008-09-24T00:00:00", "published": "2008-09-24T00:00:00", "id": "USN-645-1", "href": "https://usn.ubuntu.com/645-1/", "title": "Firefox and xulrunner vulnerabilities", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T00:10:21", "bulletinFamily": "unix", "description": "USN-645-1 fixed vulnerabilities in Firefox and xulrunner. The upstream patches introduced a regression in the saved password handling. While password data was not lost, if a user had saved any passwords with non-ASCII characters, Firefox could not access the password database. This update fixes the problem.\n\nWe apologize for the inconvenience.\n\nOriginal advisory details:\n\nJustin Schuh, Tom Cross and Peter Williams discovered errors in the Firefox URL parsing routines. If a user were tricked into opening a crafted hyperlink, an attacker could overflow a stack buffer and execute arbitrary code. (CVE-2008-0016)\n\nIt was discovered that the same-origin check in Firefox could be bypassed. If a user were tricked into opening a malicious website, an attacker may be able to execute JavaScript in the context of a different website. (CVE-2008-3835)\n\nSeveral problems were discovered in the JavaScript engine. This could allow an attacker to execute scripts from page content with chrome privileges. (CVE-2008-3836)\n\nPaul Nickerson discovered Firefox did not properly process mouse click events. If a user were tricked into opening a malicious web page, an attacker could move the content window, which could potentially be used to force a user to perform unintended drag and drop operations. (CVE-2008-3837)\n\nSeveral problems were discovered in the browser engine. This could allow an attacker to execute code with chrome privileges. (CVE-2008-4058, CVE-2008-4059, CVE-2008-4060)\n\nDrew Yao, David Maciejak and other Mozilla developers found several problems in the browser engine of Firefox. If a user were tricked into opening a malicious web page, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2008-4061, CVE-2008-4062, CVE-2008-4063, CVE-2008-4064)\n\nDave Reed discovered a flaw in the JavaScript parsing code when processing certain BOM characters. An attacker could exploit this to bypass script filters and perform cross-site scripting attacks. (CVE-2008-4065)\n\nGareth Heyes discovered a flaw in the HTML parser of Firefox. If a user were tricked into opening a malicious web page, an attacker could bypass script filtering and perform cross-site scripting attacks. (CVE-2008-4066)\n\nBoris Zbarsky and Georgi Guninski independently discovered flaws in the resource: protocol. An attacker could exploit this to perform directory traversal, read information about the system, and prompt the user to save information in a file. (CVE-2008-4067, CVE-2008-4068)\n\nBilly Hoffman discovered a problem in the XBM decoder. If a user were tricked into opening a malicious web page or XBM file, an attacker may be able to cause a denial of service via application crash. (CVE-2008-4069)", "modified": "2008-09-25T00:00:00", "published": "2008-09-25T00:00:00", "id": "USN-645-3", "href": "https://usn.ubuntu.com/645-3/", "title": "Firefox and xulrunner regression", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "suse": [{"lastseen": "2016-09-04T12:06:50", "bulletinFamily": "unix", "description": "The Mozilla suite of programs was updated to fix various security problems and bugs.\n#### Solution\nThere is no known workaround, please install the update packages.", "modified": "2008-10-08T17:24:56", "published": "2008-10-08T17:24:56", "id": "SUSE-SA:2008:050", "href": "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00005.html", "type": "suse", "title": "remote code execution in MozillaFirefox,MozillaThunderbird,seamonkey,mozilla", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "debian": [{"lastseen": "2018-10-16T22:14:52", "bulletinFamily": "unix", "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-1649-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nOctober 08, 2008 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : iceweasel\nVulnerability : several\nProblem-Type : remote\nDebian-specific: no\nCVE ID : CVE-2008-0016 CVE-2008-3835 CVE-2008-3836 CVE-2008-3837 CVE-2008-4058 CVE-2008-4059 CVE-2008-4060 CVE-2008-4061 CVE-2008-4062 CVE-2008-4065 CVE-2008-4066 CVE-2008-4067 CVE-2008-4068 CVE-2008-4069\n\nSeveral remote vulnerabilities have been discovered in the Iceweasel web\nbrowser, an unbranded version of the Firefox browser. The Common\nVulnerabilities and Exposures project identifies the following problems:\n \nCVE-2008-0016\n\n Justin Schuh, Tom Cross and Peter Williams discovered a buffer\n overflow in the parser for UTF-8 URLs, which may lead to the\n execution of arbitrary code.\n\nCVE-2008-3835\n\n "moz_bug_r_a4" discovered that the same-origin check in\n nsXMLDocument::OnChannelRedirect() could by bypassed.\n\nCVE-2008-3836\n\n "moz_bug_r_a4" discovered that several vulnerabilities in\n feedWriter could lead to Chrome privilege escalation.\n\nCVE-2008-3837\n\n Paul Nickerson discovered that an attacker could move windows\n during a mouse click, resulting in unwanted action triggered by\n drag-and-drop.\n\nCVE-2008-4058\n\n "moz_bug_r_a4" discovered a vulnerability which can result in\n Chrome privilege escalation through XPCNativeWrappers.\n\nCVE-2008-4059\n\n "moz_bug_r_a4" discovered a vulnerability which can result in\n Chrome privilege escalation through XPCNativeWrappers.\n\nCVE-2008-4060\n\n Olli Pettay and "moz_bug_r_a4" discovered a Chrome privilege\n escalation vulnerability in XSLT handling.\n\nCVE-2008-4061\n\n Jesse Ruderman discovered a crash in the layout engine, which might\n allow the execution of arbitrary code.\n\nCVE-2008-4062\n\n Igor Bukanov, Philip Taylor, Georgi Guninski and Antoine Labour\n discovered crashes in the Javascript engine, which might allow the\n execution of arbitrary code.\n\nCVE-2008-4065\n\n Dave Reed discovered that some Unicode byte order marks are\n stripped from Javascript code before execution, which can result in\n code being executed, which were otherwise part of a quoted string.\n\nCVE-2008-4066\n\n Gareth Heyes discovered that some Unicode surrogate characters are\n ignored by the HTML parser.\n\nCVE-2008-4067\n\n Boris Zbarsky discovered that resource: URls allow directory\n traversal when using URL-encoded slashes.\n\nCVE-2008-4068\n\n Georgi Guninski discovered that resource: URLs could bypass local\n access restrictions.\n\nCVE-2008-4069\n\n Billy Hoffman discovered that the XBM decoder could reveal\n uninitialised memory.\n\nFor the stable distribution (etch), these problems have been fixed in\nversion 2.0.0.17-0etch1. Packages for hppa will be provided later.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 3.0.3 of iceweasel and 1.9.0.3-1 of xulrunner.\n\nWe recommend that you upgrade your iceweasel package.\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 4.0 alias etch\n- -------------------------------\n\nStable updates are available for alpha, amd64, arm, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.17.orig.tar.gz\n Size/MD5 checksum: 47264462 caa85228cc0f4d309e85d6991cb95305\n http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.17-0etch1.dsc\n Size/MD5 checksum: 1289 84dfa301f786f84a1d64baf4ed3db782\n http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.17-0etch1.diff.gz\n Size/MD5 checksum: 186694 8e6e9a55fde52af390122189070fca57\n\nArchitecture independent packages:\n\n http://security.debian.org/pool/updates/main/i/iceweasel/firefox_2.0.0.17-0etch1_all.deb\n Size/MD5 checksum: 54634 b2fd3414c31cebfcf9a1433dcc1d2e93\n http://security.debian.org/pool/updates/main/i/iceweasel/firefox-dom-inspector_2.0.0.17-0etch1_all.deb\n Size/MD5 checksum: 54530 fc5fb66d2eaf4027d945dd0a28b2d846\n http://security.debian.org/pool/updates/main/i/iceweasel/mozilla-firefox-dom-inspector_2.0.0.17-0etch1_all.deb\n Size/MD5 checksum: 54384 21762949b8e2fd39ac79476fa24b03d1\n http://security.debian.org/pool/updates/main/i/iceweasel/mozilla-firefox-gnome-support_2.0.0.17-0etch1_all.deb\n Size/MD5 checksum: 54384 9df9c09b5351c290fee72c24b47a331d\n http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dom-inspector_2.0.0.17-0etch1_all.deb\n Size/MD5 checksum: 239720 644c28cc69b5ffa408b0c57b92152ec3\n http://security.debian.org/pool/updates/main/i/iceweasel/mozilla-firefox_2.0.0.17-0etch1_all.deb\n Size/MD5 checksum: 55170 5d191251cab8743fdd8537c757e39abc\n http://security.debian.org/pool/updates/main/i/iceweasel/firefox-gnome-support_2.0.0.17-0etch1_all.deb\n Size/MD5 checksum: 54494 bf8060f4a48856e3221988210417ebd6\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.17-0etch1_alpha.deb\n Size/MD5 checksum: 11578586 a8c71f32151faca4674a1a09e3b66545\n http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.17-0etch1_alpha.deb\n Size/MD5 checksum: 51173558 6361a1e6926eb32d5ede6c74671d86f1\n http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.17-0etch1_alpha.deb\n Size/MD5 checksum: 90252 569480998f4eac60ba8c0f6e62cb275e\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.17-0etch1_amd64.deb\n Size/MD5 checksum: 87924 70015d9a4e458e26ff6b65a2674ff56a\n http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.17-0etch1_amd64.deb\n Size/MD5 checksum: 10206146 ec62c84f919bda242b9d65390d9143be\n http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.17-0etch1_amd64.deb\n Size/MD5 checksum: 50165526 8b083d926eb7e6da63c0be882af1642f\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.17-0etch1_arm.deb\n Size/MD5 checksum: 49257448 89f6c8c0b51255038eee5d13416fcadb\n http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.17-0etch1_arm.deb\n Size/MD5 checksum: 81618 59dba0eee92b991d069f883c19680d75\n http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.17-0etch1_arm.deb\n Size/MD5 checksum: 9256358 4fd0774c50d76457152d406ed19ea367\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.17-0etch1_i386.deb\n Size/MD5 checksum: 49570130 6a6b0cb233e73d4baef8ddbd33029b98\n http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.17-0etch1_i386.deb\n Size/MD5 checksum: 82056 91a67db26a7c51ae185d39dedaaf94cb\n http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.17-0etch1_i386.deb\n Size/MD5 checksum: 9122164 5b4e1dfeb171be9542572fc9e490b818\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.17-0etch1_ia64.deb\n Size/MD5 checksum: 14156490 2607bd2156b38eebeb2ecdde49acea53\n http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.17-0etch1_ia64.deb\n Size/MD5 checksum: 100252 1e28dda1215d01e2cfe35403a52a0fcc\n http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.17-0etch1_ia64.deb\n Size/MD5 checksum: 50513628 0db2edd5ef28c04f8c1d5331e92e100d\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.17-0etch1_mips.deb\n Size/MD5 checksum: 11063822 d78bb2a163ec303a618ea88e005f0116\n http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.17-0etch1_mips.deb\n Size/MD5 checksum: 83196 ef3e17948ca57bebb18890d5ce89e0f8\n http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.17-0etch1_mips.deb\n Size/MD5 checksum: 53969964 f42e61e36c60c76b24e1bf34600479da\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.17-0etch1_mipsel.deb\n Size/MD5 checksum: 83224 be3cb4e303ad8544dd274447451228c6\n http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.17-0etch1_mipsel.deb\n Size/MD5 checksum: 10761380 077af6ef650d85ed023acb5d936318c3\n http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.17-0etch1_mipsel.deb\n Size/MD5 checksum: 52518328 de36b16feb4052325ed975d9d75a6625\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.17-0etch1_powerpc.deb\n Size/MD5 checksum: 9937490 9ef7bdd022ec317efaefbfcd5e0b0aa0\n http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.17-0etch1_powerpc.deb\n Size/MD5 checksum: 51973444 ee5cb6165d1cda06c158df93f393b833\n http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.17-0etch1_powerpc.deb\n Size/MD5 checksum: 83786 56ad8684dc229e605f7285e48bb10389\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.17-0etch1_s390.deb\n Size/MD5 checksum: 10366602 06f0cc6f4fab228756f7b088eee305d3\n http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.17-0etch1_s390.deb\n Size/MD5 checksum: 50839114 fa42c55974b0beece5184341e5ca4340\n http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.17-0etch1_s390.deb\n Size/MD5 checksum: 88198 6ebd745cc96c2c6c80cb7f2987138364\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.17-0etch1_sparc.deb\n Size/MD5 checksum: 49179416 00c2781b99157e0f0970b01d1d2e70ed\n http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.17-0etch1_sparc.deb\n Size/MD5 checksum: 82000 e74866cfbd6a70b1e7e7b5eb737dc8a8\n http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.17-0etch1_sparc.deb\n Size/MD5 checksum: 9199076 95cacd55b0dc6415d62f30394517048a\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n", "modified": "2008-10-08T20:16:14", "published": "2008-10-08T20:16:14", "id": "DEBIAN:DSA-1649-1:279A7", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2008/msg00240.html", "title": "[SECURITY] [DSA 1649-1] New iceweasel packages fix several vulnerabilities", "type": "debian", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "seebug": [{"lastseen": "2017-11-19T21:29:54", "bulletinFamily": "exploit", "description": "BUGTRAQ ID: 31346\r\nCVE ID: CVE-2008-3837\r\n CVE-2008-4058\r\n CVE-2008-4059\r\n CVE-2008-4060\r\n CVE-2008-4061\r\n CVE-2008-4062\r\n CVE-2008-4063\r\n CVE-2008-4064\r\n CVE-2008-4065\r\n CVE-2008-4066\r\n CVE-2008-4067\r\n CVE-2008-4068\r\n CVE-2008-4069\r\n CVE-2008-3836\r\n CVE-2008-3835\r\n CVE-2008-0016\r\nCNCVE ID\uff1aCNCVE-20083837\r\n CNCVE-20084058\r\n CNCVE-20084059\r\n CNCVE-20084060\r\n CNCVE-20084061\r\n CNCVE-20084062\r\n CNCVE-20084063\r\n CNCVE-20084064\r\n CNCVE-20084065\r\n CNCVE-20084066\r\n CNCVE-20084067\r\n CNCVE-20084068\r\n CNCVE-20084069\r\n CNCVE-20083836\r\n CNCVE-20083835\r\n CNCVE-20080016\r\n\r\nMozilla Firefox/SeaMonkey/Thunderbird\u662f\u5f00\u653e\u6e90\u4ee3\u7801\u7684\u6d4f\u89c8\u5668\u548c\u90ae\u4ef6\u65b0\u95fb\u7ec4\u5ba2\u6237\u7aef\u4ea7\u54c1\u5957\u4ef6\u3002\r\nMozilla Firefox/SeaMonkey/Thunderbird\u5b58\u5728\u591a\u4e2a\u95ee\u9898\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u6f0f\u6d1e\u8fdb\u884c\u4efb\u610f\u4ee3\u7801\u6267\u884c\uff0c\u83b7\u5f97\u654f\u611f\u4fe1\u606f\uff0c\u62d2\u7edd\u670d\u52a1\uff0c\u8de8\u57df\u6267\u884c\u811a\u672c\u7b49\u653b\u51fb\u3002\r\n-IBM X-Force\u7684Justin Schuh\u548cTom Cross\u53caIBM Watson Labs\u7684Peter Williams\u62a5\u544aMozilla URL\u89e3\u6790\u51fd\u6570\u4e2d\u5b58\u5728\u9519\u8bef\uff0c\u8fd9\u4e9b\u9519\u8bef\u53ef\u901a\u8fc7\u8d85\u7ea7\u94fe\u63a5\u4e2d\u4f7f\u7528\u7279\u6b8a\u6784\u5efa\u7684UTF-8 URL\u6765\u89e6\u53d1\uff0c\u5bfc\u81f4\u7f13\u51b2\u533a\u6ea2\u51fa\u4efb\u610f\u4ee3\u7801\u6267\u884c\u3002\r\n-Mozilla security researcher moz_bug_r_a4\u62a5\u544ansXMLDocument::OnChannelRedirect()\u4e2d\u7684\u540c\u57df\u68c0\u67e5\u53ef\u88ab\u7ed5\u8fc7\uff0c\u5bfc\u81f4\u811a\u672c\u5728\u5176\u4ed6WEB\u7ad9\u70b9\u4e0a\u6267\u884c\u3002\r\n-Mozilla security researcher moz_bug_r_a4\u5305\u542bfeedWriter\u5b58\u5728\u4e00\u7cfb\u5217\u6f0f\u6d1e\uff0c\u5141\u8bb8\u9875\u9762\u5185\u5bb9\u4e2d\u7684\u811a\u672c\u4ee5chrome\u7279\u6743\u6267\u884c\u3002\r\n-Mozilla security researcher moz_bug_r_a4\u5305\u542b\u4e00\u4e9b\u6f0f\u6d1e\uff0c\u5982\u9875\u9762\u5185\u5bb9\u53ef\u7834\u574fXPCNativeWrappers\uff0c\u53ca\u4ee5chrome\u7279\u6743\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\u5176\u4e2d\u4e00\u4e2a\u53d8\u79cd\u95ee\u9898\u53ea\u5f71\u54cdFirefox 2\u3002\r\n-Mozilla developer Olli Pettay\u62a5\u544aXSLT\u53ef\u5efa\u7acb\u4e0d\u5305\u542b\u811a\u672c\u5904\u7406\u5bf9\u8c61\u7684\u6587\u6863\u3002moz_bug_r_a4\u62a5\u544adocument.loadBindingDocument()\u53ef\u8fd4\u56de\u4e0d\u5305\u542b\u811a\u672c\u5904\u7406\u5bf9\u8c61\u7684\u6587\u6863\u3002\u8fd9\u4e9b\u95ee\u9898\u4e5f\u53ef\u7528\u4e8e\u4ee5chrome\u7279\u6743\u6267\u884c\u4efb\u610f\u811a\u672c\u3002\r\n-Mozilla developers\u5305\u542bFirefox\u548c\u5176\u4ed6Mozilla\u4ea7\u54c1\u7684\u6d4f\u89c8\u5668\u5f15\u64ce\u5b58\u5728\u95ee\u9898\uff0c\u5728\u90e8\u5206\u6761\u4ef6\u4e0b\u53ef\u5bfc\u81f4\u5185\u5b58\u7834\u574f\u6216\u4efb\u610f\u4ee3\u7801\u6267\u884c\u3002\r\npple Product Security\u7684Drew Yao\u62a5\u544aMozilla\u56fe\u50cf\u6e32\u67d3\u4ee3\u7801\u5b58\u5728\u4e24\u4e2a\u5d29\u6e83\u95ee\u9898\uff0c\u6b64\u6f0f\u6d1e\u53ea\u5f71\u54cdFirefox 3\u3002\r\nFortinet's FortiGuard Global Security Research Team\u7684David Maciejak\u4e5f\u62a5\u544a\u5f71\u54cdFirefox 3\u7684\u56fe\u50cf\u6e32\u67d3\u4ee3\u7801\u53ef\u5bfc\u81f4\u5e94\u7528\u7a0b\u5e8f\u5d29\u6e83\u3002\r\n-Microsoft developer Dave Reed\u62a5\u544a\u90e8\u5206BOM\u5b57\u7b26\u4eceJavascript\u4ee3\u7801\u5265\u79bb\u524d\u53ef\u6267\u884c\uff0c\u8fd9\u53ef\u5bfc\u81f4\u653b\u51fb\u8005\u7ed5\u8fc7\u811a\u672c\u8fc7\u6ee4\u5668\u6267\u884cXSS\u653b\u51fb\u3002\r\nSecurity researcher Gareth Heyes\u62a5\u544aHTML\u89e3\u6790\u5668\u5b58\u5728\u95ee\u9898\uff0c\u53ef\u5bfc\u81f4\u7ed5\u8fc7\u811a\u672c\u8fc7\u6ee4\u5668\u6267\u884cXSS\u653b\u51fb\u3002\r\n-Mozilla developer Boris Zbarsky\u62a5\u544a\u5f53\u4f7f\u7528URL\u7f16\u7801\u659c\u6760\u65f6\uff0cresource:\u534f\u8bae\u5141\u8bb8\u5728Linux\u5e73\u53f0\u4e0a\u89e6\u53d1\u76ee\u5f55\u904d\u5386\u653b\u51fb\u3002\r\nMozilla developer Georgi Guninski\u62a5\u544a\u5728\u672c\u5730HTML\u6587\u4ef6\u4e0a\u7684\u9650\u5236\u53ef\u4f7f\u7528resource:\u534f\u8bae\u7ed5\u8fc7\uff0c\u6b64\u6f0f\u6d1e\u53ef\u5bfc\u81f4\u653b\u51fb\u8005\u8bfb\u53d6\u7cfb\u7edf\u4e0a\u7684\u4fe1\u606f\u3002\r\n-Security researcher Billy Hoffman\u5728XBM\u89e3\u7801\u4e0a\u53d1\u73b0\u4e00\u4e2a\u7f3a\u9677\uff0c\u5141\u8bb8\u968f\u673a\u5c0f\u7684\u672a\u521d\u59cb\u5316\u5757\u5185\u5b58\u88ab\u8bfb\u53d6\uff0c\u6b64\u6f0f\u6d1e\u6ca1\u6709\u5bfc\u81f4\u5185\u5b58\u7834\u574f\u3002\r\n\n\nUbuntu Ubuntu Linux 8.04 LTS sparc\r\nUbuntu Ubuntu Linux 8.04 LTS powerpc\r\nUbuntu Ubuntu Linux 8.04 LTS lpia\r\nUbuntu Ubuntu Linux 8.04 LTS i386\r\nUbuntu Ubuntu Linux 8.04 LTS amd64\r\nUbuntu Ubuntu Linux 7.10 sparc\r\nUbuntu Ubuntu Linux 7.10 powerpc\r\nUbuntu Ubuntu Linux 7.10 lpia\r\nUbuntu Ubuntu Linux 7.10 i386\r\nUbuntu Ubuntu Linux 7.10 amd64\r\nUbuntu Ubuntu Linux 7.04 sparc\r\nUbuntu Ubuntu Linux 7.04 powerpc\r\nUbuntu Ubuntu Linux 7.04 i386\r\nUbuntu Ubuntu Linux 7.04 amd64\r\nUbuntu Ubuntu Linux 6.06 LTS sparc\r\nUbuntu Ubuntu Linux 6.06 LTS powerpc\r\nUbuntu Ubuntu Linux 6.06 LTS i386\r\nUbuntu Ubuntu Linux 6.06 LTS amd64\r\nRedHat Enterprise Linux WS 4\r\nRedHat Enterprise Linux WS 3\r\nRedHat Enterprise Linux WS 2.1\r\nRedHat Enterprise Linux ES 4\r\nRedHat Enterprise Linux ES 3\r\nRedHat Enterprise Linux ES 2.1\r\nRedHat Enterprise Linux Desktop Workstation 5 client\r\nRedHat Enterprise Linux Desktop 5 client\r\nRedHat Enterprise Linux AS 4\r\nRedHat Enterprise Linux AS 3\r\nRedHat Enterprise Linux AS 2.1\r\nRedHat Enterprise Linux 5 server\r\nRedHat Desktop 4.0 \r\nRedHat Desktop 3.0 \r\nRedHat Advanced Workstation for the Itanium Processor 2.1 \r\nMozilla Thunderbird 2.0 8\r\nMozilla Thunderbird 2.0 16\r\nMozilla Thunderbird 2.0 15\r\nMozilla Thunderbird 2.0 .9\r\nMozilla Thunderbird 2.0 .6\r\nMozilla Thunderbird 2.0 .5\r\nMozilla Thunderbird 2.0 .4\r\nMozilla Thunderbird 2.0 .14\r\nMozilla Thunderbird 2.0 .13\r\nMozilla Thunderbird 2.0 .12\r\nMozilla SeaMonkey 1.1.11 \r\nMozilla SeaMonkey 1.1.10 \r\nMozilla SeaMonkey 1.1.9 \r\nMozilla SeaMonkey 1.1.8 \r\nMozilla SeaMonkey 1.1.7 \r\nMozilla SeaMonkey 1.1.6 \r\nMozilla SeaMonkey 1.1.5 \r\nMozilla SeaMonkey 1.1.4 \r\nMozilla SeaMonkey 1.1.3 \r\nMozilla SeaMonkey 1.1.2 \r\nMozilla SeaMonkey 1.1.1 \r\nMozilla SeaMonkey 1.0.99 \r\nMozilla SeaMonkey 1.0.9 \r\nMozilla SeaMonkey 1.0.8 \r\nMozilla SeaMonkey 1.0.7 \r\nMozilla SeaMonkey 1.0.6 \r\nMozilla SeaMonkey 1.0.5 \r\nMozilla SeaMonkey 1.0.3 \r\nMozilla SeaMonkey 1.0.2 \r\nMozilla SeaMonkey 1.0.1 \r\nMozilla SeaMonkey 1.1 beta\r\nMozilla SeaMonkey 1.0 dev\r\nMozilla SeaMonkey 1.0\r\nMozilla Firefox 3.0.1 \r\nMozilla Firefox 2.0 8\r\nMozilla Firefox 2.0 16\r\nMozilla Firefox 2.0 .9\r\nMozilla Firefox 2.0 .7\r\nMozilla Firefox 2.0 .6\r\nMozilla Firefox 2.0 .5\r\nMozilla Firefox 2.0 .4\r\nMozilla Firefox 2.0 .3\r\nMozilla Firefox 2.0 .10\r\nMozilla Firefox 2.0 .1\r\nMozilla Firefox 3.0 Beta 5\r\nMozilla Firefox 3.0\r\nMozilla Firefox 2.0.0.3\r\nMozilla Firefox 2.0.0.2\r\nMozilla Firefox 2.0.0.15\r\nMozilla Firefox 2.0.0.14\r\nMozilla Firefox 2.0.0.13\r\nMozilla Firefox 2.0.0.12\r\nMozilla Firefox 2.0.0.11\r\nMozilla Firefox 2.0.0.10\r\nMozilla Firefox 2.0.0.10\r\nMozilla Firefox 2.0 RC3\r\nMozilla Firefox 2.0 RC2\r\nMozilla Firefox 2.0 beta 1\r\nMozilla Firefox 2.0\n \u53ef\u53c2\u8003\u5982\u4e0b\u5347\u7ea7\u7a0b\u5e8f\uff1a\r\nMozilla Firefox 3.0\r\nMozilla Firefox 3 Download\r\n<a href=http://www.mozilla.com/en-US/firefox/all.html target=_blank>http://www.mozilla.com/en-US/firefox/all.html</a>\r\nUbuntu Ubuntu Linux 7.10 powerpc\r\nUbuntu firefox-dbg_2.0.0.17+1nobinonly-0ubuntu0.7.10_powerpc.deb\r\n<a href=http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_2.0. target=_blank>http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_2.0.</a> 0.17+1nobinonly-0ubuntu0.7.10_powerpc.deb\r\nUbuntu firefox-dev_2.0.0.17+1nobinonly-0ubuntu0.7.10_powerpc.deb\r\n<a href=http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_2.0. target=_blank>http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_2.0.</a> 0.17+1nobinonly-0ubuntu0.7.10_powerpc.deb\r\nUbuntu firefox-dom-inspector_2.0.0.17+1nobinonly-0ubuntu0.7.10_all.deb\r\n<a href=http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom- target=_blank>http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-</a> inspector_2.0.0.17+1nobinonly-0ubuntu0.7.10_all.deb\r\nUbuntu firefox-gnome-support_2.0.0.17+1nobinonly-0ubuntu0.7.10_powerpc.deb\r\n<a href=http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-su target=_blank>http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-su</a> pport_2.0.0.17+1nobinonly-0ubuntu0.7.10_powerpc.deb\r\nUbuntu firefox-libthai_2.0.0.17+1nobinonly-0ubuntu0.7.10_powerpc.deb\r\n<a href=http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-libthai_ target=_blank>http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-libthai_</a> 2.0.0.17+1nobinonly-0ubuntu0.7.10_powerpc.deb\r\nUbuntu firefox_2.0.0.17+1nobinonly-0ubuntu0.7.10_powerpc.deb\r\n<a href=http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_2.0.0.17 target=_blank>http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_2.0.0.17</a> +1nobinonly-0ubuntu0.7.10_powerpc.deb\r\n \r\nMozilla Firefox 2.0.0.14\r\nMozilla Firefox 2 Download\r\n<a href=http://www.mozilla.com/en-US/firefox/all-older.html target=_blank>http://www.mozilla.com/en-US/firefox/all-older.html</a>\r\nUbuntu Ubuntu Linux 6.06 LTS sparc\r\nUbuntu firefox-dbg_1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_sparc.deb\r\n<a href=http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_1.5. target=_blank>http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_1.5.</a> dfsg+1.5.0.15~prepatch080614e-0ubuntu3_sparc.deb\r\nUbuntu firefox-dev_1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_sparc.deb\r\n<a href=http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_1.5. target=_blank>http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_1.5.</a> dfsg+1.5.0.15~prepatch080614e-0ubuntu3_sparc.deb\r\nUbuntu firefox-dom-inspector_1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_sparc.deb\r\n<a href=http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom- target=_blank>http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-</a> inspector_1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_sparc.deb\r\nUbuntu firefox-gnome-support_1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_sparc.deb\r\n<a href=http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-su target=_blank>http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-su</a> pport_1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_sparc.deb\r\nUbuntu firefox_1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_sparc.deb\r\n<a href=http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg target=_blank>http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg</a> +1.5.0.15~prepatch080614e-0ubuntu3_sparc.deb\r\nUbuntu libnspr-dev_1.firefox1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_sparc.deb\r\n<a href=http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr-dev_1.fi target=_blank>http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr-dev_1.fi</a> refox1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_sparc.deb\r\nUbuntu libnspr4_1.firefox1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_sparc.deb\r\n<a href=http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr4_1.firef target=_blank>http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr4_1.firef</a> ox1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_sparc.deb\r\nUbuntu libnss-dev_1.firefox1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_sparc.deb\r\n<a href=http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss-dev_1.fir target=_blank>http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss-dev_1.fir</a> efox1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_sparc.deb\r\nUbuntu libnss3_1.firefox1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_sparc.deb\r\n<a href=http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss3_1.firefo target=_blank>http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss3_1.firefo</a> x1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_sparc.deb\r\nUbuntu mozilla-firefox-dev_1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_all.deb\r\n<a href=http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/mozilla-fire target=_blank>http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/mozilla-fire</a> fox-dev_1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_all.deb\r\nUbuntu mozilla-firefox_1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_all.deb\r\n<a href=http://security.ubuntu.com/ubuntu/pool/main/f/firefox/mozilla-firefox_ target=_blank>http://security.ubuntu.com/ubuntu/pool/main/f/firefox/mozilla-firefox_</a> 1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_all.deb\r\n \r\nMozilla Firefox 2.0.0.13\r\nMozilla Firefox 2 Download\r\n<a href=http://www.mozilla.com/en-US/firefox/all-older.html target=_blank>http://www.mozilla.com/en-US/firefox/all-older.html</a>\r\n \r\nMozilla Firefox 2.0 RC2\r\nMozilla Firefox 2 Download\r\n<a href=http://www.mozilla.com/en-US/firefox/all-older.html target=_blank>http://www.mozilla.com/en-US/firefox/all-older.html</a>\r\nUbuntu Ubuntu Linux 7.10 sparc\r\nUbuntu firefox-dbg_2.0.0.17+1nobinonly-0ubuntu0.7.10_sparc.deb\r\n<a href=http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_2.0. target=_blank>http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_2.0.</a> 0.17+1nobinonly-0ubuntu0.7.10_sparc.deb\r\nUbuntu firefox-dev_2.0.0.17+1nobinonly-0ubuntu0.7.10_sparc.deb\r\n<a href=http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_2.0. target=_blank>http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_2.0.</a> 0.17+1nobinonly-0ubuntu0.7.10_sparc.deb\r\nUbuntu firefox-dom-inspector_2.0.0.17+1nobinonly-0ubuntu0.7.10_all.deb\r\n<a href=http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom- target=_blank>http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-</a> inspector_2.0.0.17+1nobinonly-0ubuntu0.7.10_all.deb\r\nUbuntu firefox-gnome-support_2.0.0.17+1nobinonly-0ubuntu0.7.10_sparc.deb\r\n<a href=http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-su target=_blank>http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-su</a> pport_2.0.0.17+1nobinonly-0ubuntu0.7.10_sparc.deb\r\nUbuntu firefox-libthai_2.0.0.17+1nobinonly-0ubuntu0.7.10_sparc.deb\r\n<a href=http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-libthai_ target=_blank>http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-libthai_</a> 2.0.0.17+1nobinonly-0ubuntu0.7.10_sparc.deb\r\nUbuntu firefox_2.0.0.17+1nobinonly-0ubuntu0.7.10_sparc.deb\r\n<a href=http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_2.0.0.17 target=_blank>http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_2.0.0.17</a> +1nobinonly-0ubuntu0.7.10_sparc.deb\r\n \r\nMozilla Firefox 2.0 beta 1\r\nMozilla Firefox 2 Download\r\n<a href=http://www.mozilla.com/en-US/firefox/all-older.html target=_blank>http://www.mozilla.com/en-US/firefox/all-older.html</a>\r\n \r\nMozilla Firefox 3.0 Beta 5\r\nMozilla Firefox 3 Download\r\n<a href=http://www.mozilla.com/en-US/firefox/all.html target=_blank>http://www.mozilla.com/en-US/firefox/all.html</a>\r\nUbuntu Ubuntu Linux 7.04 i386\r\nUbuntu firefox-dbg_2.0.0.17+0nobinonly-0ubuntu0.7.4_i386.deb\r\n<a href=http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_2.0. target=_blank>http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_2.0.</a> 0.17+0nobinonly-0ubuntu0.7.4_i386.deb\r\nUbuntu firefox-dev_2.0.0.17+0nobinonly-0ubuntu0.7.4_i386.deb\r\n<a href=http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_2.0. target=_blank>http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_2.0.</a> 0.17+0nobinonly-0ubuntu0.7.4_i386.deb\r\nUbuntu firefox-dom-inspector_2.0.0.17+0nobinonly-0ubuntu0.7.4_all.deb\r\n<a href=http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom- target=_blank>http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-</a> inspector_2.0.0.17+0nobinonly-0ubuntu0.7.4_all.deb\r\nUbuntu firefox-gnome-support_2.0.0.17+0nobinonly-0ubuntu0.7.4_i386.deb\r\n<a href=http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-su target=_blank>http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-su</a> pport_2.0.0.17+0nobinonly-0ubuntu0.7.4_i386.deb\r\nUbuntu firefox-libthai_2.0.0.17+0nobinonly-0ubuntu0.7.4_i386.deb\r\n<a href=http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-libthai_ target=_blank>http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-libthai_</a> 2.0.0.17+0nobinonly-0ubuntu0.7.4_i386.deb\r\nUbuntu firefox_2.0.0.17+0nobinonly-0ubuntu0.7.4_i386.deb\r\n<a href=http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_2.0.0.17 target=_blank>http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_2.0.0.17</a> +0nobinonly-0ubuntu0.7.4_i386.deb\r\nUbuntu libnspr-dev_1.firefox2.0.0.17+0nobinonly-0ubuntu0.7.4_i386.deb\r\n<a href=http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr-dev_1.fi target=_blank>http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr-dev_1.fi</a> refox2.0.0.17+0nobinonly-0ubuntu0.7.4_i386.deb\r\nUbuntu libnspr4_1.firefox2.0.0.17+0nobinonly-0ubuntu0.7.4_i386.deb\r\n<a href=http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr4_1.firef target=_blank>http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr4_1.firef</a> ox2.0.0.17+0nobinonly-0ubuntu0.7.4_i386.deb\r\nUbuntu libnss-dev_1.firefox2.0.0.17+0nobinonly-0ubuntu0.7.4_i386.deb\r\n<a href=http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss-dev_1.fir target=_blank>http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss-dev_1.fir</a> efox2.0.0.17+0nobinonly-0ubuntu0.7.4_i386.deb\r\nUbuntu libnss3_1.firefox2.0.0.17+0nobinonly-0ubuntu0.7.4_i386.deb\r\n<a href=http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss3_1.firefo target=_blank>http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss3_1.firefo</a> x2.0.0.17+0nobinonly-0ubuntu0.7.4_i386.deb\r\nUbuntu mozilla-firefox-dev_2.0.0.17+0nobinonly-0ubuntu0.7.4_all.deb\r\n<a href=http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/mozilla-fire target=_blank>http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/mozilla-fire</a> fox-dev_2.0.0.17+0nobinonly-0ubuntu0.7.4_all.deb\r\nUbuntu mozilla-firefox-dom-inspector_2.0.0.17+0nobinonly-0ubuntu0.7.4_all.deb\r\n<a href=http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/mozilla-fire target=_blank>http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/mozilla-fire</a> fox-dom-inspector_2.0.0.17+0nobinonly-0ubuntu0.7.4_all.deb\r\nUbuntu mozilla-firefox-gnome-support_2.0.0.17+0nobinonly-0ubuntu0.7.4_all.deb\r\n<a href=http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/mozilla-fire target=_blank>http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/mozilla-fire</a> fox-gnome-support_2.0.0.17+0nobinonly-0ubuntu0.7.4_all.deb\r\nUbuntu mozilla-firefox_2.0.0.17+0nobinonly-0ubuntu0.7.4_all.deb\r\n<a href=http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/mozilla-fire target=_blank>http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/mozilla-fire</a> fox_2.0.0.17+0nobinonly-0ubuntu0.7.4_all.deb\r\n \r\nMozilla Firefox 2.0.0.15\r\nMozilla Firefox 2 Download\r\n<a href=http://www.mozilla.com/en-US/firefox/all-older.html target=_blank>http://www.mozilla.com/en-US/firefox/all-older.html</a>\r\n \r\nMozilla Firefox 2.0.0.10\r\nMozilla Firefox 2 Download\r\n<a href=http://www.mozilla.com/en-US/firefox/all-older.html target=_blank>http://www.mozilla.com/en-US/firefox/all-older.html</a>\r\n \r\nMozilla SeaMonkey 1.1 beta\r\nMozilla SeaMonkey Download\r\n<a href=http://www.seamonkey-project.org/releases/ target=_blank>http://www.seamonkey-project.org/releases/</a>\r\nUbuntu Ubuntu Linux 7.04 amd64\r\nUbuntu firefox-dbg_2.0.0.17+0nobinonly-0ubuntu0.7.4_amd64.deb\r\n<a href=http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_2.0. target=_blank>http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_2.0.</a> 0.17+0nobinonly-0ubuntu0.7.4_amd64.deb\r\nUbuntu firefox-dev_2.0.0.17+0nobinonly-0ubuntu0.7.4_amd64.deb\r\n<a href=http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_2.0. target=_blank>http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_2.0.</a> 0.17+0nobinonly-0ubuntu0.7.4_amd64.deb\r\nUbuntu firefox-dom-inspector_2.0.0.17+0nobinonly-0ubuntu0.7.4_all.deb\r\n<a href=http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom- target=_blank>http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-</a> inspector_2.0.0.17+0nobinonly-0ubuntu0.7.4_all.deb\r\nUbuntu firefox-gnome-support_2.0.0.17+0nobinonly-0ubuntu0.7.4_amd64.deb\r\n<a href=http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-su target=_blank>http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-su</a> pport_2.0.0.17+0nobinonly-0ubuntu0.7.4_amd64.deb\r\nUbuntu firefox-libthai_2.0.0.17+0nobinonly-0ubuntu0.7.4_amd64.deb\r\n<a href=http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-libthai_ target=_blank>http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-libthai_</a> 2.0.0.17+0nobinonly-0ubuntu0.7.4_amd64.deb\r\nUbuntu firefox_2.0.0.17+0nobinonly-0ubuntu0.7.4_amd64.deb\r\n<a href=http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_2.0.0.17 target=_blank>http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_2.0.0.17</a> +0nobinonly-0ubuntu0.7.4_amd64.deb\r\nUbuntu libnspr-dev_1.firefox2.0.0.17+0nobinonly-0ubuntu0.7.4_amd64.deb\r\n<a href=http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr-dev_1.fi target=_blank>http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr-dev_1.fi</a> refox2.0.0.17+0nobinonly-0ubuntu0.7.4_amd64.deb\r\nUbuntu libnspr4_1.firefox2.0.0.17+0nobinonly-0ubuntu0.7.4_amd64.deb\r\n<a href=http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr4_1.firef target=_blank>http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr4_1.firef</a> ox2.0.0.17+0nobinonly-0ubuntu0.7.4_amd64.deb\r\nUbuntu libnss-dev_1.firefox2.0.0.17+0nobinonly-0ubuntu0.7.4_amd64.deb\r\n<a href=http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss-dev_1.fir target=_blank>http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss-dev_1.fir</a> efox2.0.0.17+0nobinonly-0ubuntu0.7.4_amd64.deb\r\nUbuntu libnss3_1.firefox2.0.0.17+0nobinonly-0ubuntu0.7.4_amd64.deb\r\n<a href=http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss3_1.firefo target=_blank>http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss3_1.firefo</a> x2.0.0.17+0nobinonly-0ubuntu0.7.4_amd64.deb\r\nUbuntu mozilla-firefox-dev_2.0.0.17+0nobinonly-0ubuntu0.7.4_all.deb\r\n<a href=http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/mozilla-fire target=_blank>http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/mozilla-fire</a> fox-dev_2.0.0.17+0nobinonly-0ubuntu0.7.4_all.deb\r\nUbuntu mozilla-firefox-dom-inspector_2.0.0.17+0nobinonly-0ubuntu0.7.4_all.deb\r\n<a href=http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/mozilla-fire target=_blank>http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/mozilla-fire</a> fox-dom-inspector_2.0.0.17+0nobinonly-0ubuntu0.7.4_all.deb\r\nUbuntu mozilla-firefox-gnome-support_2.0.0.17+0nobinonly-0ubuntu0.7.4_all.deb\r\n<a href=http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/mozilla-fire target=_blank>http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/mozilla-fire</a> fox-gnome-support_2.0.0.17+0nobinonly-0ubuntu0.7.4_all.deb\r\nUbuntu mozilla-firefox_2.0.0.17+0nobinonly-0ubuntu0.7.4_all.deb\r\n<a href=http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/mozilla-fire target=_blank>http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/mozilla-fire</a> fox_2.0.0.17+0nobinonly-0ubuntu0.7.4_all.deb\r\n \r\nMozilla Firefox 2.0.0.10\r\nMozilla Firefox 2 Download\r\n<a href=http://www.mozilla.com/en-US/firefox/all-older.html target=_blank>http://www.mozilla.com/en-US/firefox/all-older.html</a>\r\nUbuntu Ubuntu Linux 6.06 LTS powerpc\r\nUbuntu firefox-dbg_1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_powerpc.deb\r\n<a href=http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_1.5. target=_blank>http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_1.5.</a> dfsg+1.5.0.15~prepatch080614e-0ubuntu3_powerpc.deb\r\nUbuntu firefox-dev_1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_powerpc.deb\r\n<a href=http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_1.5. target=_blank>http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_1.5.</a> dfsg+1.5.0.15~prepatch080614e-0ubuntu3_powerpc.deb\r\nUbuntu firefox-dom-inspector_1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_powerpc.deb\r\n<a href=http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom- target=_blank>http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-</a> inspector_1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_powerpc.deb\r\nUbuntu firefox-gnome-support_1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_powerpc.deb\r\n<a href=http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-su target=_blank>http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-su</a> pport_1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_powerpc.deb\r\nUbuntu firefox_1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_powerpc.deb\r\n<a href=http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg target=_blank>http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg</a> +1.5.0.15~prepatch080614e-0ubuntu3_powerpc.deb\r\nUbuntu libnspr-dev_1.firefox1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_powerpc.deb\r\n<a href=http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr-dev_1.fi target=_blank>http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr-dev_1.fi</a> refox1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_powerpc.deb\r\nUbuntu libnspr4_1.firefox1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_powerpc.deb\r\n<a href=http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr4_1.firef target=_blank>http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr4_1.firef</a> ox1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_powerpc.deb\r\nUbuntu libnss-dev_1.firefox1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_powerpc.deb\r\n<a href=http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss-dev_1.fir target=_blank>http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss-dev_1.fir</a> efox1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_powerpc.deb\r\nUbuntu libnss3_1.firefox1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_powerpc.deb\r\n<a href=http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss3_1.firefo target=_blank>http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss3_1.firefo</a> x1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_powerpc.deb\r\nUbuntu mozilla-firefox-dev_1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_all.deb\r\n<a href=http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/mozilla-fire target=_blank>http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/mozilla-fire</a> fox-dev_1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_all.deb\r\nUbuntu mozilla-firefox_1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_all.deb\r\n<a href=http://security.ubuntu.com/ubuntu/pool/main/f/firefox/mozilla-firefox_ target=_blank>http://security.ubuntu.com/ubuntu/pool/main/f/firefox/mozilla-firefox_</a> 1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_all.deb\r\n \r\nMozilla Firefox 2.0.0.12\r\nMozilla Firefox 2 Download\r\n<a href=http://www.mozilla.com/en-US/firefox/all-older.html target=_blank>http://www.mozilla.com/en-US/firefox/all-older.html</a>\r\n \r\nMozilla Firefox 2.0.0.11\r\nMozilla Firefox 2 Download\r\n<a href=http://www.mozilla.com/en-US/firefox/all-older.html target=_blank>http://www.mozilla.com/en-US/firefox/all-older.html</a>\r\n \r\nMozilla Firefox 2.0.0.2\r\nMozilla Firefox 2 Download\r\n<a href=http://www.mozilla.com/en-US/firefox/all-older.html target=_blank>http://www.mozilla.com/en-US/firefox/all-older.html</a>\r\n \r\nMozilla Firefox 2.0\r\nMozilla Firefox 2 Download\r\n<a href=http://www.mozilla.com/en-US/firefox/all-older.html target=_blank>http://www.mozilla.com/en-US/firefox/all-older.html</a>\r\nUbuntu Ubuntu Linux 7.10 lpia\r\nUbuntu firefox-dbg_2.0.0.17+1nobinonly-0ubuntu0.7.10_lpia.deb\r\n<a href=http://ports.ubuntu.com/pool/main/f/firefox/firefox-dbg_2.0.0.17+1nobi target=_blank>http://ports.ubuntu.com/pool/main/f/firefox/firefox-dbg_2.0.0.17+1nobi</a> nonly-0ubuntu0.7.10_lpia.deb\r\nUbuntu firefox-dev_2.0.0.17+1nobinonly-0ubuntu0.7.10_lpia.deb\r\n<a href=http://ports.ubuntu.com/pool/main/f/firefox/firefox-dev_2.0.0.17+1nobi target=_blank>http://ports.ubuntu.com/pool/main/f/firefox/firefox-dev_2.0.0.17+1nobi</a> nonly-0ubuntu0.7.10_lpia.deb\r\nUbuntu firefox-dom-inspector_2.0.0.17+1nobinonly-0ubuntu0.7.10_all.deb\r\n<a href=http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom- target=_blank>http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-</a> inspector_2.0.0.17+1nobinonly-0ubuntu0.7.10_all.deb\r\nUbuntu firefox-gnome-support_2.0.0.17+1nobinonly-0ubuntu0.7.10_lpia.deb\r\n<a href=http://ports.ubuntu.com/pool/main/f/firefox/firefox-gnome-support_2.0. target=_blank>http://ports.ubuntu.com/pool/main/f/firefox/firefox-gnome-support_2.0.</a> 0.17+1nobinonly-0ubuntu0.7.10_lpia.deb\r\nUbuntu firefox-libthai_2.0.0.17+1nobinonly-0ubuntu0.7.10_lpia.deb\r\n<a href=http://ports.ubuntu.com/pool/main/f/firefox/firefox-libthai_2.0.0.17+1 target=_blank>http://ports.ubuntu.com/pool/main/f/firefox/firefox-libthai_2.0.0.17+1</a> nobinonly-0ubuntu0.7.10_lpia.deb\r\nUbuntu firefox_2.0.0.17+1nobinonly-0ubuntu0.7.10_lpia.deb\r\n<a href=http://ports.ubuntu.com/pool/main/f/firefox/firefox_2.0.0.17+1nobinonl target=_blank>http://ports.ubuntu.com/pool/main/f/firefox/firefox_2.0.0.17+1nobinonl</a> y-0ubuntu0.7.10_lpia.deb\r\n \r\nUbuntu Ubuntu Linux 6.06 LTS i386\r\nUbuntu firefox-dbg_1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_i386.deb\r\n<a href=http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_1.5. target=_blank>http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_1.5.</a> dfsg+1.5.0.15~prepatch080614e-0ubuntu3_i386.deb\r\nUbuntu firefox-dev_1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_i386.deb\r\n<a href=http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_1.5. target=_blank>http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_1.5.</a> dfsg+1.5.0.15~prepatch080614e-0ubuntu3_i386.deb\r\nUbuntu firefox-dom-inspector_1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_i386.deb\r\n<a href=http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom- target=_blank>http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-</a> inspector_1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_i386.deb\r\nUbuntu firefox-gnome-support_1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_i386.deb\r\n<a href=http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-su target=_blank>http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-su</a> pport_1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_i386.deb\r\nUbuntu firefox_1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_i386.deb\r\n<a href=http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg target=_blank>http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg</a> +1.5.0.15~prepatch080614e-0ubuntu3_i386.deb\r\nUbuntu libnspr-dev_1.firefox1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_i386.deb\r\n<a href=http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr-dev_1.fi target=_blank>http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr-dev_1.fi</a> refox1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_i386.deb\r\nUbuntu libnspr4_1.firefox1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_i386.deb\r\n<a href=http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr4_1.firef target=_blank>http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr4_1.firef</a> ox1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_i386.deb\r\nUbuntu libnss-dev_1.firefox1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_i386.deb\r\n<a href=http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss-dev_1.fir target=_blank>http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss-dev_1.fir</a> efox1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_i386.deb\r\nUbuntu libnss3_1.firefox1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_i386.deb\r\n<a href=http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss3_1.firefo target=_blank>http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss3_1.firefo</a> x1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_i386.deb\r\nUbuntu mozilla-firefox-dev_1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_all.deb\r\n<a href=http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/mozilla-fire target=_blank>http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/mozilla-fire</a> fox-dev_1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_all.deb\r\nUbuntu mozilla-firefox_1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_all.deb\r\n<a href=http://security.ubuntu.com/ubuntu/pool/main/f/firefox/mozilla-firefox_ target=_blank>http://security.ubuntu.com/ubuntu/pool/main/f/firefox/mozilla-firefox_</a> 1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_all.deb\r\n \r\nUbuntu Ubuntu Linux 7.10 i386\r\nUbuntu firefox-dbg_2.0.0.17+1nobinonly-0ubuntu0.7.10_i386.deb\r\n<a href=http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_2.0. target=_blank>http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_2.0.</a> 0.17+1nobinonly-0ubuntu0.7.10_i386.deb\r\nUbuntu firefox-dev_2.0.0.17+1nobinonly-0ubuntu0.7.10_i386.deb\r\n<a href=http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_2.0. target=_blank>http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_2.0.</a> 0.17+1nobinonly-0ubuntu0.7.10_i386.deb\r\nUbuntu firefox-dom-inspector_2.0.0.17+1nobinonly-0ubuntu0.7.10_all.deb\r\n<a href=http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom- target=_blank>http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-</a> inspector_2.0.0.17+1nobinonly-0ubuntu0.7.10_all.deb\r\nUbuntu firefox-gnome-support_2.0.0.17+1nobinonly-0ubuntu0.7.10_i386.deb\r\n<a href=http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-su target=_blank>http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-su</a> pport_2.0.0.17+1nobinonly-0ubuntu0.7.10_i386.deb\r\nUbuntu firefox-libthai_2.0.0.17+1nobinonly-0ubuntu0.7.10_i386.deb\r\n<a href=http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-libthai_ target=_blank>http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-libthai_</a> 2.0.0.17+1nobinonly-0ubuntu0.7.10_i386.deb\r\nUbuntu firefox_2.0.0.17+1nobinonly-0ubuntu0.7.10_i386.deb\r\n<a href=http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_2.0.0.17 target=_blank>http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_2.0.0.17</a> +1nobinonly-0ubuntu0.7.10_i386.deb\r\nUbuntu Ubuntu Linux 6.06 LTS amd64\r\nUbuntu firefox-dbg_1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_amd64.deb\r\n<a href=http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_1.5. target=_blank>http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_1.5.</a> dfsg+1.5.0.15~prepatch080614e-0ubuntu3_amd64.deb\r\nUbuntu firefox-dev_1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_amd64.deb\r\n<a href=http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_1.5. target=_blank>http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_1.5.</a> dfsg+1.5.0.15~prepatch080614e-0ubuntu3_amd64.deb\r\nUbuntu firefox-dom-inspector_1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_amd64.deb\r\n<a href=http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom- target=_blank>http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-</a> inspector_1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_amd64.deb\r\nUbuntu firefox-gnome-support_1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_amd64.deb\r\n<a href=http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-su target=_blank>http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-su</a> pport_1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_amd64.deb\r\nUbuntu firefox_1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_amd64.deb\r\n<a href=http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg target=_blank>http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg</a> +1.5.0.15~prepatch080614e-0ubuntu3_amd64.deb\r\nUbuntu libnspr-dev_1.firefox1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_amd64.deb\r\n<a href=http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr-dev_1.fi target=_blank>http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr-dev_1.fi</a> refox1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_amd64.deb\r\nUbuntu libnspr4_1.firefox1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_amd64.deb\r\n<a href=http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr4_1.firef target=_blank>http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr4_1.firef</a> ox1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_amd64.deb\r\nUbuntu libnss-dev_1.firefox1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_amd64.deb\r\n<a href=http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss-dev_1.fir target=_blank>http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss-dev_1.fir</a> efox1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_amd64.deb\r\nUbuntu libnss3_1.firefox1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_amd64.deb\r\n<a href=http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss3_1.firefo target=_blank>http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss3_1.firefo</a> x1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_amd64.deb\r\nUbuntu mozilla-firefox-dev_1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_all.deb\r\n<a href=http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/mozilla-fire target=_blank>http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/mozilla-fire</a> fox-dev_1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_all.deb\r\nUbuntu mozilla-firefox_1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_all.deb\r\n<a href=http://security.ubuntu.com/ubuntu/pool/main/f/firefox/mozilla-firefox_ target=_blank>http://security.ubuntu.com/ubuntu/pool/main/f/firefox/mozilla-firefox_</a> 1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_all.deb\r\nUbuntu Ubuntu Linux 7.10 amd64\r\nUbuntu firefox-dbg_2.0.0.17+1nobinonly-0ubuntu0.7.10_amd64.deb\r\n<a href=http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_2.0. target=_blank>http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_2.0.</a> 0.17+1nobinonly-0ubuntu0.7.10_amd64.deb\r\nUbuntu firefox-dev_2.0.0.17+1nobinonly-0ubuntu0.7.10_amd64.deb\r\n<a href=http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_2.0. target=_blank>http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_2.0.</a> 0.17+1nobinonly-0ubuntu0.7.10_amd64.deb\r\nUbuntu firefox-dom-inspector_2.0.0.17+1nobinonly-0ubuntu0.7.10_all.deb\r\n<a href=http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom- target=_blank>http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-</a> inspector_2.0.0.17+1nobinonly-0ubuntu0.7.10_all.deb\r\nUbuntu firefox-gnome-support_2.0.0.17+1nobinonly-0ubuntu0.7.10_amd64.deb\r\n<a href=http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-su target=_blank>http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-su</a> pport_2.0.0.17+1nobinonly-0ubuntu0.7.10_amd64.deb\r\nUbuntu firefox-libthai_2.0.0.17+1nobinonly-0ubuntu0.7.10_amd64.deb\r\n<a href=http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-libthai_ target=_blank>http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-libthai_</a> 2.0.0.17+1nobinonly-0ubuntu0.7.10_amd64.deb\r\nUbuntu firefox_2.0.0.17+1nobinonly-0ubuntu0.7.10_amd64.deb\r\n<a href=http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_2.0.0.17 target=_blank>http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_2.0.0.17</a> +1nobinonly-0ubuntu0.7.10_amd64.deb\r\n \r\nMozilla SeaMonkey 1.1.10 \r\nMozilla SeaMonkey Download\r\n<a href=http://www.seamonkey-project.org/releases/ target=_blank>http://www.seamonkey-project.org/releases/</a>\r\n \r\nMozilla SeaMonkey 1.1.11 \r\nMozilla SeaMonkey Download\r\n<a href=http://www.seamonkey-project.org/releases/ target=_blank>http://www.seamonkey-project.org/releases/</a>\r\n \r\nMozilla SeaMonkey 1.1.3 \r\nMozilla SeaMonkey Download\r\n<a href=http://www.seamonkey-project.org/releases/ target=_blank>http://www.seamonkey-project.org/releases/</a>\r\n \r\nMozilla SeaMonkey 1.1.4 \r\nMozilla SeaMonkey Download\r\n<a href=http://www.seamonkey-project.org/releases/ target=_blank>http://www.seamonkey-project.org/releases/</a>\r\n \r\nMozilla SeaMonkey 1.1.5 \r\nMozilla SeaMonkey Download\r\n<a href=http://www.seamonkey-project.org/releases/ target=_blank>http://www.seamonkey-project.org/releases/</a>\r\n \r\nMozilla SeaMonkey 1.1.6 \r\nMozilla SeaMonkey Download\r\n<a href=http://www.seamonkey-project.org/releases/ target=_blank>http://www.seamonkey-project.org/releases/</a>\r\n \r\nMozilla SeaMonkey 1.1.7 \r\nMozilla SeaMonkey Download\r\n<a href=http://www.seamonkey-project.org/releases/ target=_blank>http://www.seamonkey-project.org/releases/</a>\r\n \r\nMozilla SeaMonkey 1.1.8 \r\nMozilla SeaMonkey Download\r\n<a href=http://www.seamonkey-project.org/releases/ target=_blank>http://www.seamonkey-project.org/releases/</a>\r\n \r\nMozilla SeaMonkey 1.1.9 \r\nMozilla SeaMonkey Download\r\n<a href=http://www.seamonkey-project.org/releases/ target=_blank>http://www.seamonkey-project.org/releases/</a>\r\n \r\nMozilla Firefox 2.0 .6\r\nMozilla Firefox 2 Download\r\n<a href=http://www.mozilla.com/en-US/firefox/all-older.html target=_blank>http://www.mozilla.com/en-US/firefox/all-older.html</a>\r\n \r\nMozilla Firefox 2.0 .1\r\nMozilla Firefox 2 Download\r\n<a href=http://www.mozilla.com/en-US/firefox/all-older.html target=_blank>http://www.mozilla.com/en-US/firefox/all-older.html</a>\r\n \r\nMozilla Firefox 2.0 16\r\nMozilla Firefox 2 Download\r\n<a href=http://www.mozilla.com/en-US/firefox/all-older.html target=_blank>http://www.mozilla.com/en-US/firefox/all-older.html</a>\r\n \r\nMozilla Firefox 2.0 .9\r\nMozilla Firefox 2 Download\r\n<a href=http://www.mozilla.com/en-US/firefox/all-older.html target=_blank>http://www.mozilla.com/en-US/firefox/all-older.html</a>\r\n \r\nMozilla Firefox 2.0 .5\r\nMozilla Firefox 2 Download\r\n<a href=http://www.mozilla.com/en-US/firefox/all-older.html target=_blank>http://www.mozilla.com/en-US/firefox/all-older.html</a>\r\n \r\nMozilla Firefox 2.0 8\r\nMozilla Firefox 2 Download\r\n<a href=http://www.mozilla.com/en-US/firefox/all-older.html target=_blank>http://www.mozilla.com/en-US/firefox/all-older.html</a>\r\n \r\nMozilla Firefox 2.0 .7\r\nMozilla Firefox 2 Download\r\n<a href=http://www.mozilla.com/en-US/firefox/all-older.html target=_blank>http://www.mozilla.com/en-US/firefox/all-older.html</a>\r\n \r\nMozilla Firefox 2.0 .10\r\nMozilla Firefox 2 Download\r\n<a href=http://www.mozilla.com/en-US/firefox/all-older.html target=_blank>http://www.mozilla.com/en-US/firefox/all-older.html</a>\r\n \r\nMozilla Firefox 2.0 .3\r\nMozilla Firefox 2 Download\r\n<a href=http://www.mozilla.com/en-US/firefox/all-older.html target=_blank>http://www.mozilla.com/en-US/firefox/all-older.html</a>\r\n \r\nMozilla Firefox 3.0.1 \r\nMozilla Firefox 3 Download\r\n<a href=http://www.mozilla.com/en-US/firefox/all.html target=_blank>http://www.mozilla.com/en-US/firefox/all.html</a>", "modified": "2008-09-25T00:00:00", "published": "2008-09-25T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-4101", "id": "SSV:4101", "title": "Mozilla Firefox/SeaMonkey/Thunderbird\u591a\u4e2a\u8fdc\u7a0b\u6f0f\u6d1e", "type": "seebug", "sourceData": "", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": ""}], "freebsd": [{"lastseen": "2018-08-31T01:15:32", "bulletinFamily": "unix", "description": "\nThe Mozilla Foundation reports:\n\nMFSA 2008-37UTF-8 URL stack buffer overflow\nMFSA 2008-38nsXMLDocument::OnChannelRedirect() same-origin\n\t violation\nMFSA 2008-39Privilege escalation using feed preview page and\n\t XSS flaw\nMFSA 2008-40Forced mouse drag\nMFSA 2008-41Privilege escalation via XPCnativeWrapper\n\t pollution\nMFSA 2008-42Crashes with evidence of memory corruption\n\t (rv:1.9.0.2/1.8.1.17)\nMFSA 2008-43BOM characters stripped from JavaScript before\n\t execution\nMFSA 2008-44resource: traversal vulnerabilities\nMFSA 2008-45XBM image uninitialized memory reading\n\n", "modified": "2009-12-12T00:00:00", "published": "2008-09-24T00:00:00", "id": "2273879E-8A2F-11DD-A6FE-0030843D3802", "href": "https://vuxml.freebsd.org/freebsd/2273879e-8a2f-11dd-a6fe-0030843d3802.html", "title": "mozilla -- multiple vulnerabilities", "type": "freebsd", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
